# LowEndInsight v0.9.1 - Table of Contents LowEndInsight is a simple 'bus-factor' risk analysis library for Open Source Software which is managed within a Git repository. Provide the git URL and the library will respond with a basic Elixir Map structure report. ## Pages - [LowEndInsight](readme.md) ## Modules - [AnalyzerModule](AnalyzerModule.md): Analyzer takes in a valid repo URL and coordinates the analysis, returning a simple JSON report. The URL can be one of "https", "http", or "file". Note, that the latter scheme will only work an existing clone and won't remove the directory structure upon completion of analysis. - [Cargo.Cargofile](Cargo.Cargofile.md): Provides Cargo.toml dependency parser for Rust projects. Parses [dependencies], [dev-dependencies], [build-dependencies], and [workspace.dependencies] sections, extracting crate names, version specs, and git/path source info. - [Cargo.Cargolock](Cargo.Cargolock.md): Provides Cargo.lock dependency parser for Rust projects. Parses [[package]] sections extracting locked dependency info including name, version, and source URLs. - [Cargo.Scanner](Cargo.Scanner.md): Scanner scans for Cargo/Rust dependencies to run analysis on. - [Contributor](Contributor.md) - [CounterAgent](CounterAgent.md) - [Data](Data.md) - [GitHelper](GitHelper.md): Collection of lower-level functions for analyzing outputs from git command. - [GitModule](GitModule.md): Collections of functions for interacting with the `git` command to perform queries. - [GitModule.Behaviour](GitModule.Behaviour.md): Behaviour definition for GitModule operations. - [Helpers](Helpers.md): Collection of generic helper functions. - [Hex.Encoder](Hex.Encoder.md): Provides map to json encoder - [Hex.Library](Hex.Library.md) - [Hex.Lockfile](Hex.Lockfile.md): Provides mix.lock dependency parser From: https://github.com/librariesio/mix-deps-json/blob/master/lib/lockfile.ex - [Hex.Mixfile](Hex.Mixfile.md): Provides mix.exs dependency parser From: https://github.com/librariesio/mix-deps-json/blob/master/lib/mixfile.ex - [Hex.Scanner](Hex.Scanner.md): Scanner scans for mix dependencies to run analysis on. - [Lei.Application](Lei.Application.md): OTP Application for LEI batch analysis service. - [Lei.BatchAnalyzer](Lei.BatchAnalyzer.md): Batch SBOM analysis engine. - [Lei.BatchCache](Lei.BatchCache.md): ETS-backed cache for batch dependency analysis results. - [Lei.Cache](Lei.Cache.md): ETS-backed cache for LowEndInsight analysis results with DETS persistence. - [Lei.Cache.Exporter](Lei.Cache.Exporter.md): Exports LEI analysis reports as cache snapshot files. - [Lei.Cache.Importer](Lei.Cache.Importer.md): Imports LEI cache snapshots from local directories or OCI artifacts. - [Lei.Cache.OCI](Lei.Cache.OCI.md): OCI artifact packaging for LEI cache snapshots. - [Lei.Cache.OCIClient](Lei.Cache.OCIClient.md): OCI Distribution Spec client for pushing and pulling LEI cache artifacts. - [Lei.OCI.Annotations](Lei.OCI.Annotations.md): Generates OCI image annotations from LowEndInsight analysis reports. - [Lei.Rules.CopilotTemplate](Lei.Rules.CopilotTemplate.md): Renders the GitHub Copilot instructions file for LowEndInsight dependency risk awareness. - [Lei.Rules.CursorTemplate](Lei.Rules.CursorTemplate.md): Renders the Cursor IDE rule file (.mdc) for LowEndInsight dependency risk awareness. - [Lei.Sarif](Lei.Sarif.md): Converts LowEndInsight analysis reports to SARIF 2.1.0 format for GitHub Code Scanning / Security tab integration. - [Lei.Sbom.CycloneDX](Lei.Sbom.CycloneDX.md): Generates CycloneDX 1.4 JSON SBOM documents from LowEndInsight analysis reports. Embeds bus-factor risk