repo-trust 0.1.1

A command-line tool that tells you whether an open-source repository deserves your trust — beyond the star count.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

//! Security & Readiness module.
//!
//! Wires `collectors::security::collect` → `features::security::compute` →
//! `scoring::security::score`.

use async_trait::async_trait;

use super::TrustModule;
use crate::collectors::security;
use crate::features::security as features;
use crate::models::{EvidenceItem, ModuleResult, RepositoryContext};
use crate::scoring::security as scoring;

#[derive(Debug, Default)]
pub struct SecurityModule;

#[async_trait]
impl TrustModule for SecurityModule {
    fn name(&self) -> &'static str {
        "security"
    }
    fn version(&self) -> &'static str {
        "1.0.0"
    }

    async fn run(
        &self,
        ctx: &RepositoryContext,
    ) -> anyhow::Result<(ModuleResult, Vec<EvidenceItem>)> {
        let (owner, repo) = ctx.owner_repo();
        let (_metadata, raw) = security::collect(
            &ctx.github,
            &ctx.scorecard,
            &ctx.osv,
            owner,
            repo,
            ctx.snapshot_at,
        )
        .await?;
        let features = features::compute(&raw, ctx.snapshot_at);
        let (result, evidence) = scoring::score(&features);
        Ok((result, evidence))
    }
}