Analyzed
about 12 hours
ago.
based on code collected
about 14 hours
ago.
Project Summary
SPIRE (the SPIFFE Runtime Environment) is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms. SPIRE exposes the SPIFFE Workload API, which can attest running software systems and issue SPIFFE IDs and SVIDs to them. This in turn allows two workloads to establish trust between each other, for example by establishing an mTLS connection or by signing and verifying a JWT token. SPIRE can also enable workloads to securely authenticate to a secret store, a database, or a cloud provider service.
In a Nutshell, SPIRE (the SPIFFE Runtime Environment)...
- ...
- ...
-
...
has a well established, mature codebase
maintained by a very large development team
with increasing Y-O-Y commits -
...
took an estimated 42 years of effort (COCOMO model)
starting with its first commit in August, 2017
ending with its most recent commit about 20 hours ago
Quick Reference
https://github.com/spiffe/spire
Project Security
Vulnerabilities per Version ( last 10 releases )
Project Vulnerability Report
Security Confidence Index
Poor security track-record
Favorable security track-record
Vulnerability Exposure Index
Many reported vulnerabilities
Few reported vulnerabilities
Did You Know...
-
...
65% of companies leverage OSS to speed application development in 2016
-
...
data presented on the Open Hub is available through our API
-
...
nearly 1 in 3 companies have no process for identifying, tracking, or remediating known open source vulnerabilities
-
...
learn about Open Hub updates and features on the Open Hub blog
30 Day SummaryMar 2 2023 — Apr 1 2023
|
12 Month SummaryApr 1 2022 — Apr 1 2023
|
