The Analyze Command¶
The analyze command give you a quick overview of
contributors profiles that can be potentially considered
as suspicious.
$ defected analyze [OPTIONS]
You can list all the available options by using:
$ defected analyze -h
Examples of Usage¶
To analyze timezone changes on local git repository for:
$ defected analyze
You are also able to analyze a remote repository. The following command analyze a remote repository by providing its URL:
$ defected analyze --repo https://github.com/user/repo.git
If you want to ease your investigation you can filter only on suspicious results. The follow command display and export only contributors flagged as suspicious:
$ defected analyze --only-suspicious
$ # or
$ defected analyze \
--repo https://github.com/user/repo.git \
--only-suspicious
Examples Output¶
Here is an example of terminal output:
Extracting Git logs...
150 commits extracted.
Analyzing timezones with a threshold of 2 timezone changes...
Showing only suspicious results:
author email total_commits unique_timezones timezone_changes suspicious
0 Alice Smith alice@example.com 45 3 4 True
1 Bob Johnson bob@example.com 30 2 3 True
Saving analysis to 'timezone_analysis.csv'...
Analysis saved.
Or CSV output:
author |
total_commits |
unique_timezones |
timezone_changes |
suspicious |
|
|---|---|---|---|---|---|
Alice Smith |
45 |
3 |
4 |
True |
|
Bob Johnson |
30 |
2 |
3 |
True |
If you want to go further in your investigation we invite you take a look at the The Inspect Command.
Note
If you want to go further in your own investigation you can take a look to our cold cases to see the patterns revealed in real cases attacks, you might find it informative: