Which languages/platforms are supported?
What are the Stability and Security badges?
What is a project?
How frequently would Meterian scan my project?
What are Meterian Accounts, Members & Plans?
What is an analysis?
What’s in a Report?
What is the difference between Basic and Full API access?
What is the difference between License Inventory and License Risk Analysis?
How does Meterian prevent vulnerabilities from being released?
I found a problem/have a suggestion. Who can I contact?
Meterian provides continuous security when integrated into CI pipelines. It continuously scans your code and highlights possible security issues or serious defects in your dependencies. The result is a project report that summarises all the steps you need to improve your code.
At the moment we support:
- Java applications built with Maven or Gradle
- Nodejs applications built with NPM
- Microsoft applications written in .NET
- Classic Ruby application
Our Free Plan, running on public Github repositories, operates with a variable schedule depending on the platform load. You can expect your project to be scanned every 2.5 hours.
If you are on a paid plan, it depends on the which one you are.
What is a project?
A project is a single code repository, a codebase you want to analyse.
Each account created can have one or more members. Your plan limits the number of members you can have on the account. Paid plan accounts manage members and roles for your organisation, giving each member the right level of access to your information. A member is any user you would like to have access to your account’s plan benefits. Meterian does not enforce any limit to the number of developers that can contribute to a code base. A member can be assigned any of these roles:
- Administrator – full access to the account. Each account must have at least one administrator
- Collaborator – limited access to manage projects, can run scans
- Viewer – access to view online reports only
An analysis is triggered on our server when the client application is used against a codebase. Every run of the client counts as one analysis. All analyses are free for open source projects as long as the client detects this.
Every Meterian analysis generates a report which is immediately available in HTML format. Reports are available as HTML, JSON, TXT formats for all plans and paid plans include PDF formats. Reports include an evaluation of:
- Security – a detailed assessment of known vulnerabilities affecting components in your project
- Stability – upgrade paths for each component (patch / minor / major)
- Licensing – list of all the licenses used by each component (and the associated risk score if included in your plan)
The report contains a score of 0 to 100 for each of these dimensions. Read our blog post on how the score is calculated.
With Basic API access, you can request all information related to your project by sending your project id. Full API access lets you request information on a specific library/version, and in general to execute any function bypassing completely the web UI. For details on API, see our API documentation.
All paid plans provide the License Inventory, which is a list of all components and their licenses as detected in Meterian’s scan. The License Risk Analysis includes the License Inventory and checks they are in compliance with your policies, which any administrator on the account can specify in the Account Dashboard’s Policies section. For example, to avoid the infection effect of specific open source software, such as GPL or Affero, policies can be defined to ban such components.
When configuring the client on your continuous integration system, you can set the threshold value of acceptable security, stability, and licensing scores by defining a number between 0 and 100 for each dimension of analysis. If the analysis scores are lower than the threshold values, the Meterian client blocks the code base from progressing further in your continuous integration pipeline.
Please send an email to firstname.lastname@example.org