mitre/saf

0

/ 100

Documentation70
Engineering79
Health97
HTML181Other1d ago
Grade a repo

Good shape overall. A few tweaks would push it into the top tier.

The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines

Documentation

70

Contributing guide5pt0

No CONTRIBUTING.md found (−47 pts base + up to −53 pts more for content).

Add a CONTRIBUTING.md telling newcomers how to get involved. Include setup, code style, test, and PR instructions.

README12pt70

README is present.

Install and run instructions9pt90

README documents how to install the project.

License6pt100

Licensed under Other.

Engineering

79

Issue and PR templates6pt0

No issue or PR templates found (−100 pts).

Add .github/ISSUE_TEMPLATE/ with bug_report.md and feature_request.md to guide contributors. It dramatically improves issue quality.

CI/CD14pt72

CI is configured (.github/workflows/build-macos.yml).

Reproducibility6pt92

Lockfile present (package-lock.json). Installs are reproducible.

Tests18pt100

Test files detected (test).

Linting and formatting5pt100

Linter or formatter configured (.editorconfig).

Project health

97

Dependency manifest6pt90

Dependency manifest found (package.json).

Repository metadata5pt100

Repository has a description.

Activity5pt100

Actively maintained (pushed within the last month).

Housekeeping3pt100

.gitignore present.

Repository health signals

Activity, community, and responsiveness at scan time

Activity

  • Commits (30d / 90d)
  • 43
    Forks
  • 102
    Releaseslatest 4y ago

Community

  • Community health
  • authors own >50% of commits
  • 181
    Watchers

Responsiveness

  • 4d 17h
    Median issue response
  • <1h
    Median PR merge time
  • 200
    Open issues
Repository files35 root entries
  • .github
    Good: CI is configured (.github/workflows/build-macos.yml).
    Good: Dependabot configured for npm.
  • .vscode
  • bin
  • docs
  • src
  • test
    Good: Test files detected (test).
  • _config.yml
  • .deepsource.toml
  • .editorconfig
    Good: Linter or formatter configured (.editorconfig).
  • .env-example
  • .gitignore
    Good: .gitignore present.
  • .nvmrc
  • CNAME
  • Dockerfile
    Good: Environment pinned via Dockerfile.
  • eslint.config.js
  • LICENSE.md
    Good: Licensed under Other.
  • oclif-theme.json
  • pack-hdf-converters.bat
  • pack-hdf-converters.sh
  • pack-heimdall-lite.bat
  • pack-heimdall-lite.sh
  • pack-inspec-objects.bat
  • pack-inspec-objects.sh
  • pack-inspecjs.bat
  • pack-inspecjs.sh
  • package-lock.json
    Good: Lockfile present (package-lock.json). Installs are reproducible.
  • package.json
    Good: Dependency manifest found (package.json).
  • README.md
    Good: README is present.
    Good: README is well structured with multiple sections.
    Issue: No screenshots or images in the README (−20 pts).Fix: Add a GIF, screenshot, or logo image. It is the fastest way to show what your project does.
    Good: README has code examples.
    Good: README links to a live demo or deployed app.
    Issue: No status badges in the README (−10 pts).Fix: Add CI/build status badges from shields.io or your CI provider to signal project health.
    Good: README documents how to install the project.
    Good: README documents how to run the project.
  • release-prep.ps1
  • release-prep.sh
  • saf-cli.code-workspace
  • saf.spec
  • tsconfig.json
  • VERSION
  • vitest.config.ts