scores as custom properties on each component. - [Lei.Sbom.SPDX](Lei.Sbom.SPDX.md): Generates SPDX 2.3 JSON SBOM documents from LowEndInsight analysis reports. Embeds bus-factor risk scores as annotations on each package. - [Lei.Web.Router](Lei.Web.Router.md): HTTP router for LEI batch analysis API. - [Lei.ZarfGate](Lei.ZarfGate.md): Pre-package risk gate for Zarf integration. - [Lei.ZarfGate.Sarif](Lei.ZarfGate.Sarif.md): SARIF (Static Analysis Results Interchange Format) v2.1.0 output for LEI Zarf Gate results. - [Lowendinsight.Files](Lowendinsight.Files.md) - [Npm.Packagefile](Npm.Packagefile.md): Provides package.json and package-lock.json dependency parser - [Npm.Scanner](Npm.Scanner.md): Scanner scans for node dependencies to run analysis on. - [Npm.Yarnlockfile](Npm.Yarnlockfile.md): Provides yarn.lock dependency parser - [Parser](Parser.md) - [ProjectIdent](ProjectIdent.md): ProjectIdent module - [ProjectType](ProjectType.md) - [Pypi.Requirements](Pypi.Requirements.md): Provides a requirements.txt dependency parser - [Pypi.Scanner](Pypi.Scanner.md): Scanner scans for python dependencies to run analysis on. - [RepoReport](RepoReport.md) - [Results](Results.md) - [RiskLogic](RiskLogic.md): RiskLogic contains the functionality for determining risk based on numeric input values - [SbomModule](SbomModule.md): Scan for a SBOM and validate. - [ScannerModule](ScannerModule.md): Scanner scans. - [TimeHelper](TimeHelper.md): Collection of functions for handling time-based conversions. ## Mix Tasks - [mix echo](Mix.Tasks.Echo.md): Printed when the user requests `mix help echo` - [mix lei.analyze](Mix.Tasks.Lei.Analyze.md): This is used to run a LowEndInsight scan against a repository, by cloning it locally, then looking into it. Pass in the repo URL as a parameter to the task. - [mix lei.batch_bulk_analyze](Mix.Tasks.Lei.BatchBulkAnalyze.md) - [mix lei.bulk_analyze](Mix.Tasks.Lei.BulkAnalyze.md): This is used to run a LowEndInsight scan against a repository, by cloning it locally, then looking into it. Pass in the repo URL as a parameter to the task. - [mix lei.cache.export](Mix.Tasks.Lei.Cache.Export.md): Export LEI analysis reports as an OCI-compatible cache artifact for Zarf. - [mix lei.cache.import](Mix.Tasks.Lei.Cache.Import.md): Import a previously exported or pulled LEI cache snapshot. - [mix lei.cache.pull](Mix.Tasks.Lei.Cache.Pull.md): Pull a LEI cache artifact from an OCI registry for air-gapped use. - [mix lei.dependencies](Mix.Tasks.Lei.Dependencies.md): This is used to run LowEndInsight to generate a transitive-dependency list, as JSON, for a given repository. - [mix lei.export_cache](Mix.Tasks.Lei.ExportCache.md): Exports cached LowEndInsight analysis results to a portable bundle containing a SQLite database, gzipped JSON Lines, a manifest, and SHA-256 checksums. - [mix lei.generate_rules](Mix.Tasks.Lei.GenerateRules.md): Generates static context/rule files that inject LowEndInsight dependency risk awareness into AI coding assistants. - [mix lei.sarif](Mix.Tasks.Lei.Sarif.md): Analyze a project's dependencies and produce a SARIF 2.1.0 report suitable for upload to GitHub Code Scanning via the `github/codeql-action/upload-sarif` action. - [mix lei.sbom](Mix.Tasks.Lei.Sbom.md): Analyze a git repository and produce an SBOM in CycloneDX 1.4 or SPDX 2.3 JSON format. Bus-factor risk scores from LowEndInsight are embedded as custom properties. - [mix lei.scan](Mix.Tasks.Lei.Scan.md): This is used to run a LowEndInsight scanner against a project. - [mix lei.zarf_gate](Mix.Tasks.Lei.ZarfGate.md): Run LEI supply chain risk analysis as a pre-package gate for Zarf.