The Census II effort benefited from the contribution of private usage data by Software Composition Analysis (SCAs) and application security companies, including developer-first security company Snyk19 and Synopsys Cybersecurity Research Center (CyRC)20, who partnered with CII to advance the state of open source research. These SCA partners provided data from automated scans of production systems within their customers’ environments
OSSアプリケーションではなくて、企業のアプリケーションで使われているパッケージ (スコア:1)
npm rank [github.com]と比べても、なんだか枯れきったパッケージが多いなあという印象だったんですが、データソースは以下のようなものらしいです。
The Census II effort benefited from the contribution of
private usage data by Software Composition Analysis
(SCAs) and application security companies, including
developer-first security company Snyk19 and Synopsys
Cybersecurity Research Center (CyRC)20, who partnered
with CII to advance the state of open source research.
These SCA partners provided data from automated
scans of production systems within their customers’
environments
Software Composition Analysis(SCAs)は依存関係しらべて脆弱性があったら教えてくれるようなヤツですね。
# 別スレッド荒れてるなぁ