LAGOON: An Analysis Tool for Open Source Communities

What is it about?

LAGOON is an open source platform for understanding the complex ecosystems of Open Source Software (OSS) communities, and help analysts identify bad actors who might compromise an OSS project's security. LAGOON is a reusable framework that allows ingesting artifacts from sources such as repositories and project websites, includes a user interface to visualize and explore an OSS project's social and technical history, and contains scripts to perform machine learning.

Featured Image

Photo by FLY:D on Unsplash

Photo by FLY:D on Unsplash

Why is it important?

Open source software (OSS) is responsible for many of the productivity advancements in modern software engineering, however, OSS can also directly cause failures in the projects that rely on them, with examples such as the unpublishing of Leftpad. LAGOON allows analyzing and exploring how users and other entities work together in OSS, and helps to identify vulnerabilities, bugs and potential threats that are critical for defense and many other applications.