Frequently asked questions about billing | Fluid Attacks Help

Billing FAQ

Why does a former employee appear on the billing list?

This situation could occur due to various factors:
  • Their commits may be integrated into the configured branch in the platform at a later stage.
  • The analyzed branch might not be the primary one and could have been added to the platform later, resulting in differences between commits across branches.
  • The repository could have been initially empty at registration, with subsequent merges of branches containing existing commits.

Can Fluid Attacks restrict the number of authors permitted to make commits to a repository?

No, repository management policies can only be configured by the repository administrator, and these policies might differ depending on the chosen platform.

Which users have permission to access the monthly author count or list?

Group Managers, Vulnerability Managers (groups), and Users (groups).

Will an author be charged twice if they commit to different repositories within different groups?

No, the developer can make unlimited commits, regardless of the number of repositories or groups, and they will only be billed once. The charge for a single author contributing to multiple groups is divided among all participating groups, ensuring equal distribution of costs.

Will an author be charged if they commit to excluded paths?

No. Fluid Attacks only charges for authors contributing to files in paths included in the testing scope.

How can I count the number of authors in Git repositories?

You can use a Python script provided by Fluid Attacks to count authors in one or more Git repositories. The script lists contributors and their number of commits within a given date range. It can also aggregate data from multiple subfolders and normalize identities via a .mailmap file, if required.

Script workflow:
  1. Determines the date range based on the arguments (-m or -b).
  2. Gets the relevant commits between the first and last day of a given date range.
  3. Uses git shortlog to count contributions.
  4. Applies the .mailmap file to unify aliases or duplicates.
  5. Generates a report sorted by the number of commits.
Check requirements:

Before running the script, ensure that you have the following:

  1. Python 3 installed (check by running python3 --version)
  2. Git installed (check by running git --version)
  3. A valid .mailmap file to unify contributor identities
  4. Local clones of the repositories you want to analyze
Download the script:

Download the script. Then, save it in your working directory under scripts/Get_Authors.py.

Run the script:

python3 scripts/Get_Authors.py -m 2023-05 test .mailmap

These are the arguments used to run the script:
  1. test: The path to the folder containing the repository or repositories.
  2. .mailmap: The path to the .mailmap file to be used.
  3. -m YYYY-MM (optional): Counts authors within a specific month (e.g., 2023-05)
  4. -b YYYY-MM-DD YYYY-MM-DD (optional): An alternative to -m YYYY-MM, it specifies a custom date range
  5. -u (optional): Avoids counting subfolders (subfolders are scanned by default)
Output example:

Authors of the repositories test between 01 May 2023 and 31 May 2023:
Commits     Author
42          Alice <alice@example.com>
36          Bob <bob@example.com> (NOT IN MAILMAP)
...
Total Authors = 12

If an email cannot be found in the .mailmap file, it will be flagged as '(NOT IN MAILMAP)'.

How can I count the lines of code for Health Check?

You can use a script provided by Fluid Attacks to count the effective lines of code (LoC) in your repositories, which can be useful to verify the cost of Health Check yourself. This script uses cloc and excludes files that are irrelevant to the analysis, such as documentation and styling files.

Analyzed files:

The script runs cloc with a custom configuration that uses a rules.def file to apply Fluid Attacks' language definitions and excludes the following non-code languages:

  • Documentation: Markdown

  • Styling: CSS, SASS, LESS, Stylus

  • Format/config files: JSON, XML, XAML

Check requirements:

Before running the script, ensure that you have the following:

  • Python (version 3 recommended; check by running python3 --version)

  • cloc installed and accessible in your system path

Use the script:
  1. Download the script and the rules.def file.

  2. From your terminal, run the script on your project folder:

    3. python3 scripts/Count_LoC.py /path/to/project

  3. You will then see the LoC report, followed by a message:

    4. Excluded: Markdown,CSS,SASS,LESS,Stylus,JSON,XML,XAML
    Using special FLUID Configuration

    The above message means that the script has successfully excluded non-code files and applied the standard used by Fluid Attacks.

    If cloc is not installed or cannot be found in your system path, you will see an error message prompting you to install it.