[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-6461":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":23,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":36,"readmeContent":37,"aiSummary":38,"trendingCount":16,"starSnapshotCount":16,"syncStatus":39,"lastSyncTime":40,"discoverSource":41},6461,"suricata","OISF\u002Fsuricata","OISF","Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.","https:\u002F\u002Fsuricata.io",null,"C",6388,1725,176,80,0,4,27,158,18,97.21,"GNU General Public License v2.0",false,"main",[26,27,28,29,30,31,32,33,34,5,35],"cybersecurity","ids","intrusion-detection-system","intrusion-prevention-system","ips","network-monitor","network-monitoring","nsm","security","threat-hunting","2026-06-12 04:00:28","# Suricata\n\n[![Fuzzing Status](https:\u002F\u002Foss-fuzz-build-logs.storage.googleapis.com\u002Fbadges\u002Fsuricata.svg)](https:\u002F\u002Fbugs.chromium.org\u002Fp\u002Foss-fuzz\u002Fissues\u002Flist?sort=-opened&can=1&q=proj:suricata)\n[![codecov](https:\u002F\u002Fcodecov.io\u002Fgh\u002FOISF\u002Fsuricata\u002Fbranch\u002Fmain\u002Fgraph\u002Fbadge.svg?token=QRyyn2BSo1)](https:\u002F\u002Fcodecov.io\u002Fgh\u002FOISF\u002Fsuricata)\n\n## Introduction\n\n[Suricata](https:\u002F\u002Fsuricata.io) is a network IDS, IPS and NSM engine\ndeveloped by the [OISF](https:\u002F\u002Foisf.net) and the Suricata community.\n\n## Resources\n\n- [Home Page](https:\u002F\u002Fsuricata.io)\n- [Bug Tracker](https:\u002F\u002Fredmine.openinfosecfoundation.org\u002Fprojects\u002Fsuricata)\n- [User Guide](https:\u002F\u002Fdocs.suricata.io)\n- [Dev Guide](https:\u002F\u002Fdocs.suricata.io\u002Fen\u002Flatest\u002Fdevguide\u002Findex.html)\n- [Installation Guide](https:\u002F\u002Fdocs.suricata.io\u002Fen\u002Flatest\u002Finstall.html)\n- [User Support Forum](https:\u002F\u002Fforum.suricata.io)\n\n## Contributing\n\nWe're happily taking patches and other contributions. Please see our\n[Contribution\nProcess](https:\u002F\u002Fdocs.suricata.io\u002Fen\u002Flatest\u002Fdevguide\u002Fcontributing\u002Fcontribution-process.html)\nfor how to get started.\n\nSuricata is a complex piece of software dealing with mostly untrusted\ninput. Mishandling this input will have serious consequences:\n\n* in IPS mode a crash may knock a network offline\n* in passive mode a compromise of the IDS may lead to loss of critical\n  and confidential data\n* missed detection may lead to undetected compromise of the network\n\nIn other words, we think the stakes are pretty high, especially since\nin many common cases the IDS\u002FIPS will be directly reachable by an\nattacker.\n\nFor this reason, we have developed a QA process that is quite\nextensive. A consequence is that contributing to Suricata can be a\nsomewhat lengthy process.\n\nOn a high level, the steps are:\n\n1. GitHub-CI based checks. This runs automatically when a pull request\n   is made.\n2. Review by devs from the team and community\n3. QA runs from private QA setups. These are private due to the nature\n   of the test traffic.\n\n### Overview of Suricata's QA steps\n\nOISF team members are able to submit builds to our private QA\nsetup. It will run a series of build tests and a regression suite to\nconfirm no existing features break.