1657095915
Kap: An Open-source Screen Recorder Built with Web Technology
Kap
An open-source screen recorder built with web technology
Get Kap
Download the latest release:
Or install with Homebrew-Cask:
brew install --cask kapContribute
Read the contribution guide.
Plugins
For more info on how to create plugins, read the plugins docs.
Dev builds
Download main or builds for any other branch using: https://kap-artifacts.now.sh/<branch>. Note that these builds are unsupported and may have issues.
Related Repositories
Newsletter
Thanks
- ▲ Vercel for fast deployments served from the edge, hosting our website, downloads, and updates.
- ● CircleCI for supporting the open source community and making our builds fast and reliable.
- △ Sentry for letting us know when Kap isn't behaving and helping us eradicate said behaviour.
- Our contributors who help maintain Kap and make screen recording and sharing easy.
Author: Wulkano
Source Code: https://github.com/wulkano/kap
License: MIT license
1656986353
Ants-go: Open Source, Distributed, Restful Crawler Engine in Golang
ants-go
open source, restful, distributed crawler engine
gitter
comming up
- Persistence
- Dynamic Master
design of ants-go
ants
I wrote a crawler engine named ants in python base on scrapy. But sometimes, dynamic language is chaos. So I start to write it in a compile language.
scrapy
I design the crawler framework by imitating scrapy. such as downloader,scraper,and the way user write customize spider, but in a compile way
elasticsearch
I design my distributed architecture by imitating elasticsearch. it spire me to do a engine for distributed crawler
requirement
go get github.com/PuerkitoBio/goquery
go get github.com/go-sql-driver/mysql
install
go get github.com/wcong/ants-go
go install github.com/wcong/ants-go
run
cd bin
./ants-go
check cluster status
curl 'http://localhost:8200/cluster'
get all spiders
curl 'http://localhost:8200/spiders'
start a spider
curl 'http://localhost:8200/crawl?spider=spiderName'
cluster in one computer
to test cluster in one computer,you can run it from different port in different terminal
one node,use the default port tcp 8300 http 8200
cd bin
./ants-go
the other node set tcp port and http port
cd bin
./ants-go -tcp 9300 -http 9200
flags
there are some flags you can set,check out the help message
./ants-go -h
./ants-go -help
Customize spider
- go to spiders
- write your spiders follow the example deap_loop_spider.go or go to the spider page
- add you spider to spiderMap,follow the example in LoadAllSpiders in load_all_spider.go
- install again
Author: Wcong
Source Code: https://github.com/wcong/ants-go
License: MIT license
1654809060
Scaleway-cli: Command Line interface for Scaleway
Scaleway CLI (v2)
Scaleway CLI is a tool to help you pilot your Scaleway infrastructure directly from your terminal.
Installation
With a Package Manager (Recommended)
A package manager installs and upgrades the Scaleway CLI with a single command. We recommend this installation mode for more simplicity and reliability:
Homebrew
Install the latest stable release on macOS using Homebrew:
brew install scwArch Linux
Install the latest stable release on Arch Linux from offcial repositories. For instance with pacman:
pacman -S scaleway-cliChocolatey
Install the latest stable release on Windows using Chocolatey (Package):
choco install scaleway-cli
Manually
Released Binaries
We provide static-compiled binaries for darwin (macOS), GNU/Linux, and Windows platforms. You just have to download the binary compatible with your platform to a directory available in your PATH:
Linux
# Check out the latest release available on github <https://github.com/scaleway/scaleway-cli/releases/latest>
VERSION="2.5.1"
# Download the release from github
sudo curl -o /usr/local/bin/scw -L "https://github.com/scaleway/scaleway-cli/releases/download/v${VERSION}/scaleway-cli_${VERSION}_linux_amd64"
# Naming changed lately, the url prior to 2.5.1 was https://github.com/scaleway/scaleway-cli/releases/download/v${VERSION}/scw-${VERSION}-linux-x86_64
# Allow executing file as program
sudo chmod +x /usr/local/bin/scw
# Init the CLI
scw init
Windows
You can download the last release here: https://github.com/scaleway/scaleway-cli/releases
This official guide explains how to add tools to your PATH.
Docker Image
You can use the CLI as you would run any Docker image:
docker run -i --rm scaleway/cli:latest
See more in-depth information about running the CLI in Docker here
Getting Started
Setup your configuration
After you installed the latest release just run the initialization command and let yourself be guided! :dancer:
scw init
It will set up your profile, the authentication, and the auto-completion.
Basic commands
# Create an instance server
scw instance server create type=DEV1-S image=ubuntu_focal zone=fr-par-1 tags.0="scw-cli"
# List your servers
scw instance server list
# Create a Kubernetes cluster named foo with cilium as CNI, in version 1.17.4 and with a pool named default composed of 3 DEV1-M and with 2 tags
scw k8s cluster create name=foo version=1.17.4 pools.0.size=3 pools.0.node-type=DEV1-M pools.0.name=default tags.0=tag1 tags.1=tag2
Reference documentation
| Namespace | Description | Documentation |
|---|---|---|
account | Account API | CLI |
autocomplete | Autocomplete related commands | CLI |
config | Config file management | CLI |
feedback | Send feedback to the Scaleway CLI Team! | CLI |
info | Get info about current settings | CLI |
init | Initialize the config | CLI |
baremetal | Baremetal API | CLI / API |
dns | DNS API | CLI / API |
instance | Instance API | CLI / API |
k8s | Kapsule API | CLI / API |
lb | Load Balancer API | CLI / API |
marketplace | Marketplace API | CLI |
object | Object-storage utils | CLI / API |
rdb | Database RDB API | CLI / API |
registry | Container registry API | CLI / API |
vpc | VPC API | CLI / API |
Build it yourself
Build Locally
If you have a >= Go 1.13 environment, you can install the HEAD version to test the latest features or to contribute. Note that this development version could include bugs, use tagged releases if you need stability.
go get github.com/scaleway/scaleway-cli/cmd/scw
Dependencies: We only use go Go Modules with vendoring.
Build with Docker
You can build the scw CLI with Docker. If you have Docker installed, you can run:
docker build -t scaleway/cli .
Once build, you can then use the CLI as you would run any image:
docker run -i --rm scaleway/cli
See more in-depth information about running the CLI in Docker here
Development
This repository is at its early stage and is still in active development. If you are looking for a way to contribute please read CONTRIBUTING.md.
Legacy version
If you are looking for the legacy CLIv1 you can take a look at the v1 branch. We also wrote a migration guide to help transition to the CLIv2.
Reach Us
We love feedback. Don't hesitate to open a Github issue or feel free to reach us on Scaleway Slack community, we are waiting for you on #opensource.
Author: Scaleway
Source Code: https://github.com/scaleway/scaleway-cli
License: Apache-2.0 license
1654653660
Gothanks: GoThanks Automatically Stars Go's Official Repository
Give thanks (in the form of a GitHub ★) to your fellow Go modules maintainers.
About
GoThanks performs the following operations
- Sends a star to Go's repo (github.com/golang.go)
- Reads your go.mod file and sends a star to every Github repository that your app/library depends on
This is a simple way to say thanks to the maintainers of the modules you use and the contributors of Go itself.
Credits
GoThanks is a Go port of symfony/thanks implemented by Nicolas Grekas (nicolas-grekas) for PHP.
Original idea by Doug Tangren (softprops) for Rust.
Installation
$ go get -u github.com/psampaz/gothanksUsage
In order to run GoThanks you need to have a valid Github Access Token with public_repo scope.
You can pass the token as an argument to GoThanks or store it in an environmental variable named GITHUB_TOKEN.
Inside the folder where your go.mod lives run:
$ ./gothanks -github-token=xxxxxx
or
$ export GITHUB_TOKEN=xxxxx
$ ./gothanks
Docker
Run
docker run -it --rm -v $(pwd):/home psampaz/gothanks:latest -github-token=xxxxxx
or
docker run -it --rm -v $(pwd):/home --env GITHUB_TOKEN=xxxxxx psampaz/gothanks:latest
Example
$ ./gothanks
Welcome to GoThanks :)
You are about to star you beloved dependencies.
Press y to continue or n to abort
y
Sending your love..
Repository github.com/golang/go is already starred!
Repository github.com/golang/net is already starred!
Sending a star to github.com/google/go-github
Sending a star to github.com/stretchr/testify
Sending a star to github.com/sirupsen/logrus
Thank you!
You can also run it on non-interactive environments using -y flag.
$ ./gothanks -y
Welcome to GoThanks :)
Sending your love..
Repository github.com/golang/go is already starred!
Repository github.com/google/go-github is already starred!
Repository github.com/sirkon/goproxy is already starred!
Repository github.com/golang/crypto is already starred!
Repository github.com/golang/net is already starred!
Repository github.com/golang/oauth2 is already starred!
