ngmi / google / osv-scalibr

google/osv-scalibr

Go 573 stars

OSV-SCALIBR: A library for Software Composition Analysis

✓ Synced 1h ago Share on X →
README badge: [![ngmi](https://ngmi.review/badge/google/osv-scalibr.svg)](https://ngmi.review/repo/google/osv-scalibr)
1.0k Merged PRs
6 days Avg Merge Time
2m Fastest PR
7 months Slowest PR
#1120 Global Speed Rank

PR Size Analysis

Lines changed (additions + deletions) vs review outcomes. Re-sync to populate data for older PRs.

PRs by size
Avg review time (hrs)
Clean approval rate (%)

Top Reviewers

#1 @erikvarga
@erikvarga
548 reviews ✓ 256 approved ↺ 1 blocked
#2 @another-rex
@another-rex
309 reviews ✓ 167 approved ↺ 1 blocked
#3 @cuixq
@cuixq
106 reviews ✓ 63 approved
#4 @alessandro-Doyensec
@alessandro-Doyensec
101 reviews ✓ 5 approved ↺ 4 blocked
#5 @G-Rath
@G-Rath
84 reviews ✓ 9 approved ↺ 2 blocked
#6
@vpasdf
71 reviews ✓ 8 approved ↺ 3 blocked
#7 @0xXA
@0xXA
56 reviews
#8 @frkngksl
@frkngksl
53 reviews
#9 @michaelkedar
@michaelkedar
50 reviews ✓ 35 approved
#10 @hanqiuzh
@hanqiuzh
27 reviews ✓ 4 approved

Recent Merged PRs

# Title Author Time Reviews Blocks
#1821 refactor: run `go mod tidy` @G-Rath 8.6h 1
#1807 Acceptance tests @alessandro-Doyensec 3 days 2
#1798 Fix ntuple detector selection algorithm @alessandro-Doyensec 3 days 9
#1818 Bump SCALIBR version in preparation for a new release. @copybara-service 20m 0
#1800 Fix issue with image scanning paths when StoreAbsolutePath is true. @copybara-service 2 days 0
#1786 simplevalidate: add multi-endpoint support @0xXA 2 days 11
#1795 Migrate all remaining detectors to use the global PluginConfig. @copybara-service 1 day 0
#1806 Use %w for error wrapping in the slacktoken validator. @copybara-service 35m 0
#1278 PRP: Bazel external dependencies extractor @am0o0 5 months 8
#1797 slacktoken: return error on ValidationFailed and update tests @0xXA 1.1h 1
#1792 ntuple: preserve full match span in FindAllMatchesGroup while returning subgroup value @0xXA 1 day 1
#1783 refactor: update linter and use `fmt.Fprintf` rather than `WriteString` + `Sprintf` @G-Rath 1 day 1
#1763 Move absolute path extension to from filesystem.go to the end of the plugin runs. @copybara-service 4 days 0
#1765 fix(java/pomxml): support non-utf8 encoded files @G-Rath 4 days 2
#1457 Veles: Cloudflare API Token @devampkid 4 months 8
#1776 Allow custom directories in macapps extractor @JellyBongo 1.5h 3
#1458 New plugin: npmjs registry secret detector & validator @secureness 4 months 6
#1733 Add Heroku Platform API Key Extractor, Validator and Enricher @frkngksl 8 days 20
#1761 Replace boolean wantErr with cmp.Diff. @copybara-service 10m 0
#1366 PRP: Deno Secret Detector @VickyTheViking 4 months 3