What is Fedr8's Green Rain product?
Green Rain is a suite of software that provides you with a highly detailed analysis of the source code of your application. Identify exactly how and where your application integrates into other services and applications.
How does it work?
Green Rain consists of series of ‘engines’ that allow Fedr8 to forensically analyse your application. Each engine dives deeper in to the source code providing an extremely granular view of the application. To do this, Fedr8 use a mixture of established mathematical principles, proven big data analytical components and cutting edge lexical analysis developed by our data scientists.
After uploading your application in to Green Rain, the various engines set to work to deconstruct your application into many, often millions of tiny pieces (tokens), essentially uncovering the DNA of your application. Each token is assigned metadata that allows us to consistently describe each component of the application in a consistent manner.
These tokens and the associated metadata then populate a complex database, against which a series of highly complex queries are performed to uncover the information detailed within this report.
The Method by which the analysis occurs is described below:

What will the output from my analysis tell me?
The report will provide you with a deep insight into your application and will help you answer the following questions:
- How much effort is required to migrate and integrate my application into new platforms?
- How much will it cost to migrate and integrate my application into new platforms?
- How easy is it for me to continue development and support of my application?
Furthermore, a detailed statement of work is provided within Green Rain to enable accelerated digital transformation of your application. For each section Green Rain details the exact lines of code requiring remediation which can be sorted by complexity and assigned to specific developers to enable parallel refactoring of your application with optimised resource alignment to each task.
How will this information help me?
This information can provide you with significant benefits, which include, but are not limited to:
- Accelerate digital transformation
- Reduce cost of digital transformation
- Increase your competitive advantage when acquiring software companies and assets
- Optimise your ongoing application development and management strategies
How does Green Rain protect my source code?
We know your code is extremely important to you and your business, and we're very protective of it. After all, Fedr8's code is hosted on Fedr8, too!
Source Code Storage
Fedr8 do not store your source in their system. As the source code is uploaded we tokenize the data and store the tokens in a data base. The tokens are not in a human readable format and cannot be reconstituted in to the original source code.
Communications
All private data exchanged with Fedr8 and Green Rain is always transmitted over SSL (which is why your dashboard is served over HTTPS, for instance). Likewise all internal communication between Green Rain is completed over HTTPS and authenticated with OAuth Tokens.
File system and backups
As we don’t store your data in its native format on a permanent basis we do not use any traditional file systems and as such do not need to back them up. The tokenized data we hold is within a Database Service that is replicated and backed up across multiple servers and storage systems. The databases are clustered for availability and data integrity.
Employee access
No Fedr8 employees ever access private repositories unless required to for support reasons. Staff working directly in the database access the compressed database, your code is never presented as plain text files like it would be in a local clone. Support staff may sign into your account to access settings related to your support issue. It is not possible for our staff to pull a clone of your code. When working a support issue we do our best to respect your privacy as much as possible, we only access the files and settings needed to resolve your issue.
Maintaining security
We protect your login from brute force attacks with rate limiting. Login information is always sent over SSL.
Contact Us
Have a question, concern, or comment about Green Rain security? Please contact Fedr8 support.
Is my data shared with anyone outside of Fedr8?
Please refer to our Privacy Policy
How is remediation calculated?
Calculations of defect discovery and remediation
In order to calculate effort and costs of discovery and remediation, we make a number of assumptions based upon our experience in reviewing and developing code. We are also able to use data that Green Rain collects as the application is analysed.
We make a comparison between manual discovery which would consist of a developer manually reviewing the code, versus an automated discovery using Green Rain .
Measurements in the automated discovery step give impact to subsequent defect remediation by enabling distribution of tasks and a number of developers working in parallel. The process differences and assumed resources involved are described below.
Discovery | Remediation | |
---|---|---|
Manual |
|
|
Automated |
|
|
We assign different remediation velocity for each developer tier and assume fixed working hours per day to calculate total activity time as defined below. To calculate the cost of each activity we multiply the total activity duration for each developer by their individual hourly rates, sum it up and add licence costs where applicable.
Junior | Mid | Senior | |
---|---|---|---|
Hourly rate (fully burdened / loaded) | $46.20 | $92.40 | $139.20 |
Velocity (Time to remediate a single defect) | 14 minutes | 11 minutes | 10 minutes |
Number of working hours per day | 8 hours |
Sample Calculation
The sample calculation below is based on a number of assumptions that come from data points available to us around average application sizes and average number of defects discovered etc. From these base lines we are able to provide a view around the acceleration in time and the reduction in cost of using Green Rain.
