[guydalf]

Just wanted to introduce myself as the lead developer on the tool. Valid comments and questions have been dropped here and I've responded to a couple of them already by posting clarifications below and on the project wiki. Yes we are thinking of using the tool for repos like NuGet and maybe Github as a service that automatically identifies detected features for each component. Stay tuned and keep the ideas coming. Happy to answer any further questions.

[austincheney]

I ran this against a file sharing application I am working on and the results were strange. Security features were supremely emphasized, even security concepts I didn’t realize I was focusing energy on. I am not saying the tool is wrong, but just that it picked security better than I had intentionally considered. No other features were highlighted though, so you still have no idea what the application is doing.

https://github.com/prettydiff/share-file-systems

[proncton]

My team has been desperately searching for something like this. We actually started the effort to build our own, and were well into the prototyping phase. You may see some contributions from us in the future.

[guydalf]

smile

[Mountain_Skies]

Maybe someday it can also work with Azure Devops to produce report artifacts as part of a build pipeline.

[guydalf]

we like -keep the ideas coming!

[Qahlel]

as a non-dev, may I ask what this is?

[guydalf]

Over 93% of new software applications today use open source from public repositories of source code or other third party code and average over 100 components code that they didn't directly write. Often they have only a partial understanding of what is in them due to time constraints to release their products. That's a big attack surface and knowing what is in the code that developers choose to build their products with is becoming urgent. This tool scans code and reports the types of features found in it to help developers decide whether it does more than they expected from a features standpoint. See the project site and wiki for more https://github.com/Microsoft/ApplicationInspector

[resters]

This has been sorely needed for a long time. Thank you for building it!