Which languages/platforms are supported?
What are the Stability and Security badges?
What is a project?
How frequently would Meterian scan my project?
What are Meterian Accounts, Members & Plans?
What is an analysis?
What’s in a report?
What is the difference between Basic and Full API access?
What is the difference between Licence Inventory and Licence Risk Analysis?
How does Meterian prevent vulnerabilities from being released?
I found a problem/have a suggestion. Who can I contact?
Meterian is a continuous security platform. When integrated into CI pipelines, it continuously scans your code and highlights possible security issues or serious defects in your dependencies. The result is a project report that summarises all the steps you need to improve your code.
At the moment we support:
- Java applications built with Maven or Gradle
- Nodejs applications built with NPM
- Microsoft applications written in .NET, in various styles and languages, and using NuGet
- Ruby application built with Bundler
- PHP application built with Packagist
- Python applications built with Pipenv (or requirements.txt)
- Scala applications
- Android/Kotlin applications
Our Free Plan, running on public Github repositories, operates with a variable schedule depending on the platform load. You can expect your project to be scanned every 2.5 hours.
If you are on a paid plan, it depends on its limits.
What is a project?
A project is a single code repository, a codebase you want to analyse.
Each account created can have one or more members. Your plan may limit the number of members you can have on the account. Paid plan accounts manage members and roles for your organisation, giving each member the right level of access to your information. A member is any user you would like to have access to your account’s plan benefits. Meterian does not enforce any limit to the number of developers that can contribute to a codebase. A member can be assigned any of these roles:
- Administrator – full access to the account. Each account must have at least one administrator
- Collaborator – limited access to manage projects, can run scans
- Viewer – access to view online reports only
An analysis is triggered on our server when the client application is used against a codebase. Every run of the client counts as one analysis. All analyses are free for open source projects as long as the client detects this.
Meterian can immediately provide reports in HTML, JSON, TXT and PDF formats depending on your subscription plan. Enterprise plans benefit from custom report formats too. Reports include an evaluation of:
- Security – a detailed assessment of known vulnerabilities affecting components in your project
- Stability – upgrade paths for each component (patch / minor / major)
- Licensing – list of all the licences used by each component (and the associated risk score if included in your plan)
The report contains a score of 0 to 100 for each of these dimensions. Read our blog post on how the score is calculated.
With Basic API access, you can request all information related to your project by sending your project id. Full API access lets you request information on a specific library/version, and in general to execute any function bypassing completely the web UI. For details on API, see our API documentation.
Professional and Enterprise plans provide the Licence Inventory, which is a list of all components and their licences as detected in Meterian’s scan. The Licence Risk Analysis includes the Licence Inventory and checks they are in compliance with your policies, which any administrator on the account can specify in the Account Dashboard’s Policies section. For example, to avoid the infection effect of specific open source software, such as GPL or Affero, policies can be defined to ban such components.
When configuring the client on your continuous integration system, you can set the threshold value of acceptable security, stability, and licensing scores by defining a number between 0 and 100 for each dimension of analysis. If the analysis scores are lower than the threshold values, the Meterian client blocks the codebase from progressing further in your continuous integration pipeline.
Please send an email to email@example.com