Average Lines of Code (LOC) per application | 300000 |
Average discovery/app | 45 man days |
Average % defects identified | 1% |
Senior Dev hourly rate (loaded) | $138.99 |
Mid Dev hourly rate (loaded) | $92.60 |
Junior Dev hourly rate (loaded) | $46.37 |
Complex tasks (senior dev) | 10% of defects |
Mid Level Tasks (mid dev) | 30% of defects |
Low Level Tasks | 60% of defects |
Manual Discovery Calculation
Discovery Effort | 45 days |
Discovery Resource (Senior Dev) /hr | $139.20 |
Total | $50,112.00 |
Automated Discovery Calculation
Discovery Effort | 1 day |
Discovery Resource (Senior Dev) /hr | $139.20 |
Full Application Analysis Licence | $20,000 |
Total | $21,113.60 |
Traditional Manual Remediation Calculation
LOC requiring remediation | 3000 |
Minutes per LOC | 10 |
Total hours of remediation activity | 500 |
Discovery Resource (Senior Dev) /hr | $139.20 |
Total | $69,500 |
Automated Remediation Calculation
LOC requiring remediation | 3000 |
Low Level LOC | 1800 |
Mid Level LOC | 900 |
Complex Level LOC | 300 |
Low level hours of remediation activity | 420 |
Mid level hours of remediation activity | 165 |
Senior level hours of remediation activity | 50 |
Total | $27,885.60 |
General terminology
Brief overview of Green Rain's Process
Green Rain's process can be split into a number of engines, with increasing complexity. Initially the code is run through an engine called 'Alice' , where geographic investigation is completed. A complete map of your codebase is generated from all objects/files in the scope of your root directory, all of these files are created as nodes*. Core geographic relationships are also built at this stage. Finally Alice looks for resource relationships* between nodes. These nodes and relationships are then passed to the 'Alex' engine where lexical analysis is completed and abstraction of data occurs, all script files in scope are scanned and each token is individually inspected in isolation as well as in context to the rest of the codebase. Alex then adds to the nodes as well as building new relationships. Alex also completes scans for products* and vulnerabilities. Warnings* are raised based on severity of vulnerability. A third engine 'Phil' is then passed the updated nodes and relationships and uses common queries that target the tokens as well as compound token/token meta data to scan for further vulnerabilities and data connectivity.
Token
A token is the smallest part of your code that is available to interrogate, think of it as a single word, all tokens have abstracted metadata which is defined by Fedr8 and is used for filtering and querying token data.
Objects/Nodes
Everything we analyze is a 'Node'. Generally this refers to an analyzed script. Any object inside the core/root directory is created as a node inside Fedr8, nodes have a wide range of attributes that are used to select individual groups or types for processing.
Geographical Analysis
Occurs inside the 'Alice' engine, and is effectively an intelligent recursive directory scanner that captures all objects inside the root directory and performs intelligent classification as well as calculating the interconnectivity of scripts.
Lexical Analysis
The process of 'dis-assembling' nodes into tokens. Occurs inside the 'Alex' engine, and is an extremely low level engine designed for interrogating each individual token* and building complex metadata around that token.
Relationships
A relationship is the function by which two nodes are connected. Each node has a number of relationships that describe how it interacts with the rest of the script base, there are a range of relationship types that are used to help filter nodes for processing.
Acceptable Use Policy
Fedr8’s Acceptable Use Policy for Green Rain Software-as-a-Service
Version 022017
This Acceptable Use Policy ("Policy") outlines unacceptable use of Fedr8 Software-as-a-Service (SaaS), which interact with, or access, the Internet (the "Services"). This Policy is in addition to any other terms and conditions under which Fedr8 provides the Services to you.
Fedr8 may make reasonable modifications to this Policy from time to time by posting a new version of this document on the Fedr8 website at the current URL. Revisions are effective immediately upon posting. Accordingly, we recommend that you visit the Fedr8 website regularly to ensure that your activities conform to the most recent version.
Questions about this Policy (e.g. whether any contemplated use is permitted) and reports of violations of this Policy should be directed to support@fedr8.com
The examples listed in this Policy are not exhaustive. Prohibited uses and activities include, without limitation, any use of the Services in a manner that, in Fedr8’s reasonable judgment, involves, facilitates, or attempts any of the following:
- violating any law of, or committing conduct that is tortuous or unlawful in, any applicable jurisdiction
- displaying, performing, sending, receiving or storing any content that is obscene, pornographic, lewd, lascivious, or excessively violent, regardless of whether the material or its dissemination is unlawful
- advocating or encouraging violence against any government, organization, group, individual or property, or providing instruction, information, or assistance in causing or carrying out such violence, regardless of whether such activity is unlawful
- accessing, sending, receiving, displaying, performing, disclosing, storing, or executing any content a) in violation of any copyright, right of publicity, patent, trademark, service mark, trade name, trade secret or other intellectual property right, b) in violation of any applicable agreement, or c) without authorization
- deleting or altering author attributions, copyright notices, or trademark notices, unless expressly permitted in writing by the owner
- obtaining unauthorized access to any system, network, service, or account
- interfering with service to any user, site, account, system, or network by use of any program, script, command, or otherwise
- introducing or activating any viruses, worms, harmful code and/or Trojan horses
- sending or posting unsolicited messages or e-mail, whether commercial or not, a) to any recipients who have requested that messages not be sent to them, or b) to a large number of recipients, including users, newsgroups, or bulletin boards, at one time
- evading spam filters, or sending or posting a message or e-mail with deceptive, absent, or forged header or sender identification information
- holding Fedr8 or its affiliates up to public scorn or ridicule and/or reselling Fedr8’s services, in whole or in part, to any entity or individual, without Fedr8’s prior written consent, or misrepresenting your relationship with Fedr8