Modules
Analyzer takes in a valid repo URL and coordinates the analysis, returning a simple JSON report. The URL can be one of "https", "http", or "file". Note, that the latter scheme will only work an existing clone and won't remove the directory structure upon completion of analysis.
Provides Cargo.toml dependency parser for Rust projects. Parses [dependencies], [dev-dependencies], [build-dependencies], and [workspace.dependencies] sections, extracting crate names, version specs, and git/path source info.
Provides Cargo.lock dependency parser for Rust projects. Parses [[package]] sections extracting locked dependency info including name, version, and source URLs.
Scanner scans for Cargo/Rust dependencies to run analysis on.
Collection of lower-level functions for analyzing outputs from git command.
Collections of functions for interacting with the git command to perform queries.
Behaviour definition for GitModule operations.
Collection of generic helper functions.
Provides map to json encoder
Provides mix.lock dependency parser From: https://github.com/librariesio/mix-deps-json/blob/master/lib/lockfile.ex
Provides mix.exs dependency parser From: https://github.com/librariesio/mix-deps-json/blob/master/lib/mixfile.ex
Scanner scans for mix dependencies to run analysis on.
OTP Application for LEI batch analysis service.
Batch SBOM analysis engine.
ETS-backed cache for batch dependency analysis results.
ETS-backed cache for LowEndInsight analysis results with DETS persistence.
Exports LEI analysis reports as cache snapshot files.
Imports LEI cache snapshots from local directories or OCI artifacts.
OCI artifact packaging for LEI cache snapshots.
OCI Distribution Spec client for pushing and pulling LEI cache artifacts.
Generates OCI image annotations from LowEndInsight analysis reports.
Renders the GitHub Copilot instructions file for LowEndInsight dependency risk awareness.
Renders the Cursor IDE rule file (.mdc) for LowEndInsight dependency risk awareness.
Converts LowEndInsight analysis reports to SARIF 2.1.0 format for GitHub Code Scanning / Security tab integration.
Generates CycloneDX 1.4 JSON SBOM documents from LowEndInsight analysis reports. Embeds bus-factor risk scores as custom properties on each component.
Generates SPDX 2.3 JSON SBOM documents from LowEndInsight analysis reports. Embeds bus-factor risk scores as annotations on each package.
HTTP router for LEI batch analysis API.
Pre-package risk gate for Zarf integration.
SARIF (Static Analysis Results Interchange Format) v2.1.0 output for LEI Zarf Gate results.
Provides package.json and package-lock.json dependency parser
Scanner scans for node dependencies to run analysis on.
Provides yarn.lock dependency parser
ProjectIdent module
Provides a requirements.txt dependency parser
Scanner scans for python dependencies to run analysis on.
RiskLogic contains the functionality for determining risk based on numeric input values
Scan for a SBOM and validate.
Scanner scans.
Collection of functions for handling time-based conversions.
Mix Tasks
Printed when the user requests mix help echo
This is used to run a LowEndInsight scan against a repository, by cloning it locally, then looking into it. Pass in the repo URL as a parameter to the task.
This is used to run a LowEndInsight scan against a repository, by cloning it locally, then looking into it. Pass in the repo URL as a parameter to the task.
Export LEI analysis reports as an OCI-compatible cache artifact for Zarf.
Import a previously exported or pulled LEI cache snapshot.
Pull a LEI cache artifact from an OCI registry for air-gapped use.
This is used to run LowEndInsight to generate a transitive-dependency list, as JSON, for a given repository.
Exports cached LowEndInsight analysis results to a portable bundle containing a SQLite database, gzipped JSON Lines, a manifest, and SHA-256 checksums.
Generates static context/rule files that inject LowEndInsight dependency risk awareness into AI coding assistants.
Analyze a project's dependencies and produce a SARIF 2.1.0 report suitable
for upload to GitHub Code Scanning via the github/codeql-action/upload-sarif action.
Analyze a git repository and produce an SBOM in CycloneDX 1.4 or SPDX 2.3 JSON format. Bus-factor risk scores from LowEndInsight are embedded as custom properties.
This is used to run a LowEndInsight scanner against a project.
Run LEI supply chain risk analysis as a pre-package gate for Zarf.