Scans a given directory for software of unknown provinence (SOUP) and dumps them in a json-file

Overview

souper

Scans a given directory for potential software of unknown provinence (SOUP) and writes them to a json-file. The json-file contains name, version and a meta property for each SOUP. The meta property is a json object which may be populated with arbitrary metadata. If you run souper after the version of a SOUP has been updated, the json-file will be updated with the new version, while preserving content of the meta property. If a SOUP has been added or removed, the json-file will be updated accordingly.

Why? In order to be compliant with standards such as IEC 62304, you might need to maintain documentation related to software of unknown provinence (SOUP). With souper you can keep this documentation close to your source code and have it updated together with the relevant changes.

An example of how the output may look like can be found here.

Souper will attempt to identify SOUPs from the following sources:

  • package.json (npm)
  • *.csproj (ASP.NET)
  • Cargo.toml (rust)
  • Dockerfile
    • base images
    • packages installed with apt(-get)

Installation

  1. Grab binary for your OS from the latest release
  2. Extract the downloaded file: tar xvf <-FILENAME->
  3. Make sure the extracted executable is present in your PATH

Usage

Navigate to to the repository where you'd like to run souper.

souper --output-file soups.json

Alternatively, you can run souper from any directory:

souper --directory /path/to/my/repo --output-file soups.json

Excluding directories

In case there's a directory that you'd like to skip, use the --exclude-directory argument.

souper --output-file soups.json --exclude-directory ./test/

Default meta keys

If you know what properties that you'd like in the meta property, you can have them created automatically by using the --meta-key argument.

souper --output-file soups.json --meta-key requirements --meta-key manufacturer

Create a release

  1. On your feature branch, bump to a proper version number in Cargo.toml
  2. Create, review and complete a pull request
  3. Tag latest commit on the main branch with the version set in Cargo.toml
    • E.g. git tag v6.6.6
  4. Push tags
    • git push origin --tags
You might also like...
🧵 Generate self-describing strings of a given length to help aid software testing
🧵 Generate self-describing strings of a given length to help aid software testing

rust-counter-strings Counter strings generator written in rust to help aid software testing What is a counterstring? "A counterstring is a graduated s

Try to find the correct word with only first letter and unknown letter count

Try to find the correct word with only first letter and unknown letter count

try to find the correct word with only first letter and unknown letter count.

MOTUS Current dictionaries are provided in french and can contain some words not included in the official Motus dictionary. Additionally, dictionaries

Firecracker takes your HTTP logs and uses them to map your API flows and to detect anomalies in them.
Firecracker takes your HTTP logs and uses them to map your API flows and to detect anomalies in them.

Who is BLST and what do we do? BLST (Business Logic Security Testing) is a startup company that's developing an automatic penetration tester, replacin

mach-dump can parse Mach-O core dumps taken with lldb from macOS and iOS devices.

mach-dump mach-dump can parse Mach-O core dumps taken with lldb from macOS and iOS devices. It has no external dependencies. Example use std::path::Pa

Scans for indications of an XSS vuln, Oracle SQLi and filters out words containing MySQL

RustScan Scans for indications of an XSS vuln, Oracle SQLi and filters out words containing MySQL. Best used along side ParamSpider found at https://g

Scans for indications of an XSS, Oracle SQLi and filters out words containing MySQL
Scans for indications of an XSS, Oracle SQLi and filters out words containing MySQL

PizzaHunt A tool to out pizza the hunt. Scans for indications of an XSS vuln (Double quote escapes) , Oracle SQLi (ORA- in response), filters out url

Image cropper (and colorizer) for pdf scans

Image cropper for personal use (might not work with your pdfs) Requires pdfimages on the path to work properly It's thought just for my workflow so is

This repo scans pypi, rubygems and hexpm for AWS keys

What is this? This is a project to try to detect any AWS access keys that are accidentally uploaded to the Python Package Index (PyPi). New uploads ar

Create virtual serial ports, connect them to physical serial ports, and create routes between them all.

Virtual Serial Port Router (vsp-router) Create virtual serial ports, connect them to physical serial ports, and create routes between them all. vsp-ro

Library for scripting analyses against crates.io's database dumps

crates.io database dumps Library for scripting analyses against crates.io's database dumps. These database dumps contain all information exposed by th

Scans the Ethereum network for USDT ERC-20 token transfer transactions

ethscan This is a Rust command line program for scanning the Ethereum blockchain for USDT transfers within a time span and amount span. prerequisites

A Rust application that inserts Discogs data dumps into Postgres

Discogs-load A Rust application that inserts Discogs data dumps into Postgres. Discogs-load uses a simple state machine with the quick-xml Rust librar

Quick & Dirty cli to process mysql dumps

mysql2databend Quick & Dirtyl CLI to process mysql dumps and clean them so they can be ingested in Databend using a regular MySQL client. Features: re

A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger.
A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger.

kdmp-parser A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger. This is a cross-platform crate that parses Window

Rust Programming Fundamentals - one course to rule them all, one course to find them...

