Gives criticality score for an open source project Saturday, Dec 12, 2020
GitHUB SOURCE : https://github.com/ossf/criticality_score/
Open Source Project Criticality Score (Beta)
This project is maintained by members of the Securing Critical Projects WG.
Generate a criticality score for every open source project.
Create a list of critical projects that the open source community depends on.
Use this data to proactively improve the security posture of these critical projects.
We use the following parameters to derive the criticality score for an open source project:
|Parameter (Si)||Weight (αi)||Max threshold (Ti)||Description|
|created_since||1||120||Time since the project was created (in months)|
|updated_since||-1||120||Time since the project was last updated (in months)|
|contributor_count||2||5000||Count of project contributors (with commits)|
|org_count||1||10||Count of distinct organizations that contributors belong to|
|commit_frequency||1||1000||Average number of commits per week in the last year|
|recent_releases_count||0.5||26||Number of releases in the last year|
|closed_issues_count||0.5||5000||Number of issues closed in the last 90 days|
|updated_issues_count||0.5||5000||Number of issues updated in the last 90 days|
|comment_frequency||1||15||Average number of comments per issue in the last 90 days|
|dependents_count||2||500000||Number of project mentions in the commit messages|
The program only requires one argument to run, the name of the repo:
$ pip3 install criticality-score $ criticality_score --repo github.com/kubernetes/kubernetes name: kubernetes url: https://github.com/kubernetes/kubernetes language: Go created_since: 79 updated_since: 0 contributor_count: 3664 org_count: 5 commit_frequency: 102.7 recent_releases_count: 76 closed_issues_count: 2906 updated_issues_count: 5136 comment_frequency: 5.7 dependents_count: 407254 criticality_score: 0.9862
You can add your own parameters to the criticality score calculation. For
example, you can add internal project usage data to re-adjust the project’s
criticality score for your prioritization needs. This can be done by adding
--params <param1_value>:<param1_weight>:<param1_max_threshold> ...
argument on the command line.
Before running criticality score, you need to
create a GitHub access token
and set it in environment variable
This helps to avoid the GitHub’s
api rate limits
with unauthenticated requests.
# For posix platforms, e.g. linux, mac: export GITHUB_AUTH_TOKEN=<your access token> # For windows: set GITHUB_AUTH_TOKEN=<your access token>
There are three formats currently:
csv. Others may be added in the future.
These may be specified with the
If you’re only interested in seeing a list of critical projects with their
criticality score, we publish them in
NOTE: Currently, these lists are derived from projects hosted on GitHub ONLY. We do plan to expand them in near future to account for projects hosted on other source control systems.
$ gsutil ls gs://ossf-criticality-score/ gs://ossf-criticality-score/c_top_200.csv gs://ossf-criticality-score/cplusplus_top_200.csv gs://ossf-criticality-score/java_top_200.csv gs://ossf-criticality-score/js_top_200.csv gs://ossf-criticality-score/python_top_200.csv ... $ gsutil cat gs://ossf-criticality-score/python_top_200.csv Project,URL,Language,Created since (months),Updated since (months),Contributors,Orgs for Top15 contributors,Commit freq/week (last yr),Releases (last yr),Closed issues (last 90d),Updated issues (last 90d),Comment freq/issue (last 90d),Commit mentions,Criticality Score salt,https://github.com/saltstack/salt,Python,119,0,3631,7,65.3,18,861,1713,1.2,20953,0.87988 core,https://github.com/home-assistant/core,Python,87,0,2487,9,168.9,202,4289,5780,3.7,341,0.87196 pandas,https://github.com/pandas-dev/pandas,Python,125,0,2509,7,77.9,13,2341,3454,2.4,3572,0.86588 scikit-learn,https://github.com/scikit-learn/scikit-learn,Python,125,0,2090,8,27.5,6,708,1260,2.4,30453,0.86011 numpy,https://github.com/numpy/numpy,Python,124,0,1211,9,38.4,16,712,1032,3.3,8543,0.8574 ...
If you want to get involved or have ideas you’d like to chat about, we discuss this project in the Securing Critical Projects WG meetings.
See the Community Calendar for the schedule and meeting invitations.
See the Contributing documentation for guidance on how to contribute.
Article Title: Gives criticality score for an open source project
This article URL：Gives criticality score for an open source project
- Emacs Lisp
- Jupyter Notebook
- Rich Text Format
- Vim script
- Visual Basic .NET
Github Trending Repositories
Explore Github Trending Repositories. See what the GitHub community is most excited about today.