Thank you!Author: Psampaz
Source Code: https://github.com/psampaz/gothanks
License: MIT license
1654588030
The Definitive Guide to TypeScript & Possibly The Best TypeScript Book
TypeScript Deep Dive
I've been looking at the issues that turn up commonly when people start using TypeScript. This is based on the lessons from Stack Overflow / DefinitelyTyped and general engagement with the TypeScript community. You can follow for updates and don't forget to ★ on GitHub 🌹
Reviews
- Thanks for the wonderful book. Learned a lot from it. (link)
- Its probably the Best TypeScript book out there. Good Job (link)
- Love how precise and clear the examples and explanations are! (link)
- For the low, low price of free, you get pages of pure awesomeness. Chock full of source code examples and clear, concise explanations, TypeScript Deep Dive will help you learn TypeScript development. (link)
- Just a big thank you! Best TypeScript 2 detailed explanation! (link)
- This gitbook got my project going pronto. Fluent easy read 5 stars. (link)
- I recommend the online #typescript book by @basarat you'll love it.(link)
- I've always found this by @basarat really helpful. (link)
- We must highlight TypeScript Deep Dive, an open source book.(link)
- Great online resource for learning. (link)
- Thank you for putting this book together, and for all your hard work within the TypeScript community. (link)
- TypeScript Deep Dive is one of the best technical texts I've read in a while. (link)
- Thanks @basarat for the TypeScript Deep Dive Book. Help me a lot with my first TypeScript project. (link)
- Thanks to @basarat for this great #typescript learning resource. (link)
- Guyz excellent book on Typescript(@typescriptlang) by @basarat (link)
- Leaning on the legendary @basarat's "TypeScript Deep Dive" book heavily at the moment (link)
- numTimesPointedPeopleToBasaratsTypeScriptBook++; (link)
- A book not only for typescript, a good one for deeper JavaScript knowledge as well. link
- In my new job, we're using @typescriptlang, which I am new to. This is insanely helpful huge thanks, @basarat! link
- Thank you for writing TypeScript Deep Dive. I have learned so much. link
- Loving @basarat's @typescriptlang online book basarat.gitbooks.io/typescript/# loaded with great recipes! link
- Microsoft doc is great already, but if want to "dig deeper" into TypeScript I find this book of great value link
- Thanks, this is a great book 🤓🤓 link
- Deep dive to typescript is awesome in so many levels. i find it very insightful. Thanks link
- @basarat's intro to @typescriptlang is still one of the best going (if not THE best) link
- This is sweet! So many #typescript goodies! link
Get Started
If you are here to read the book online get started.
Translations
Book is completely free so you can copy paste whatever you want without requiring permission. If you have a translation you want me to link here. Send a PR.
Other Options
You can also download one of the Epub, Mobi, or PDF formats from the actions tab by clicking on the latest build run. You will find the files in the artifacts section.
Special Thanks
All the amazing contributors 🌹
Share
Share URL: https://basarat.gitbook.io/typescript/
Author: Basarat
Source Code: https://github.com/basarat/typescript-book/
License: View license
1654049820
Charts Painter: Customizable Charts Library for Flutter
Charts painter
Idea behind this lib is to allow highly customizable charts. By having decorations as Widgets (foreground and background) and item renderers that can be updated with how and where they draw items.
Customizing and adding new decorations and items will require some RenderObject knowledge.
Showcase
Example charts that can easily be built.
Usage
Add it to your package's pubspec.yaml file
dependencies:
charts_painter: ^2.0.0+2
Install packages from the command line
flutter packages get
Chart data
Chart data has some options that will change how the data will be processed. By changing axisMin or axisMax scale of the chart will change in order to show that value, in case data has higher/lower data than axisMax/axisMin, then this option is ignored.
Adding valueAxisMaxOver will add that value to currently the highest value.
Data strategy
Data strategy can manipulate data before being drawn, in case you want to stack data you can pass StackDataStrategy. Strategy only affects how multiple lists are being processed, to change how multi list items can be drawn see ChartBehaviour.multiItemStack
Chart behaviour
Sets chart behaviour and interaction like onClick and isScrollable can be set here
Item options
Options that set how it draws each item and how it looks. When using BarItemOptions or BubbleItemOptions geometry painters have been preset, and they include some extra options for their painters.
Geometry items
What are geometry items?
Geometry items are RenderObjects that are responsible for drawing each item on the canvas. Included in the lib are 2 GeometryPainters's.
| Bar painter (default) | Bubble painter |
|---|---|
| ![bar_painter] | ![bubble_painter] |
| ![candle_painter] |
Decoration
We use Decorations to enhance our charts. Chart decorations can be painted in the background or in a foreground of the items. Everything that is not chart item is a decoration. See all decorations
Here are decorations we have included, bar items with opacity have been added for better visibility.
Drawing charts
Now you are ready to use charts lib. If chart needs to animate the state changes then use AnimatedChart<T> widget instead of Chart<T> widget. AnimatedChart<T> needs to specify Duration and it can accept Curve for animation.
Basic charts
By passing ChartState.line or ChartState.bar to Chart widget we will add appropriate decorations for the selected chart.
@override
Widget build(BuildContext context) {
return Chart(
state: ChartState.line(
ChartData.fromList(
<double>[1, 3, 4, 2, 7, 6, 2, 5, 4].map((e) => BubbleValue<void>(e)).toList(),
),
),
);
}
By charging ChartState.line to ChartState.bar we can change look of the chart.
@override
Widget build(BuildContext context) {
return Chart(
state: ChartState.bar(
ChartData.fromList(
<double>[1, 3, 4, 2, 7, 6, 2, 5, 4].map((e) => BarValue<void>(e)).toList(),
),
),
);
}
Bar chart
This is how you can start, this is simple bar chart with grid decoration:
@override
Widget build(BuildContext context) {
return Padding(
padding: const EdgeInsets.all(8.0),
child: Chart<void>(
height: 600.0,
state: ChartState(
ChartData.fromList(
[1, 3, 4, 2, 7, 6, 2, 5, 4].map((e) => BarValue<void>(e.toDouble())).toList(),
axisMax: 8.0,
),
itemOptions: BarItemOptions(
padding: const EdgeInsets.symmetric(horizontal: 8.0),
radius: BorderRadius.vertical(top: Radius.circular(42.0)),
),
backgroundDecorations: [
GridDecoration(
verticalAxisStep: 1,
horizontalAxisStep: 1,
),
],
foregroundDecorations: [
BorderDecoration(borderWidth: 5.0),
],
),
),
);
}
Code above will draw this: 
Line Chart
To turn any chart to line chart we just need to add SparklineDecoration to foregroundDecorations or backgroundDecorations. This will add decoration line on top/bottom of the chart.
By replacing the BarValue to BubbleValue and changing geometryPainter to bubblePainter we can show nicer line chart with small bubbles on data points:
@override
Widget build(BuildContext context) {
return Padding(
padding: const EdgeInsets.all(8.0),
child: Chart<void>(
height: 600.0,
state: ChartState(
ChartData.fromList(
/// CHANGE: Change [BarValue<void>] to [BubbleValue<void>]
[1, 3, 4, 2, 7, 6, 2, 5, 4].map((e) => BubbleValue<void>(e.toDouble())).toList(),
axisMax: 8.0,
),
/// CHANGE: From [BarItemOptions] to [BubbleItemOptions]
itemOptions: BubbleItemOptions(
padding: const EdgeInsets.symmetric(horizontal: 8.0),
/// REMOVED: Radius doesn't exist in [BubbleItemOptions]
// radius: BorderRadius.vertical(top: Radius.circular(12.0)),
/// ADDED: Make [BubbleValue] items smaller
maxBarWidth: 4.0,
),
backgroundDecorations: [
GridDecoration(
verticalAxisStep: 1,
horizontalAxisStep: 1,
),
],
foregroundDecorations: [
BorderDecoration(borderWidth: 5.0),
/// ADDED: Add spark line decoration ([SparkLineDecoration]) on foreground
SparkLineDecoration(),
],
),
),
);
}
Code above will make our nicer line graph: 
Multi Chart
Charts can have multiple values that are grouped. To turn any chart to multi value we need to use ChartState instead of ChartState.fromList constructor. Default constructor will accept List<List<ChartItem<T>> allowing us to pass multiple lists to same chart.
@override
Widget build(BuildContext context) {
return Padding(
padding: const EdgeInsets.all(8.0),
child: Chart<void>(
height: 600.0,
state: ChartState(
/// CHANGE: From [ChartData.fromList] to [ChartData]
ChartData(
/// CHANGE: Add list we had into bigger List
[
[1, 3, 4, 2, 7, 6, 2, 5, 4].map((e) => BubbleValue<void>(e.toDouble())).toList(),
/// ADD: Another list
[4, 6, 3, 3, 2, 1, 4, 7, 5].map((e) => BubbleValue<void>(e.toDouble())).toList(),
],
axisMax: 8.0,
),
itemOptions: BubbleItemOptions(
padding: const EdgeInsets.symmetric(horizontal: 8.0),
maxBarWidth: 4.0,
/// ADDED: Color bubbles differently depending on List they came from. [ColorForIndex]
colorForKey: (item, index) {
return [Colors.red, Colors.blue][index];
},
),
backgroundDecorations: [
GridDecoration(
verticalAxisStep: 1,
horizontalAxisStep: 1,
),
],
foregroundDecorations: [
BorderDecoration(borderWidth: 5.0),
/// ADDED: Add another [SparkLineDecoration] for the second list
SparkLineDecoration(
// Specify key that this [SparkLineDecoration] will follow
// Throws if `lineKey` does not exist in chart data
lineArrayIndex: 1,
lineColor: Colors.blue,
),
SparkLineDecoration(),
],
),
),
);
}
Code above will make this multi line graph: 
Scrollable chart
Charts can also be scrollable, to use scroll first you have to wrap chart your chart in SingleChildScrollView widget. Then in ChartBehaviuor make sure you set isScrollable to true.
To make sure you can make any chart you want, we have included DecorationsRenderer as widget that you can use outside of the chart bounds. That is useful for fixed legends:
To make fixed decorations you will have to make these changes to your chart:
final _chartState = ChartState(
ChartData.fromList([1, 2, 3, 4, 5, 3, 2, 2].map((e) => BarValue<void>(e.toDouble())).toList()),
behaviour: ChartBehaviour(
// 1) Make sure the chart can scroll
isScrollable: true,
),
backgroundDecorations: [
HorizontalAxisDecoration(
endWithChart: false,
lineWidth: 1.0,
axisStep: 1,
lineColor: Theme.of(context).colorScheme.primaryVariant.withOpacity(0.2),
),
],
);
/// .....Somewhere in build method.....
