The billing model for the Advanced plan is based on the number of groups and the authors' monthly activity, specifically focusing on changes made to the source code within the platform's registered repositories.

The billing begins on the first business day of each month, with the generation of the previous month's author list. This list is manually reviewed to eliminate any duplicate authors, as an author might have used other accounts to make some commits in addition to those made using their primary email/account. Fluid Attacks then employs this refined list to calculate the organization's billing for the month.

It's crucial to clarify that billing is conducted based on the date commits are merged into the configured branch within the platform, not their creation date. This approach ensures that code analysis begins from that particular moment forward.

Due to this, it's possible for the billing to include authors who didn't commit during the month being billed. This situation may arise when changes are made in branches prior to the final version (pre-release), and subsequently, these commits are integrated into the branch with an active continuous hacking service. It's important to note that the date we observe a commit may not coincide with its original authorship date.

Caution: Modifying the Git history may result in additional charges.

Author identification

Through this process, we obtain all the authors (developers) who made changes (additions, modifications, deletions) to the source code within a corresponding period. To accomplish this, we rely on the Git history information of each repository, focusing solely on the branch configured within the platform.

The diagram above illustrates the procedure necessary for generating the authors' report. This process begins when the user adds a repository to the platform, specifying the branch in which Continuous Hacking is activated. This branch is then cloned for commit extraction. Subsequently, two asynchronous tasks are carried out, as detailed below:

Commits extraction

This procedure entails extracting all commits from the Git history, which includes details such as the author's name and email, the unique hash, the commit date, the associated message, and the change summary (including deltas and total files). These steps are crucial and occur at two key stages.

• At first, when the repository is initially registered on Fluid Attacks' platform, the pre-existing commits in the repository are identified and recorded, which are not included in the billing.
• Every day, recent changes from the source code are extracted, and the date of their identification is logged for subsequent billing purposes.

Finally, all the information is stored in Fluid Attacks' Redshift database.

Billing report generation

In this phase, the process involves eliminating duplicate commits and consolidating information gathered from all organization repositories. These lists include author names, the groups they have contributed to, commit IDs, and repository names, each providing an example for every author.

Note: In the process, a commit's uniqueness is determined by the absence of duplications in the information. This validation encompasses fields like the author's name, email, date of authorship, and message content. Any alteration in these aspects renders the commit eligible for billing inclusion.

Billing section in the organization.