A student project intended to help provide a "Jumpstart" for people interested in deploying the OSPS Security Baseline.
by Kiran Chana, Kavoi Mutisya, & Will Sergeant
You can run BaseJump in two ways:
python main.py: use this if your current Python environment already has the required packages installed.uv: use this if you want the repo to create and manage its own local environment for you.
In other words, uv is not required for BaseJump itself. It is just the easiest way to get a consistent setup from a fresh clone.
If you already have a compatible Python and the required dependencies installed, this works:
python main.py --repo google/jsonnetuv sync
uv run python main.py --repo google/jsonnetWhy use uv?
- it creates a local virtual environment for this repo
- it installs the dependencies declared by the project
- it avoids depending on whatever happens to be installed globally on your machine
To scan the checked-in package list instead of a single repository:
uv run python main.py --repos-file basejump/inputs/baseJump_final_package_list.yamlIf you want higher GitHub API limits, copy .env.example to .env and set GITHUB_PAT_TOKEN. Without it, BaseJump still runs against public repositories with GitHub's unauthenticated rate limits.