// 2) Wrap Chart in Row widget
Row(
children: [
Expanded(
// 3) Wrap chart in `SingleChildScrollView`
child: SingleChildScrollView(
scrollDirection: Axis.horizontal,
child: Chart(
width: MediaQuery.of(context).size.width,
// Make sure height for the chart and fixed decoration are the same
height: MediaQuery.of(context).size.height * 0.4,
state: _chartState,
),
),
),
// 4) Add fixed decoration at the end of scroll view
Container(
color: Colors.white,
width: 14.0,
// Make sure height for the fixed decoration and chart are the same
height: MediaQuery.of(context).size.height * 0.4,
// 5) Use `DecorationsRenderer` to render fixed decoration
child: DecorationsRenderer(
[
HorizontalAxisDecoration(
lineWidth: 1.0,
axisStep: 1,
showValues: true,
legendFontStyle: Theme.of(context).textTheme.caption,
valuesAlign: TextAlign.center,
lineColor: Theme.of(context).colorScheme.primaryVariant.withOpacity(0.2),
)
],
// Must pass same state, this is used to calculate spacings and padding of decoration, to make sure it matches the chart.
_chartState,
),
)
],
);
More examples
Line charts
Line chart with multiple values example code 
Bar charts
Bar chart with area example code 
Scrollable chart
Scrollable bar chart example code
Use this package as a library
Depend on it
Run this command:
With Flutter:
$ flutter pub add charts_painterThis will add a line like this to your package's pubspec.yaml (and run an implicit flutter pub get):
dependencies:
charts_painter: ^2.0.0+2Alternatively, your editor might support flutter pub get. Check the docs for your editor to learn more.
Import it
Now in your Dart code, you can use:
import 'package:charts_painter/chart.dart';
import 'package:charts_painter/chart/model/chart_state.dart';
import 'package:charts_painter/chart/model/data/chart_data.dart';
import 'package:charts_painter/chart/model/data_strategy/data_strategy.dart';
import 'package:charts_painter/chart/model/data_strategy/default_data_strategy.dart';
import 'package:charts_painter/chart/model/data_strategy/stack_data_strategy.dart';
import 'package:charts_painter/chart/model/geometry/bar_value_item.dart';
import 'package:charts_painter/chart/model/geometry/bubble_value_item.dart';
import 'package:charts_painter/chart/model/geometry/candle_value_item.dart';
import 'package:charts_painter/chart/model/geometry/chart_item.dart';
import 'package:charts_painter/chart/model/theme/chart_behaviour.dart';
import 'package:charts_painter/chart/model/theme/item_theme/bar_item_options.dart';
import 'package:charts_painter/chart/model/theme/item_theme/item_options.dart';
import 'package:charts_painter/chart/model/theme/item_theme/line_item_options.dart';
import 'package:charts_painter/chart/render/chart_renderer.dart';
import 'package:charts_painter/chart/render/data_renderer/chart_data_renderer.dart';
import 'package:charts_painter/chart/render/data_renderer/chart_linear_data_renderer.dart';
import 'package:charts_painter/chart/render/decorations/border_decoration.dart';
import 'package:charts_painter/chart/render/decorations/decoration_painter.dart';
import 'package:charts_painter/chart/render/decorations/grid_decoration.dart';
import 'package:charts_painter/chart/render/decorations/horizontal_axis_decoration.dart';
import 'package:charts_painter/chart/render/decorations/renderer/chart_decoration_child_renderer.dart';
import 'package:charts_painter/chart/render/decorations/renderer/chart_decoration_renderer.dart';
import 'package:charts_painter/chart/render/decorations/selected_item_decoration.dart';
import 'package:charts_painter/chart/render/decorations/spark_line_decoration.dart';
import 'package:charts_painter/chart/render/decorations/target_decoration.dart';
import 'package:charts_painter/chart/render/decorations/target_legends_decoration.dart';
import 'package:charts_painter/chart/render/decorations/value_decoration.dart';
import 'package:charts_painter/chart/render/decorations/vertical_axis_decoration.dart';
import 'package:charts_painter/chart/render/decorations_renderer.dart';
import 'package:charts_painter/chart/render/geometry/leaf_item_renderer.dart';
import 'package:charts_painter/chart/render/geometry/painters/bar_geometry_painter.dart';
import 'package:charts_painter/chart/render/geometry/painters/bubble_geometry_painter.dart';
import 'package:charts_painter/chart/render/geometry/painters/geometry_painter.dart';
import 'package:charts_painter/chart/render/util/dashed_path_util.dart';
import 'package:charts_painter/chart/widgets/animated_chart.dart';
import 'package:charts_painter/chart/widgets/chart.dart';
import 'package:charts_painter/chart/widgets/chart_widget.dart';example/lib/main.dart
import 'package:charts_painter/chart.dart';
import 'package:example/chart_types.dart';
import 'package:example/charts/bar_target_chart_screen.dart';
import 'package:example/complex/complex_charts.dart';
import 'package:example/showcase/showcase_charts.dart';
import 'package:flutter/cupertino.dart';
import 'package:flutter/material.dart';
import 'charts/line_chart_screen.dart';
import 'charts/scrollable_chart_screen.dart';
void main() {
runApp(ChartDemo());
}
class ChartDemo extends StatefulWidget {
ChartDemo({Key key}) : super(key: key);
@override
_ChartDemoState createState() => _ChartDemoState();
}
class _ChartDemoState extends State<ChartDemo> {
@override
Widget build(BuildContext context) {
return MaterialApp(
theme: ThemeData.light().copyWith(
accentColor: Color(0xFFd8262C),
colorScheme: ThemeData.light().colorScheme.copyWith(
primary: Color(0xFFd8262C),
secondary: Color(0xFF353535),
error: Colors.lightBlue,
),
primaryColor: Colors.red,
),
home: Scaffold(
appBar: AppBar(
title: Text('Charts showcase'),
),
body: ShowList(),
),
);
}
}
class ShowList extends StatelessWidget {
ShowList({Key key}) : super(key: key);
@override
Widget build(BuildContext context) {
return ListView(
children: [
SizedBox(
height: 8.0,
),
Padding(
padding: const EdgeInsets.symmetric(horizontal: 16.0, vertical: 8.0),
child: Text(
'Chart types',
style: Theme.of(context).textTheme.bodyText2.copyWith(
fontWeight: FontWeight.w800,
fontSize: 14.0,
),
),
),
Divider(),
ChartTypes(),
Padding(
padding: const EdgeInsets.symmetric(horizontal: 16.0, vertical: 8.0),
child: Text(
'Chart Decorations',
style: Theme.of(context).textTheme.bodyText2.copyWith(
fontWeight: FontWeight.w800,
fontSize: 14.0,
),
),
),
Divider(),
ListTile(
title: Text('Sparkline decoration'),
trailing: Padding(
padding: const EdgeInsets.symmetric(vertical: 8.0),
child: Container(
width: 100.0,
child: Chart(
state: ChartState<void>(
ChartData.fromList(
[2, 7, 2, 4, 7, 6, 2, 5, 4]
.map((e) => BubbleValue<void>(e.toDouble()))
.toList(),
axisMax: 9,
),
itemOptions: BubbleItemOptions(
padding: const EdgeInsets.symmetric(horizontal: 2.0),
color: Theme.of(context).accentColor,
maxBarWidth: 1.0,
),
backgroundDecorations: [
GridDecoration(
showVerticalGrid: false,
horizontalAxisStep: 3,
gridColor: Theme.of(context).dividerColor,
),
SparkLineDecoration(
lineWidth: 2.0,
lineColor: Theme.of(context).colorScheme.primary,
),
],
),
),
),
),
onTap: () {
Navigator.of(context).push<void>(
MaterialPageRoute(builder: (_) => LineChartScreen()));
},
),
Divider(),
ListTile(
title: Text('Target line decoration'),
trailing: Padding(
padding: const EdgeInsets.symmetric(vertical: 8.0),
child: Container(
width: 100.0,
child: Chart(
state: ChartState<void>(
ChartData.fromList(
[1, 3, 4, 2, 7, 6, 2, 5, 4]
.map((e) => BarValue<void>(e.toDouble()))
.toList(),
axisMax: 8,
),
itemOptions: BarItemOptions(
padding: const EdgeInsets.symmetric(horizontal: 2.0),
color: Theme.of(context).accentColor,
maxBarWidth: 4.0,
),
backgroundDecorations: [
GridDecoration(
verticalAxisStep: 1,
horizontalAxisStep: 2,
gridColor: Theme.of(context).dividerColor,
),
],
foregroundDecorations: [
TargetLineDecoration(
target: 6,
colorOverTarget: Theme.of(context).colorScheme.error,
targetLineColor:
Theme.of(context).colorScheme.secondary,
),
BorderDecoration(
borderWidth: 1.5,
color: Theme.of(context).primaryColorDark,
),
]),
),
),
),
onTap: () {
Navigator.of(context).push<void>(
MaterialPageRoute(builder: (_) => BarTargetChartScreen()));
},
),
Divider(),
Padding(
padding: const EdgeInsets.symmetric(horizontal: 16.0, vertical: 8.0),
child: Text(
'Chart Interactions',
style: Theme.of(context).textTheme.bodyText2.copyWith(
fontWeight: FontWeight.w800,
fontSize: 14.0,
),
),
),
Divider(),
ListTile(
title: Text('Scrollable chart'),
trailing: Padding(
padding: const EdgeInsets.symmetric(vertical: 8.0),
child: Container(
width: 100.0,
child: Chart(
state: ChartState<void>(
ChartData.fromList(
[1, 3, 4, 2, 7, 6, 2, 5, 4]
.map((e) => BarValue<void>(e.toDouble()))
.toList(),
axisMax: 8,
),
itemOptions: BarItemOptions(
padding: const EdgeInsets.symmetric(horizontal: 2.0),
radius: BorderRadius.vertical(top: Radius.circular(12.0)),
color: Theme.of(context).accentColor,
),
backgroundDecorations: [
GridDecoration(
verticalAxisStep: 1,
horizontalAxisStep: 4,
gridColor: Theme.of(context).dividerColor,
),
SparkLineDecoration(
lineColor: Theme.of(context).accentColor,
),
],
),
),
),
),
onTap: () {
Navigator.of(context).push<void>(
MaterialPageRoute(builder: (_) => ScrollableChartScreen()));
},
),
Divider(),
Padding(
padding: const EdgeInsets.symmetric(horizontal: 16.0, vertical: 8.0),
child: Text(
'Complex charts',
style: Theme.of(context).textTheme.bodyText2.copyWith(
fontWeight: FontWeight.w800,
fontSize: 14.0,
),
),
),
Divider(),
ComplexCharts(),
ShowcaseCharts(),
SizedBox(
height: 24.0,
),
],
);
}
}Author: infinum
Source Code: https://github.com/infinum/flutter-charts
License: MIT license
1653778680
Beego: An Open-source, High-performance Web Framework for The Go
Beego
Beego is used for rapid development of enterprise application in Go, including RESTful APIs, web apps and backend services.
