Skip to content
/ dependabot_security_alerts_analysis Public

The analyzer is capable of monitoring the evolution of vulnerable versions and distinguish the fixes done by the user from those carried out by Dependabot. It represents the first time when Dependabot has been objectively analyzed, it has allowed us to extract the weak points in which GitHub should work to achieve greater acceptance by users and…

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

marisol-barrientos/dependabot_security_alerts_analysis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

73 Commits
.github
.github
 
 
data_crawler
data_crawler
 
 
diagrams
diagrams
 
 
docs
docs
 
 
graphics
graphics
 
 
input
input
 
 
output
output
 
 
scripts
scripts
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config.yaml
config.yaml
 
 

Repository files navigation

Dependabot Security Alerts Analyzer

The analyzer provides a workable way to see the evolution that the security alerts have had through the different commits of a GitHub repository. The source code is described in its wiki.

Setup

To work with the analyzer you have to download the full project and execute in the pip console the following commands:

pip install pandas
pip install influxdb
pip install influxdb-client
pip install pyyaml
pip install -U PyYAML

To learn more

If you want to know more about Dependabot Security Alerts Analyzer I recommend you to read my Bachelor thesis, you can find it here. Moreover, here are the results of the manual test performed.

About

The analyzer is capable of monitoring the evolution of vulnerable versions and distinguish the fixes done by the user from those carried out by Dependabot. It represents the first time when Dependabot has been objectively analyzed, it has allowed us to extract the weak points in which GitHub should work to achieve greater acceptance by users and…

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages