Title: Open-Source Inspector Author: Prince Bhardwaj Register Number: RA2011008020062 Institution: SRM University, Department of Information Technology Course: 18CSP107L - Minor Project Summary: Tool designed to enhance the security best practices of open-source projects. It automates security assessments, assigning scores based on various heuristics, enabling project maintainers to strengthen their project's security posture and empower open-source consumers to evaluate dependencies effectively.
The security of open-source software (OSS) has become crucial in the quickly changing software development landscape. To meet this pressing demand, we introduce Open-Source Inspector (OSi), an automated tool that evaluates an OSS project's security posture in-depth. OSi does comprehensive assessments, carefully examining a range of security factors, including vulnerability management, code review procedures, dependency updates, and the general health of the project. The tool uses a strict evaluation process and offers priceless insights on the security advantages and disadvantages of open-source software (OSS) activities. Beyond evaluation, OSi goes above and beyond by providing practical suggestions to improve OSS projects' security procedures. These recommendations enable project maintainers to strengthen the overall security of their projects, strengthen security procedures, and address vulnerabilities that have been found. Users are able to prioritize projects with strong security profiles by utilizing OSi's results, which facilitates informed decisions about integrating OSS dependencies. This report highlights OSi's importance in promoting a safe open-source software ecosystem by outlining its creation, methodology, and practical applications. OSi acts as a catalyst for building a stable and resilient OSS environment by bridging the gap between evaluation and active improvement. By providing users and project maintainers with practical recommendations and automated assessments, OSi gives them the tools they need to properly protect the security and integrity of open-source software projects. Keywords: Open-Source Security, Automated Security Assessment, Open-Source Project Health, Vulnerability Management, Security Metrics Evaluation.