It is inspired by Tornado, Sinatra and Flask. beego has some Go-specific features such as interfaces and struct embedding.
Beego is composed of four parts:
- Base modules: including log module, config module, governor module;
- Task: is used for running timed tasks or periodic tasks;
- Client: including ORM module, httplib module, cache module;
- Server: including web module. We will support gRPC in the future;
Please use RELEASE version, or master branch which contains the latest bug fix
Web Application
Create hello directory, cd hello directory
mkdir hello
cd hello
Init module
go mod init
Download and install
go get github.com/beego/beego/v2@latest
Create file hello.go
package main
import "github.com/beego/beego/v2/server/web"
func main() {
web.Run()
}
Build and run
go build hello.go
./hello
Go to http://localhost:8080
Congratulations! You've just built your first beego app.
Features
- RESTful support
- MVC architecture
- Modularity
- Auto API documents
- Annotation router
- Namespace
- Powerful development tools
- Full stack for Web & API
Modules
Quick Start
If you could not open official website, go to beedoc
Community
- http://beego.vip/community
- Welcome to join us in Slack: https://beego.slack.com invite,
- QQ Group ID:523992905
- Contribution Guide.
Author: Beego
Source Code: https://github.com/beego/beego
License: View license
1653384000
オープンソースプロジェクトを効果的に支援するための5つのボーナスヒント
完璧なスタートアップチームを想像してみてください。小さなグループが互いに効果的にコミュニケーションを取り、物事を成し遂げます。彼らはお互いと彼らの仕事を気にかけ、それは彼らの結果に表れています。
オープンソースプロジェクトはそのようなものでなければなりません。オープンソースプロジェクトで他の人と協力しているときは、同じスタートアップエネルギーを模倣してみてください。
思いやりを持って
オープンソースコミュニティは、プロジェクト、他の人々、そして特に自分自身を気にする人々によって構築されています。
プロジェクトについて
プロジェクトを気にしないのであれば、改善のためにプロジェクトに貢献することのポイントは何ですか?
選択できるプロジェクトは非常に多いので、楽しんでいないプロジェクトに時間を無駄にするのではなく、楽しんでいるプロジェクトに貢献してください。
他の人について
他の画面には常に人がいることを忘れないでください。彼らを敬意を持って扱い、彼らがあなたのために同じことをする可能性が高いことを知ってください。
あなた自身について
とりわけ、あなたは自分自身を気にかけるべきです。自分の時間とメンタルヘルスを尊重してください。
オープンソースプロジェクトに取り組んでいるとき、実際に続行する義務はほとんどありません。それはボランティアの努力であり、それがあなたの精神状態に悪影響を及ぼしている場合は、それをやめてください。あなたはもっと重要です。
明確に通信する
明確なコミュニケーションにより、プロジェクトはスムーズに実行されます。これは、他の人と対話するための最初のステップは、コミュニケーションを公開し続けることであることを意味します。
オープンソースでのコミュニケーションの悪さをよく目にする主な場所は2つあります。
まず第一に、あなたが取り組んでいることを常に他の人に伝えてください。多くの場合、誰かが問題の解決に取り組み始めますが、他の人には言わないでください。すぐに、他の誰かがまったく同じことをし、手遅れになるまで他の誰かが仕事をしていることをどちらも知らず、彼らの両方の努力が無駄になります。
第二に、あなたがするすべてのことで文脈を共有します。バグについて説明するときは、「機能しない」以上のことを言ってください。問題の原因と、それを修正するためにこれまでに何を試みたかを説明してください。ただし、あまり共有しないでください。見つけたタイプミスを修正する前に、誰もあなたのライフストーリーを聞く必要はありません。
フィードバックを活用する
私たちは、他の人からの建設的なフィードバックを一生受け入れるべきだと聞いています。しかし、アドバイスを聞くことと実際にそれを心に留めることには違いがあります。
すべてのオープンソースプロジェクトの大部分はコードレビューです。誰かがいくつかの変更を加えたいときは、最初にそれらを調べる必要があります。お互いに明確にコミュニケーションをとることは、寄稿者と査読者の両方の仕事です。
助けを求める
わからないことや、どうやってやるのかわからないときはどうしますか?あなたは完全に諦めてあなたの努力を放棄しますか、それとも解決策を見つけようとしますか?
あなたが何かで助けを必要とするとき、あなたが見るべき3つの場所があります。まず、自分で問題を解決することから始めます。多くの場合、これは一歩下がって全体像を見るのと同じくらい簡単です。
それでも問題が解決しない場合は、オンラインで検索してみてください。オープンソースで支援するときにあなたが持っているほとんどすべての質問は、おそらく以前に誰かによって尋ねられたので、それをグーグルで検索してください!Stack Overflow、Quora、さらにはRedditなどのサイトで役立つ回答が見つかる可能性があります。
最後に、他のすべてが失敗し、まだ苦労している場合は、作業中のプロジェクトのコミュニティに連絡してください。プルリクエストのコードレビューの最中の場合は、コメントを残して質問してください。
何よりも、質問を避けて際限なく苦労するよりも、どんなに小さな質問でも質問するほうがよいでしょう。
あなたが望む方法で貢献する
オープンソースはコードだけではありません。あなたのスキルセットが何であれ、あなたは間違いなくそれをオープンソースの世界で助けるために使うことができます。
人気のあるGitHubリポジトリを見ると、コードだけではないことがわかります。少なくとも、プロジェクトの詳細が書かれたREADMEファイルがあります。
コードの記述、テスト、レビューの他に、イベントの整理、メディアの設計、プロジェクトについての記述などに取り組むことができます。
オープンソースプロジェクトは成長し変動しているコミュニティ全体であるため、実行できるタスクは無限にあります。
何か新しいことに挑戦します
オープンソースソフトウェアを手伝っているときは、単一のコミュニティに限定されないので、少し調べてみてください。
周りを見て、好きなコミュニティを見つけて、すぐに参加してください。アイデアはあるが、そのプロジェクトが存在しない場合は、自分でプロジェクトを開始してください。
どこで支援したいかがわかったら、支援が必要な問題(特に、GitHubで「良い最初の問題」のラベルが付けられた問題)を開いて、それに到達します。
急がないでください
一般的に、オープンソースの作業には実際の期限はありません。オンラインでボランティア活動をしているだけの場合は、他の誰かがあなたが取り組んでいたタスクを引き受けることを除けば、もう少し時間がかかることによる影響はありません。
「後方につまずくためだけに大きな飛躍をするよりも、正しい方向に多くの小さな一歩を踏み出す方が良いです。」(中国のことわざ)
急ぐ必要がないという事実は別として、急いでいる仕事は決してそれほど良くないことも注目に値します。時間をかけて問題を考え、最善の解決策を考えてください。
結論
オープンソースプロジェクトは複雑ですが、複雑である必要はありません。あなたが良いコミュニケーションと社会的スキルを練習し、あなたが助けている理由を知っている限り、あなたは素晴らしいことをするでしょう。
読んでいただきありがとうございます。素敵な一日を!
1653369720
Consejos Para Ayudar De Manera Efectiva En Proyectos De Código Abierto
Imagine el equipo de inicio perfecto: un pequeño grupo que se comunica de manera efectiva entre sí para hacer las cosas. Se preocupan el uno por el otro y por su trabajo, y eso se nota en los resultados.
Los proyectos de código abierto deberían ser así. Cuando esté trabajando con otros en un proyecto de código abierto, intente imitar esa misma energía de inicio.
Se compasivo
Las comunidades de código abierto están construidas por personas que se preocupan: por el proyecto, por otras personas y especialmente por ellos mismos.
Sobre el proyecto
Si no te importa un proyecto, entonces ¿de qué sirve contribuir a él para lograr una mejora?
Hay tantos proyectos diferentes para elegir, así que contribuya a los que disfruta en lugar de perder el tiempo en los que no.
Acerca de otros
Nunca olvides que siempre hay una persona en la otra pantalla. Trátelos con respeto y sepa que probablemente harán lo mismo por usted.
Acerca de ti mismo
Sobre todo, debes cuidarte a ti mismo. Respeta tu propio tiempo y tu salud mental.
Cuando trabaja en un proyecto de código abierto, casi nunca está obligado a continuar. Es un esfuerzo voluntario, y si tiene un impacto negativo en su estado mental, déjelo. Tú eres más importante.
Comuníquese claramente
Una comunicación clara mantiene los proyectos funcionando sin problemas. Esto significa que el primer paso para interactuar con otros es mantener la comunicación pública.
Hay dos lugares principales donde a menudo veo mala comunicación en código abierto:
En primer lugar, siempre cuéntale a los demás en qué estás trabajando. Con frecuencia, alguien comenzará a trabajar para resolver un problema, pero sin decírselo a nadie más. Pronto, alguien más hace exactamente lo mismo, y ninguno sabe que el otro está haciendo el trabajo hasta que es demasiado tarde, y ambos esfuerzos se desperdician.
En segundo lugar, comparte el contexto en todo lo que haces. Cuando describa un error, diga algo más que "no funciona". Explique qué condujo al problema y qué ha intentado hasta ahora para solucionarlo. Sin embargo, no comparta demasiado. Nadie necesita escuchar la historia de su vida antes de corregir un error tipográfico que encontró.
Utilizar retroalimentación
Hemos escuchado que debemos aceptar comentarios constructivos de los demás durante toda nuestra vida. Sin embargo, hay una diferencia entre escuchar un consejo y realmente tomarlo en serio.
Una gran parte de cada proyecto de código abierto es la revisión del código. Cuando alguien quiere hacer algunos cambios, primero debe revisarlos. Es trabajo tanto del colaborador como del revisor comunicarse claramente entre sí.
Pedir ayuda
Cuando te encuentras con algo que no entiendes o no sabes cómo realizar una tarea, ¿qué haces? ¿Te rindes por completo y abandonas tu arduo trabajo, o tratas de encontrar una solución?
Cuando necesite ayuda con algo, hay tres lugares donde debe buscar. Primero, comience tratando de resolver el problema usted mismo. A menudo, esto es tan simple como dar un paso atrás y mirar el panorama general.
Si eso no funciona, puede intentar buscar en línea. Casi todas las preguntas que tienes cuando ayudas en el código abierto probablemente te las hayan hecho alguien antes, ¡así que solo búscalas en Google! Es probable que encuentre una respuesta útil en sitios como Stack Overflow, Quora o incluso Reddit.
Finalmente, si todo lo demás falla y aún tiene problemas, comuníquese con la comunidad del proyecto en el que está trabajando. Si está en medio de una revisión de código en una solicitud de extracción, simplemente deje un comentario y pregunte.
Sobre todo, es mejor hacer su pregunta, por pequeña que sea, que evitar preguntar y luchar sin cesar.
Contribuye como quieras
El código abierto no se trata solo de código. Cualquiera que sea su conjunto de habilidades, definitivamente puede usarlo para ayudar en el mundo del código abierto.
Si echa un vistazo a cualquier repositorio popular de GitHub, notará que no es solo código. Como mínimo, hay un archivo README escrito con detalles sobre el proyecto.
Además de escribir, probar y revisar el código, puede trabajar en la organización de eventos, el diseño de medios, la redacción de proyectos y más.
Hay un sinfín de tareas que puede realizar porque los proyectos de código abierto son comunidades enteras que crecen y fluctúan.
Intenta algo nuevo
No estás confinado a una sola comunidad cuando ayudas con el software de código abierto, ¡así que explora un poco!
Echa un vistazo, trata de encontrar una comunidad que te guste y lánzate de inmediato. Si tienes una idea, pero no existe un proyecto para ella, ¡comienza uno tú mismo!
Cómo iniciar un nuevo proyecto de código abierto
Una vez que sepa dónde quiere ayudar, abra los problemas que necesitan ayuda (especialmente aquellos etiquetados con una etiqueta de "buen primer problema" en GitHub), ¡y hágalo!
no te apresures
Generalmente, el trabajo de código abierto no tiene una fecha límite real. Si solo está ofreciendo su tiempo como voluntario en línea, no hay consecuencias por tomarse un poco más de tiempo, además de que otra persona asuma la tarea en la que estaba trabajando.
“Es mejor dar muchos pequeños pasos en la dirección correcta que dar un gran salto hacia adelante y tropezar hacia atrás”. (Proverbio chino)
Aparte del hecho de que no necesitas apresurarte, también vale la pena señalar que el trabajo apresurado nunca es tan bueno. Tómese su tiempo, piense en el problema y encuentre la mejor solución.
Conclusión
Los proyectos de código abierto son complejos, pero no tienen por qué ser complicados. Te irá muy bien siempre y cuando practiques una buena comunicación y habilidades sociales y sepas por qué estás ayudando.
Muchas Gracias Por Leer. ¡Ten un día maravilloso!
Fuente: https://betterprogramming.pub/5-bonus-tips-to-help-out-effectly-on-open-source-projects-d5f64e8c04b8
1653019800
Security Scorecards: Security Health Metrics for Open Source
Security Scorecards
Overview
What is Scorecards?
We created Scorecards to give consumers of open-source projects an easy way to judge whether their dependencies are safe.
Scorecards is an automated tool that assesses a number of important heuristics ("checks") associated with software security and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your project. You can also assess the risks that dependencies introduce, and make informed decisions about accepting these risks, evaluating alternative solutions, or working with the maintainers to make improvements.
The inspiration for Scorecards’ logo: "You passed! All D's ... and an A!"
Project Goals
Automate analysis and trust decisions on the security posture of open source projects.
Use this data to proactively improve the security posture of the critical projects the world depends on.
Prominent Scorecards Users
Scorecards has been run on thousands of projects to monitor and track security metrics. Prominent projects that use Scorecards include:
Public Data
We run a weekly Scorecards scan of the 1 million most critical open source projects judged by their direct dependencies and publish the results in a BigQuery public dataset.
This data is available in the public BigQuery dataset openssf:scorecardcron.scorecard-v2. The latest results are available in the BigQuery view openssf:scorecardcron.scorecard-v2_latest.
You can query the data using BigQuery Explorer by navigating to Add Data > Pin a Project > Enter Project Name > 'openssf'
You can extract the latest results to Google Cloud storage in JSON format using the bq tool:
# Get the latest PARTITION_ID
bq query --nouse_legacy_sql 'SELECT partition_id FROM
openssf.scorecardcron.INFORMATION_SCHEMA.PARTITIONS WHERE table_name="scorecard-v2"
AND partition_id!="__NULL__" ORDER BY partition_id DESC
LIMIT 1'
# Extract to GCS
bq extract --destination_format=NEWLINE_DELIMITED_JSON
'openssf:scorecardcron.scorecard-v2$<partition_id>' gs://bucket-name/filename-*.json
The list of projects that are checked is available in the cron/data/projects.csv file in this repository. If you would like us to track more, please feel free to send a Pull Request with others. Currently, this list is derived from projects hosted on GitHub ONLY. We do plan to expand them in near future to account for projects hosted on other source control systems.
Using Scorecards
Scorecards GitHub Action
The easiest way to use Scorecards on GitHub projects you own is with the Scorecards GitHub Action. The Action runs on any repository change and issues alerts that maintainers can view in the repository’s Security tab. For more information, see the Scorecards GitHub Action installation instructions.
Scorecards Command Line Interface
To run a Scorecards scan on projects you do not own, use the command line interface installation option.
Prerequisites
Platforms: Currently, Scorecards supports OSX and Linux platforms. If you are using a Windows OS you may experience issues. Contributions towards supporting Windows are welcome.
Language: You must have GoLang installed to run Scorecards (https://golang.org/doc/install)
Installation
Standalone
To install Scorecards as a standalone:
- Visit our latest release page and download the correct binary for your operating system
- Extract the binary file
- Add the binary to your
GOPATH/bindirectory (usego env GOPATHto identify your directory if necessary)
Using Homebrew
You can use Homebrew (on macOS or Linux) to install Scorecards.
brew install scorecard
Using Linux package managers
| Package Manager | Linux Distribution | Command |
|---|---|---|
| Nix | NixOS | nix-shell -p nixpkgs.scorecard |
| AUR helper | Arch Linux | Use your AUR helper to install scorecard |
Authentication
GitHub imposes api rate limits on unauthenticated requests. To avoid these limits, you must authenticate your requests before running Scorecard. There are two ways to authenticate your requests: either create a GitHub personal access token, or create a GitHub App Installation.
- Create a GitHub personal access token. When creating the personal access token, we suggest you choose the
public_reposcope. Set the token in an environment variable calledGITHUB_AUTH_TOKEN,GITHUB_TOKEN,GH_AUTH_TOKENorGH_TOKENusing the commands below according to your platform.
# For posix platforms, e.g. linux, mac:
export GITHUB_AUTH_TOKEN=<your access token>
# Multiple tokens can be provided separated by comma to be utilized
# in a round robin fashion.
export GITHUB_AUTH_TOKEN=<your access token1>,<your access token2>
# For windows:
set GITHUB_AUTH_TOKEN=<your access token>
set GITHUB_AUTH_TOKEN=<your access token1>,<your access token2>
OR
- Create a GitHub App Installation for higher rate-limit quotas. If you have an installed GitHub App and key file, you can use the three environment variables below, following the commands (
setorexport) shown above for your platform.
GITHUB_APP_KEY_PATH=<path to the key file on disk>
GITHUB_APP_INSTALLATION_ID=<installation id>
GITHUB_APP_ID=<app id>
These variables can be obtained from the GitHub developer settings page.
