Identify and mitigate the risks of using third-party libraries.
This project is not remotely ready for anyone to look at, let alone use. It is in a very early proof-of-concept stage, focusing on iterative research and development. I have not settled on the project's architecture, and I am still exploring the problem space. As such, the quality of the code is very poor, and things are guaranteed to change.
I will not provide support, nor am I accepting PRs at this time.
I intend for Boomgate to allow you to define a policy for your project that describes your risk acceptance with regard to your use of third-party dependencies. Boomgate will evaluate your project's third-party dependencies against this policy, report on any risks that you deem unacceptable, and—also per your defined policy—suggest mitigation strategies.
For example, you may decide that you are not willing to use a dependency if its author's email address's domain is not registered (i.e. DNS returns NXDOMAIN), or you may decide that all dependencies (barring a list of excepted 'trusted' dependencies) require a security audit before they can be used.
In this example, Boomgate can be configured to block your project's CI/CD pipeline if one of these conditions is met by your project's resolved dependencies. Importantly, this failure condition could simply be ressovled by an (explicit, attributable, auditable) verification by a human that a listed precaution has been taken (e.g., "Yes, I have audited the code in this new dependency.").
See my rough list of idea in the GitHub issues list.
Clone the repository and run the following command:
uv pip install -e . -r pyproject.toml --extra=dev --extra=docsThis will install the project in editable mode with all development dependencies.
pytest