\n\nThe final QA runs takes a few hours minimally, and generally runs\novernight. It currently runs:\n\n- extensive build tests on different OS', compilers, optimization\n  levels, configure features\n- static code analysis using cppcheck, scan-build\n- runtime code analysis using valgrind, AddressSanitizer,\n  LeakSanitizer\n- regression tests for past bugs\n- output validation of logging\n- unix socket testing\n- pcap based fuzz testing using ASAN and LSAN\n- traffic replay based IDS and IPS tests\n\nNext to these tests, based on the type of code change further tests\ncan be run manually:\n\n- traffic replay testing (multi-gigabit)\n- large pcap collection processing (multi-terabytes)\n- fuzz testing (might take multiple days or even weeks)\n- pcap based performance testing\n- live performance testing\n- various other manual tests based on evaluation of the proposed\n  changes\n\nIt's important to realize that almost all of the tests above are used\nas acceptance tests. If something fails, it's up to you to address\nthis in your code.\n\nOne step of the QA is currently run post-merge. We submit builds to\nthe Coverity Scan program. Due to limitations of this (free) service,\nwe can submit once a day max.  Of course it can happen that after the\nmerge the community will find issues. For both cases we request you to\nhelp address the issues as they may come up.\n\n## FAQ\n\n__Q: Will you accept my PR?__\n\nA: That depends on a number of things, including the code\nquality. With new features it also depends on whether the team and\u002For\nthe community think the feature is useful, how much it affects other\ncode and features, the risk of performance regressions, etc.\n\n__Q: When will my PR be merged?__\n\nA: It depends, if it's a major feature or considered a high risk\nchange, it will probably go into the next major version.\n\n__Q: Why was my PR closed?__\n\nA: As documented in the [Suricata GitHub\nworkflow](https:\u002F\u002Fdocs.suricata.io\u002Fen\u002Flatest\u002Fdevguide\u002Fcontributing\u002Fgithub-pr-workflow.html),\nwe expect a new pull request for every change.\n\nNormally, the team (or community) will give feedback on a pull request\nafter which it is expected to be replaced by an improved PR. So look\nat the comments. If you disagree with the comments we can still\ndiscuss them in the closed PR.\n\nIf the PR was closed without comments it's likely due to QA\nfailure. If the GitHub-CI checks failed, the PR should be fixed right\naway. No need for a discussion about it, unless you believe the QA\nfailure is incorrect.\n\n__Q: The compiler\u002Fcode analyser\u002Ftool is wrong, what now?__\n\nA: To assist in the automation of the QA, we're not accepting warnings\nor errors to stay. In some cases this could mean that we add a\nsuppression if the tool supports that (e.g. valgrind, DrMemory). Some\nwarnings can be disabled. In some exceptional cases the only\n'solution' is to refactor the code to work around a static code\nchecker limitation false positive. While frustrating, we prefer this\nover leaving warnings in the output. Warnings tend to get ignored and\nthen increase risk of hiding other warnings.\n\n__Q: I think your QA test is wrong__\n\nA: If you really think it is, we can discuss how to improve it. But\ndon't come to this conclusion too quickly, more often it's the code\nthat turns out to be wrong.\n\n__Q: Do you require signing of a contributor license agreement?__\n\nA: Yes, we do this to keep the ownership of Suricata in one hand: the\nOpen Information Security Foundation. See\nhttp:\u002F\u002Fsuricata.io\u002Fabout\u002Fopen-source\u002F and\nhttp:\u002F\u002Fsuricata.io\u002Fabout\u002Fcontribution-agreement\u002F\n","Suricata 是一个由 OISF 和 Suricata 社区共同开发的网络入侵检测系统（IDS）、入侵防御系统（IPS）和网络安全监控引擎。它采用 C 语言编写，具备强大的流量分析能力，支持多种协议解析与威胁检测规则，并且能够实时处理高速网络流量。该软件特别适合用于企业级环境中的边界防护、内部网络监控以及安全事件响应等场景。通过其丰富的功能集如深度包检测、自动协议识别及多线程处理机制，Suricata 能够有效帮助组织发现并阻止潜在的安全威胁。",2,"2026-06-11 03:07:06","top_language"]