Basic Usage
Docker
scorecard is available as a Docker container:
The GITHUB_AUTH_TOKEN has to be set to a valid token
docker run -e GITHUB_AUTH_TOKEN=token gcr.io/openssf/scorecard:stable --show-details --repo=https://github.com/ossf/scorecard
To use a specific scorecards version (e.g., v3.2.1), run:
docker run -e GITHUB_AUTH_TOKEN=token gcr.io/openssf/scorecard:v3.2.1 --show-details --repo=https://github.com/ossf/scorecard
Using repository URL
Scorecards can run using just one argument, the URL of the target repo:
$ scorecard --repo=github.com/ossf-tests/scorecard-check-branch-protection-e2e
Starting [CII-Best-Practices]
Starting [Fuzzing]
Starting [Pinned-Dependencies]
Starting [CI-Tests]
Starting [Maintained]
Starting [Packaging]
Starting [SAST]
Starting [Dependency-Update-Tool]
Starting [Token-Permissions]
Starting [Security-Policy]
Starting [Signed-Releases]
Starting [Binary-Artifacts]
Starting [Branch-Protection]
Starting [Code-Review]
Starting [Contributors]
Starting [Vulnerabilities]
Finished [CI-Tests]
Finished [Maintained]
Finished [Packaging]
Finished [SAST]
Finished [Signed-Releases]
Finished [Binary-Artifacts]
Finished [Branch-Protection]
Finished [Code-Review]
Finished [Contributors]
Finished [Dependency-Update-Tool]
Finished [Token-Permissions]
Finished [Security-Policy]
Finished [Vulnerabilities]
Finished [CII-Best-Practices]
Finished [Fuzzing]
Finished [Pinned-Dependencies]
RESULTS
-------
Aggregate score: 7.9 / 10
Check scores:
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| SCORE | NAME | REASON | DOCUMENTATION/REMEDIATION |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| 10 / 10 | Binary-Artifacts | no binaries found in the repo | github.com/ossf/scorecard/blob/main/docs/checks.md#binary-artifacts |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| 9 / 10 | Branch-Protection | branch protection is not | github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection |
| | | maximal on development and all | |
| | | release branches | |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| ? | CI-Tests | no pull request found | github.com/ossf/scorecard/blob/main/docs/checks.md#ci-tests |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| 0 / 10 | CII-Best-Practices | no badge found | github.com/ossf/scorecard/blob/main/docs/checks.md#cii-best-practices |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| 10 / 10 | Code-Review | branch protection for default | github.com/ossf/scorecard/blob/main/docs/checks.md#code-review |
| | | branch is enabled | |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| 0 / 10 | Contributors | 0 different companies found -- | github.com/ossf/scorecard/blob/main/docs/checks.md#contributors |
| | | score normalized to 0 | |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| 0 / 10 | Dependency-Update-Tool | no update tool detected | github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| 0 / 10 | Fuzzing | project is not fuzzed in | github.com/ossf/scorecard/blob/main/docs/checks.md#fuzzing |
| | | OSS-Fuzz | |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| 1 / 10 | Maintained | 2 commit(s) found in the last | github.com/ossf/scorecard/blob/main/docs/checks.md#maintained |
| | | 90 days -- score normalized to | |
| | | 1 | |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| ? | Packaging | no published package detected | github.com/ossf/scorecard/blob/main/docs/checks.md#packaging |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| 8 / 10 | Pinned-Dependencies | unpinned dependencies detected | github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies |
| | | -- score normalized to 8 | |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| 0 / 10 | SAST | no SAST tool detected | github.com/ossf/scorecard/blob/main/docs/checks.md#sast |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| 0 / 10 | Security-Policy | security policy file not | github.com/ossf/scorecard/blob/main/docs/checks.md#security-policy |
| | | detected | |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| ? | Signed-Releases | no releases found | github.com/ossf/scorecard/blob/main/docs/checks.md#signed-releases |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| 10 / 10 | Token-Permissions | tokens are read-only in GitHub | github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions |
| | | workflows | |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
| 10 / 10 | Vulnerabilities | no vulnerabilities detected | github.com/ossf/scorecard/blob/main/docs/checks.md#vulnerabilities |
|---------|------------------------|--------------------------------|---------------------------------------------------------------------------|
Scoring
Each individual check returns a score of 0 to 10, with 10 representing the best possible score. Scorecards also produces an aggregate score, which is a weight-based average of the individual checks weighted by risk.
- “Critical” risk checks are weighted at 10
- “High” risk checks are weighted at 7.5
- “Medium” risk checks are weighted at 5
- “Low” risk checks are weighted at 2.5
See the list of current Scorecards checks for each check's risk level.
Showing Detailed Results
For more details about why a check fails, use the --show-details option:
./scorecard --repo=github.com/ossf-tests/scorecard-check-branch-protection-e2e --checks Branch-Protection --show-details
Starting [Pinned-Dependencies]
Finished [Pinned-Dependencies]
RESULTS
-------
|---------|------------------------|--------------------------------|--------------------------------|---------------------------------------------------------------------------|
| SCORE | NAME | REASON | DETAILS | DOCUMENTATION/REMEDIATION |
|---------|------------------------|--------------------------------|--------------------------------|---------------------------------------------------------------------------|
| 9 / 10 | Branch-Protection | branch protection is not | Info: 'force pushes' disabled | github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection |
| | | maximal on development and all | on branch 'main' Info: 'allow | |
| | | release branches | deletion' disabled on branch | |
| | | | 'main' Info: linear history | |
| | | | enabled on branch 'main' Info: | |
| | | | strict status check enabled | |
| | | | on branch 'main' Warn: status | |
| | | | checks for merging have no | |
| | | | specific status to check on | |
| | | | branch 'main' Info: number | |
| | | | of required reviewers is 2 | |
| | | | on branch 'main' Info: Stale | |
| | | | review dismissal enabled on | |
| | | | branch 'main' Info: Owner | |
| | | | review required on branch | |
| | | | 'main' Info: 'admininistrator' | |
| | | | PRs need reviews before being | |
| | | | merged on branch 'main' | |
|---------|------------------------|--------------------------------|--------------------------------|---------------------------------------------------------------------------|
Using a Package manager
For projects in the --npm, --pypi, or --rubygems ecosystems, you have the option to run Scorecards using a package manager. Provide the package name to run the checks on the corresponding GitHub source code.
For example, --npm=angular.
Running specific checks
To run only specific check(s), add the --checks argument with a list of check names.
For example, --checks=CI-Tests,Code-Review.
Formatting Results
There are three formats currently: default, json, and csv. Others may be added in the future.
These may be specified with the --format flag. For example, --format=json.
Report Problems
If you have what looks like a bug, please use the Github issue tracking system. Before you file an issue, please search existing issues to see if your issue is already covered.
Checks
Scorecard Checks
The following checks are all run against the target project by default:
| Name | Description | Risk Level | Token Required | Note |
|---|---|---|---|---|
| Binary-Artifacts | Is the project free of checked-in binaries? | High | PAT, GITHUB_TOKEN | |
| Branch-Protection | Does the project use Branch Protection ? | High | PAT (repo or repo> public_repo), GITHUB_TOKEN | certain settings are only supported with a maintainer PAT |
| CI-Tests | Does the project run tests in CI, e.g. GitHub Actions, Prow? | Low | PAT, GITHUB_TOKEN | |
| CII-Best-Practices | Does the project have a CII Best Practices Badge? | Low | PAT, GITHUB_TOKEN | |
| Code-Review | Does the project require code review before code is merged? | High | PAT, GITHUB_TOKEN | |
| Contributors | Does the project have contributors from at least two different organizations? | Low | PAT, GITHUB_TOKEN | |
| Dangerous-Workflow | Does the project avoid dangerous coding patterns in GitHub Action workflows? | Critical | PAT, GITHUB_TOKEN | |
| Dependency-Update-Tool | Does the project use tools to help update its dependencies? | High | PAT, GITHUB_TOKEN | |
| Fuzzing | Does the project use fuzzing tools, e.g. OSS-Fuzz? | Medium | PAT, GITHUB_TOKEN | |
| License | Does the project declare a license? | Low | PAT, GITHUB_TOKEN | |
| Maintained | Is the project maintained? | High | PAT, GITHUB_TOKEN | |
| Pinned-Dependencies | Does the project declare and pin dependencies? | Medium | PAT, GITHUB_TOKEN | |
| Packaging | Does the project build and publish official packages from CI/CD, e.g. GitHub Publishing ? | Medium | PAT, GITHUB_TOKEN | |
| SAST | Does the project use static code analysis tools, e.g. CodeQL, LGTM, SonarCloud? | Medium | PAT, GITHUB_TOKEN | |
| Security-Policy | Does the project contain a security policy? | Medium | PAT, GITHUB_TOKEN | |
| Signed-Releases | Does the project cryptographically sign releases? | High | PAT, GITHUB_TOKEN | |
| Token-Permissions | Does the project declare GitHub workflow tokens as read only? | High | PAT, GITHUB_TOKEN | |
| Vulnerabilities | Does the project have unfixed vulnerabilities? Uses the OSV service. | High | PAT, GITHUB_TOKEN | |
| Webhooks | Does the project have unfixed vulnerabilities? Uses the OSV service. | High | maintainer PAT (admin: repo_hook or admin> read:repo_hook doc | EXPERIMENTAL |
Detailed Checks Documentation
To see detailed information about each check, its scoring criteria, and remediation steps, check out the checks documentation page.
Contribute
Code of Conduct
Before contributing, please follow our Code of Conduct.
Contribute to Scorecards
See the Contributing documentation for guidance on how to contribute to the project.
Adding a Scorecard Check
If you'd like to add a check, please see guidance here.
Connect with the Scorecards Community
If you want to get involved in the Scorecards community or have ideas you'd like to chat about, we discuss this project in the OSSF Best Practices Working Group meetings.
| Artifact | Link |
|---|---|
| Scorecard Dev Forum | ossf-scorecard-dev@ |
| Scorecard Announcements Forum | ossf-scorecard-announce@ |
| Community Meeting VC | Link to z o o m meeting |
| Community Meeting Calendar | Biweekly Thursdays, 1:00pm-2:00pm PST Calendar |
| Meeting Notes | Notes |
| Slack Channel | #security_scorecards |
Author: ossf
Source Code: https://github.com/ossf/scorecard
License: Apache-2.0 license
1652904000
Fontsource-flutter: Easily Add Fontsource Fonts to Your Flutter App
Fontsource for Flutter
Easily add Fontsource fonts to your flutter app. Also includes a dart interface for the Fontsource API.
Getting started
To start, create a config in either your pubspec.yaml file under the fontsource key or in the fontsource.yaml file.
include: [my-package] # Defaults to all
fonts:
alex-brush: # This can be any font id
version: 4.5.3 # Defaults to latest
subsets: [latin, latin-ext] # Defaults to all
weights: [400] # Defaults to all
styles: [normal] # Defaults to all
The config will tell fontsource what to download and bundle into your flutter app. To ensure everything is downloaded, execute dart run fontsource after your config is modified. Also make sure to run it whenever your repository is cloned. This will generate a local package in the .fontsource directory.
You can then import the fontsource package:
import 'package:fontsource/fontsource.dart';
Use the FontsourceTextStyle class to use a Fontsource font:
const Text(
'Hello world!',
style: FontsourceTextStyle(fontFamily: 'Alex Brush', fontSize: 30),
),
FontsourceTextStyle extends the TextStyle class, so any styling properties can be used to change the way the text looks.
Use With Packages
To use this in a package, add a configuration like normal, but don't run the fontsource cli.
Packages with a fontsource configuration will automatically be included. To manually specify what packages should be scanned, provide an include key with a list of package names to scan.
Fontsource API
The Fontsource API also has a dart interface that can be accessed through fontsource/api.dart.
Use this package as an executable
Install it
You can install the package from the command line:
dart pub global activate fontsourceUse it
The package has the following executables:
$ fontsource
Use this package as a library
Depend on it
Run this command:
With Flutter:
$ flutter pub add fontsourceThis will add a line like this to your package's pubspec.yaml (and run an implicit flutter pub get):
dependencies:
fontsource: ^0.3.0Alternatively, your editor might support flutter pub get. Check the docs for your editor to learn more.
Import it
Now in your Dart code, you can use:
import 'package:fontsource/fontsource.dart';example/lib/main.dart
import 'package:flutter/material.dart';
import 'package:fontsource/fontsource.dart';
void main() {
runApp(const MyApp());
}
class MyApp extends StatelessWidget {
const MyApp({Key? key}) : super(key: key);
@override
Widget build(BuildContext context) {
return MaterialApp(
home: Scaffold(
body: Center(
child: Column(
mainAxisAlignment: MainAxisAlignment.center,
children: const <Widget>[
Text(
'Sphinx of black quartz, judge my vow.',
style:
FontsourceTextStyle(fontFamily: 'Alex Brush', fontSize: 40),
),
],
),
),
),
);
}
}Author: Fontsource
Source Code: https://github.com/fontsource/fontsource-flutter
License: MIT license
1652721060
Uppy: The Next Open Source File Uploader for Web Browsers
Uppy is a sleek, modular JavaScript file uploader that integrates seamlessly with any application. It’s fast, has a comprehensible API and lets you worry about more important problems than building a file uploader.
- Fetch files from local disk, remote URLs, Google Drive, Dropbox, Box, Instagram or snap and record selfies with a camera
- Preview and edit metadata with a nice interface
- Upload to the final destination, optionally process/encode
Uppy is being developed by the folks at Transloadit, a versatile file encoding service.
Example
Code used in the above example:
import Uppy from '@uppy/core'
import Dashboard from '@uppy/dashboard'
import GoogleDrive from '@uppy/google-drive'
import Instagram from '@uppy/instagram'
import Webcam from '@uppy/webcam'
import Tus from '@uppy/tus'
const uppy = new Uppy({ autoProceed: false })
.use(Dashboard, { trigger: '#select-files' })
.use(GoogleDrive, { target: Dashboard, companionUrl: 'https://companion.uppy.io' })
.use(Instagram, { target: Dashboard, companionUrl: 'https://companion.uppy.io' })
.use(Webcam, { target: Dashboard })
.use(Tus, { endpoint: 'https://tusd.tusdemo.net/files/' })
.on('complete', (result) => {
console.log('Upload result:', result)
})
Try it online or read the docs for more details on how to use Uppy and its plugins.
Features
- Lightweight, modular plugin-based architecture, light on dependencies :zap:
- Resumable file uploads via the open tus standard, so large uploads survive network hiccups
- Supports picking files from: Webcam, Dropbox, Box, Google Drive, Instagram, bypassing the user’s device where possible, syncing between servers directly via @uppy/companion
- Works great with file encoding and processing backends, such as Transloadit, works great without (all you need is to roll your own Apache/Nginx/Node/FFmpeg/etc backend)
- Sleek user interface :sparkles:
- Optional file recovery (after a browser crash) with Golden Retriever
- Speaks several languages (i18n) :earth_africa:
- Built with accessibility in mind
- Free for the world, forever (as in beer 🍺, pizza 🍕, and liberty 🗽)
- Cute as a puppy, also accepts cat pictures :dog:
Installation
$ npm install @uppy/core @uppy/dashboard @uppy/tus
We recommend installing from npm and then using a module bundler such as Webpack, Browserify or Rollup.js.
Add CSS uppy.min.css, either to your HTML page’s <head> or include in JS, if your bundler of choice supports it — transforms and plugins are available for Browserify and Webpack.
Alternatively, you can also use a pre-built bundle from Transloadit’s CDN: Edgly. In that case Uppy will attach itself to the global window.Uppy object.
⚠️ The bundle consists of most Uppy plugins, so this method is not recommended for production, as your users will have to download all plugins when you are likely using only a few.
<!-- 1. Add CSS to `<head>` -->
<link href="https://releases.transloadit.com/uppy/v2.10.0/uppy.min.css" rel="stylesheet">
<!-- 2. Add JS before the closing `</body>` -->
<script src="https://releases.transloadit.com/uppy/v2.10.0/uppy.min.js"></script>
<!-- 3. Initialize -->
<div class="UppyDragDrop"></div>
<script>
var uppy = new Uppy.Core()
uppy.use(Uppy.DragDrop, { target: '.UppyDragDrop' })
uppy.use(Uppy.Tus, { endpoint: '//tusd.tusdemo.net/files/' })
</script>
Documentation
- Uppy — full list of options, methods and events
- Plugins — list of Uppy plugins and their options
- Companion — setting up and running a Companion instance, which adds support for Instagram, Dropbox, Box, Google Drive and remote URLs
- React — components to integrate Uppy UI plugins with React apps
- Architecture & Writing a Plugin — how to write a plugin for Uppy
Plugins
List of plugins and their common options
UI Elements
Dashboard— universal UI with previews, progress bars, metadata editor and all the cool stuff. Required for most UI plugins like Webcam and InstagramProgress Bar— minimal progress bar that fills itself when upload progressesStatus Bar— more detailed progress, pause/resume/cancel buttons, percentage, speed, uploaded/total sizes (included by default withDashboard)Informer— send notifications like “smile” before taking a selfie or “upload failed” when all is lost (also included by default withDashboard)
Sources
Drag & Drop— plain drag and drop areaFile Input— even plainer “select files” buttonWebcam— snap and record those selfies 📷- ⓒ
Google Drive— import files from Google Drive - ⓒ
Dropbox— import files from Dropbox - ⓒ
Box— import files from Box - ⓒ
Instagram— import images and videos from Instagram - ⓒ
Facebook— import images and videos from Facebook - ⓒ
OneDrive— import files from Microsoft OneDrive - ⓒ
Import From URL— import direct URLs from anywhere on the web
The ⓒ mark means that @uppy/companion, a server-side component, is needed for a plugin to work.
Destinations
Tus— resumable uploads via the open tus standardXHR Upload— regular uploads for any backend out there (like Apache, Nginx)AWS S3— plain upload to AWS S3 or compatible servicesAWS S3 Multipart— S3-style “Multipart” upload to AWS or compatible services
File Processing
Robodog— user friendly abstraction to do file processing with TransloaditTransloadit— support for Transloadit’s robust file uploading and encoding backend
Miscellaneous
Golden Retriever— restores files after a browser crash, like it’s nothingThumbnail Generator— generates image previews (included by default withDashboard)Form— collects metadata from<form>right before an Uppy upload, then optionally appends results back to the formRedux— for your emerging time traveling needs
React
- React — components to integrate Uppy UI plugins with React apps
- React Native — basic Uppy component for React Native with Expo
Browser Support
We aim to support recent versions of Chrome, Firefox, Safari and Edge.
We still provide a bundle which should work on IE11, but we are not running tests on it.
Polyfills
Here’s a list of polyfills you’ll need to include to make Uppy work in older browsers, such as IE11:
If you’re using a bundler, you need import them before Uppy:
import 'core-js'
import 'whatwg-fetch'
import 'abortcontroller-polyfill/dist/polyfill-patch-fetch'
// Order matters: AbortController needs fetch which needs Promise (provided by core-js).
import 'md-gum-polyfill'
import ResizeObserver from 'resize-observer-polyfill'
window.ResizeObserver ??= ResizeObserver
export { default } from '@uppy/core'
export * from '@uppy/core'
If you’re using Uppy from CDN, those polyfills are already included in the legacy bundle, so no need to include anything additionally:
<script src="https://releases.transloadit.com/uppy/v2.10.0/uppy.legacy.min.js"></script>
FAQ
Why not use <input type="file">?
Having no JavaScript beats having a lot of it, so that’s a fair question! Running an uploading & encoding business for ten years though we found that in cases, the file input leaves some to be desired:
- We received complaints about broken uploads and found that resumable uploads are important, especially for big files and to be inclusive towards people on poorer connections (we also launched tus.io to attack that problem). Uppy uploads can survive network outages and browser crashes or accidental navigate-aways.
- Uppy supports editing meta information before uploading (such as cropping of images).
- There’s the situation where people are using their mobile devices and want to upload on the go, but they have their picture on Instagram, files in Dropbox or a plain file URL from anywhere on the open web. Uppy allows to pick files from those and push it to the destination without downloading it to your mobile device first.
- Accurate upload progress reporting is an issue on many platforms.
- Some file validation — size, type, number of files — can be done on the client with Uppy.
- Uppy integrates webcam support, in case your users want to upload a picture/video/audio that does not exist yet :)
- A larger drag and drop surface can be pleasant to work with. Some people also like that you can control the styling, language, etc.
- Uppy is aware of encoding backends. Often after an upload, the server needs to rotate, detect faces, optimize for iPad, or what have you. Uppy can track progress of this and report back to the user in different ways.
- Sometimes you might want your uploads to happen while you continue to interact on the same single page.
Not all apps need all these features. An <input type="file"> is fine in many situations. But these were a few things that our customers hit / asked about enough to spark us to develop Uppy.
Why is all this goodness free?
Transloadit’s team is small and we have a shared ambition to make a living from open source. By giving away projects like tus.io and Uppy, we’re hoping to advance the state of the art, make life a tiny little bit better for everyone and in doing so have rewarding jobs and get some eyes on our commercial service: a content ingestion & processing platform.
Our thinking is that if only a fraction of our open source userbase can see the appeal of hosted versions straight from the source, that could already be enough to sustain our work. So far this is working out! We’re able to dedicate 80% of our time to open source and haven’t gone bankrupt yet. :D
Does Uppy support React?