Ultimate Rust Crash Course This is the companion repository for the Ultimate Rust Crash Course published online, presented live at O'Reilly virtual ev

A simple command line program to upload file or directory to web3.storage with optional encryption and compression
A simple command line program to upload file or directory to web3.storage with optional encryption and compression

w3s-cli A simple command line program to upload file or directory to web3.storage with optional encryption and compression. Features Uploads single fi

File Tree Fuzzer allows you to create a pseudo-random directory hierarchy filled with some number of files.

FTZZ File Tree Fuzzer allows you to create a pseudo-random directory hierarchy filled with some number of files. Installation $ cargo +nightly install

Untree converts tree diagrams produced by tree back into directory file structures.
Untree converts tree diagrams produced by tree back into directory file structures.

Untree: Undoing tree for fun and profit Untree converts tree diagrams produced by tree back into directory file structures. Let's say you have the fol

Owner
Devies
We are developers. We are devies.
Devies
Detects usage of unsafe Rust in a Rust crate and its dependencies.

cargo-geiger ☢️ A program that lists statistics related to the usage of unsafe Rust code in a Rust crate and all its dependencies. This cargo plugin w

Rust Secure Code Working Group 1.1k Jan 8, 2023
⚙️ A curated list of dynamic analysis tools for all programming languages, binaries, and more.

This repository lists dynamic analysis tools for all programming languages, build tools, config files and more. The official website, analysis-tools.d

Analysis Tools 650 Jan 4, 2023
Scans a given directory for software of unknown provinence (SOUP) and dumps them in a json-file

souper Scans a given directory for potential software of unknown provinence (SOUP) and writes them to a json-file. The json-file contains name, versio

Devies 2 Aug 26, 2022
A panic hook for wasm32-unknown-unknown that logs panics with console.error

console_error_panic_hook This crate lets you debug panics on wasm32-unknown-unknown by providing a panic hook that forwards panic messages to console.

Rust and WebAssembly 241 Jan 3, 2023
Easy c̵̰͠r̵̛̠ö̴̪s̶̩̒s̵̭̀-t̶̲͝h̶̯̚r̵̺͐e̷̖̽ḁ̴̍d̶̖̔ ȓ̵͙ė̶͎ḟ̴͙e̸̖͛r̶̖͗ë̶̱́ṉ̵̒ĉ̷̥e̷͚̍ s̷̹͌h̷̲̉a̵̭͋r̷̫̊ḭ̵̊n̷̬͂g̵̦̃ f̶̻̊ơ̵̜ṟ̸̈́ R̵̞̋ù̵̺s̷̖̅ţ̸͗!̸̼͋

Rust S̵̓i̸̓n̵̉ I̴n̴f̶e̸r̵n̷a̴l mutability! Howdy, friendly Rust developer! Ever had a value get m̵̯̅ð̶͊v̴̮̾ê̴̼͘d away right under your nose just when

null 294 Dec 23, 2022
JSON-RPC endpoint proxy that dumps requests/responses for debugging

json_rpc_snoop How to build Ensure you have cargo installed and in your PATH (the easiest way is to visit https://rustup.rs/) make This will create t

null 10 Dec 14, 2022
bin2json extract recursively file, directory of files (or disk dump) metadata to json

bin2json bin2json extract metadata from different binary file format to json. It can take in input a file, a directory containing different files, a d

null 11 Oct 6, 2022
dua (-> Disk Usage Analyzer) is a tool to conveniently learn about the usage of disk space of a given directory

dua (-> Disk Usage Analyzer) is a tool to conveniently learn about the usage of disk space of a given directory. It's parallel by default and will max

Sebastian Thiel 1.8k Jan 2, 2023
A WHATWG-compliant HTML5 tokenizer and tag soup parser

html5gum html5gum is a WHATWG-compliant HTML tokenizer. use std::fmt::Write; use html5gum::{Tokenizer, Token}; let html = "<title >hello world</tit

Markus Unterwaditzer 129 Dec 30, 2022
Mount portable directory as consistent user directory.

PortableDesktop Mount portable directory as consistent user directory. PortableDesktopCli help PortableDesktopCli [options] <Target Path> <Link Path>

Kerwin Bryant 3 May 8, 2023