Yep, we have Uppy React components, please see Uppy React docs.
Does Uppy support S3 uploads?
Yes, please check out the docs for more information.
Can I use Uppy with Rails/Node.js/Go/PHP?
Yes, whatever you want on the backend will work with @uppy/xhr-upload plugin, since it only does a POST or PUT request. Here’s a PHP backend example.
If you want resumability with the Tus plugin, use one of the tus server implementations 👌🏼
And you’ll need @uppy/companion if you’d like your users to be able to pick files from Instagram, Google Drive, Dropbox or via direct URLs (with more services coming).
Contributions are welcome
- Contributor’s guide in
.github/CONTRIBUTING.md - Changelog to track our release progress (we aim to roll out a release every month):
CHANGELOG.md
Used by
Uppy is used by: Photobox, Issuu, Law Insider, Cool Tabs, Soundoff, Scrumi, Crive and others.
Use Uppy in your project? Let us know!
| Tests |  |  |  |
| Deploys |  |  |  |
Author: Transloadit
Source Code: https://github.com/transloadit/uppy
License: MIT license
1652475060
Stream_duration: A Dart Package for Stream Duration, Support Countdown
A dart package for stream duration, support countdown, countup, and countup infinity.
Example Countdown
import 'package:stream_duration/stream_duration.dart';
void main() {
/// Countdown
var streamDuration = StreamDuration(Duration(seconds: 10), onDone: () {
print('Stream Done 👍');
});
streamDuration.durationLeft.listen((event) {
print(event.inSeconds);
});
}
Output Countdown
Example Count Up
import 'package:stream_duration/stream_duration.dart';
void main() {
/// Countup
var streamDurationUp = StreamDuration(Duration(seconds: 10), onDone: () {
print('Stream Done 👍');
}, countUp: true);
streamDurationUp.durationLeft.listen((event) {
print(event.inSeconds);
});
}
Output Count Up
Example Count Up Infinity
import 'package:stream_duration/stream_duration.dart';
void main() {
/// Countup Infinity
var streamDurationUpInfinity =
StreamDuration(Duration(seconds: 10), countUp: true, infinity: true);
streamDurationUpInfinity.durationLeft.listen((event) {
print(event.inSeconds);
});
}
Output Count Up Infinity
Use this package as a library
Depend on it
Run this command:
With Dart:
$ dart pub add stream_durationWith Flutter:
$ flutter pub add stream_durationThis will add a line like this to your package's pubspec.yaml (and run an implicit dart pub get):
dependencies:
stream_duration: ^2.0.3Alternatively, your editor might support dart pub get or flutter pub get. Check the docs for your editor to learn more.
Import it
Now in your Dart code, you can use:
import 'package:stream_duration/stream_duration.dart';example/example.dart
import 'package:stream_duration/stream_duration.dart';
void main() {
/// Countdown
var streamDuration = StreamDuration(
const Duration(seconds: 5),
onDone: () {
print('Stream Done 👍');
},
);
streamDuration.changeDuration(const Duration(seconds: 10));
streamDuration.durationLeft.listen((duration) {
print('Duration $duration');
});
// /// Countup
// var streamDurationUp = StreamDuration(Duration(seconds: 10), onDone: () {
// print('Stream Done 👍');
// }, countUp: true);
// streamDurationUp.durationLeft.listen((event) {
// print(event.inSeconds);
// });
// /// Countup Infinity
// var streamDurationUpInfinity =
// StreamDuration(Duration(seconds: 10), countUp: true, infinity: true);
// streamDurationUpInfinity.durationLeft.listen((event) {
// print(event.inSeconds);
// });
}Author: Farhanfadila1717
Source Code: https://github.com/farhanfadila1717/stream_duration
License: MIT license
1652360844
Best Free VueJS Admin Templates 2022
Are you looking for some of the best free VueJS admin dashboard templates? Look! In this blog, we give you a list of the best of them from 2022.
Admin dashboards are advantageous to any company. A Vue dashboard allows you to easily see how your company is performing. You may, for example, easily monitor and measure performance and metrics in real-time. Furthermore, it will help you build your business without spending time.
These new free templates include the ability to configure your dashboard. With all of the necessities. So, instead of wasting time creating your own, check out these free ones and get started on your next out-of-the-box admin dashboard.
Read more… 👇😊
#vue #vuejs #admin #templates #dashboard #opensource #GitHub
1652292900
ThreatMapper: Open Source Cloud Native Security Observability Platform
Announcing ThreatMapper 1.3.0
ThreatMapper 1.3.0 adds Secret Scanning, SBOM generation, updated Vulnerability Scanning and a more detailed Attack Path visualization.
ThreatMapper - Runtime Vulnerability Management and Attack Path Enumeration for Cloud Native
Deepfence ThreatMapper hunts for vulnerabilities in your production platforms, and ranks these vulnerabilities based on their risk-of-exploit. You can then prioritize the issues that present the greatest risk to the security of your applications - read more.
See ThreatMapper running with a live demo.
Getting Started with ThreatMapper
Planning your Deployment
The ThreatMapper console can be deployed on a single docker host or in a Kubernetes cluster.
ThreatMapper then monitors your development or production workloads using Sensor Agents. The sensors can be deployed on a wide range of platforms - Kubernetes, Docker, Fargate, Bare-Metal and Virtual Machines. Check the prerequisites before you proceed.
Install the Management Console
Installing the management console on a Docker host (4 cores, 16Gb) is as straightforward as:
sudo sysctl -w vm.max_map_count=262144 # see https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html
wget https://github.com/deepfence/ThreatMapper/raw/master/deployment-scripts/docker-compose.yml
docker-compose -f docker-compose.yml up --detachOnce docker-compose has detached, allow 30 seconds or so for the console to complete its startup. Note that the console uses an untrusted self-signed TLS key by default (how to fix).
Installation on Kubernetes is performed with a Helm Chart:
# Install OpenEBS, and wait for it to start up
kubectl create ns openebs
helm install openebs --namespace openebs --repo "https://openebs.github.io/charts" openebs --set analytics.enabled=false
kubectl get pods -o wide --namespace openebs -w
# Install the Kubernetes metrics service (if not already installed)
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.1/components.yaml
# Configure the Deepfence ThreatMapper Helm Chart
helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper
# Install the ThreatMapper console and wait for the pods to start up
helm install deepfence-console deepfence/deepfence-console
kubectl get pods -o wide -w
# Optionally, install the Deepfence Router service and wait for the platform to deploy a load balancer
helm install deepfence-router deepfence/deepfence-router
kubectl get --namespace default svc -w deepfence-routerMore details are in the ThreatMapper documentation.
Initial Configuration
Once the Management Console is up and running, you can register an admin account and obtain an API key.
When the console first starts up, it will begin to acquire the Threat Intel feed data; this usually takes a few minutes, but can take up to an hour. You can install sensors and browse the topology of your applications, but you will not be able to perform vulnerability scans until the threat feeds have been fully acquired.
Install the ThreatMapper Sensors
Install the sensors on your production or development platforms. The sensors report to the Management Console; they tell it what services they discover, provide telemetry and generate manifests of software dependencies.
The following production platforms are supported by ThreatMapper sensors:
- Amazon ECS: ThreatMapper sensors are deployed as a daemon service using a task definition.
- AWS Fargate: ThreatMapper sensors are deployed as a sidecar container, using a task definition.
- Google Kubernetes Engine: ThreatMapper sensors are deployed as a daemonset in the GKE cluster.
- Azure Kubernetes Service: ThreatMapper sensors are deployed as a daemonset in the AKS cluster.
- Kubernetes: ThreatMapper sensors are deployed as a daemonset in the Kubernetes cluster, using a helm chart.
- Docker: ThreatMapper sensors are deployed as a lightweight container.
- Bare-Metal or Virtual Machines: ThreatMapper sensors are deployed within a lightweight Docker runtime.
For example, run the following command to start the ThreatMapper sensor on the Docker host:
docker run -dit --cpus=".2" --name=deepfence-agent --restart on-failure --pid=host --net=host \
--privileged=true -v /sys/kernel/debug:/sys/kernel/debug:rw -v /var/log/fenced \
-v /var/run/docker.sock:/var/run/docker.sock -v /:/fenced/mnt/host/:ro \
-e USER_DEFINED_TAGS="" -e MGMT_CONSOLE_URL="---CONSOLE-IP---" -e MGMT_CONSOLE_PORT="443" \
-e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \
deepfenceio/deepfence_agent_ce:latestOn a Kubernetes platform, the sensors are installed using a Helm chart:
helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper
helm install deepfence-agent deepfence/deepfence-agent \
--set managementConsoleUrl=---CONSOLE-IP--- \
--set deepfenceKey=---DEEPFENCE-API-KEY---Next Steps
Once the sensor agents have been installed, you can begin to explore the topology of your infrastructure and applications.
Subsequently, when the threat feeds have been acquired, you'll see a message on Admin User: Settings -> Diagnosis. You can begin with your first Production Vulnerability Scan.
Check out the Deepfence ThreatMapper wiki for how to get started with using Deepfence ThreatMapper.
Get in touch
Thank you for using ThreatMapper. Please feel welcome to participate in the ThreatMapper Community.
- Got a question, need some help? Find the Deepfence team on Slack
- https://github.com/deepfence/ThreatMapper/issues: Got a feature request or found a bug? Raise an issue
- productsecurity at deepfence dot io: Found a security issue? Share it in confidence
- Read the documentation in the Deepfence ThreatMapper wiki
- Find out more at deepfence.io
Security and Support
For any security-related issues in the ThreatMapper project, contact productsecurity at deepfence dot io.
Please file GitHub issues as needed, and join the Deepfence Community Slack channel.
License
The Deepfence ThreatMapper project (this repository) is offered under the Apache2 license.
Contributions to Deepfence ThreatMapper project are similarly accepted under the Apache2 license, as per GitHub's inbound=outbound policy.
Author: deepfence
Source Code: https://github.com/deepfence/ThreatMapper
License: Apache-2.0 License
