AppThreat / atomLinks
atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.
β73Updated last week
Alternatives and similar repositories for atom
Users that are interested in atom are comparing it to the libraries listed below
Sorting:
- π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.β41Updated 9 months ago
- Code Hierarchy Exploration Net (chen)β21Updated this week
- A very simple open source implementation of Google's Project Naptimeβ169Updated 6 months ago
- Manager of third-party sources of Semgrep rules πβ88Updated last year
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and oβ¦β78Updated 2 weeks ago
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebasβ¦β152Updated last year
- An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.β239Updated this week
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and versβ¦β129Updated last month
- CodeQL queries developed by Trail of Bitsβ124Updated 3 weeks ago
- Trail of Bits Testing Handbookβ81Updated 2 months ago
- Low-effort reachability analysis for third-party code vulnerabilities.β21Updated 2 years ago
- An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced struβ¦β78Updated this week
- Data about all known supply-chain attacks through historyβ60Updated 4 months ago
- ChainReactor is a research project that leverages AI planning to discover exploitation chains for privilege escalation on Unix systems. Tβ¦β52Updated 11 months ago
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,β¦β137Updated last year
- Focused malicious code detection ruleset, with a high protection-to-noise ratioβ127Updated 7 months ago
- SAST + LLM Interprocedural Context Extractorβ113Updated last month
- β88Updated 8 months ago
- A collection of Semgrep rules which followed security guidelines for .NET and Java.β23Updated 4 years ago
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β137Updated 6 months ago
- β48Updated last year
- future-proof vulnerability detection benchmark, based on CVEs in open-source reposβ60Updated last week
- A coverage-guided REST API fuzzer developed on top of LibAFLβ141Updated this week
- Automated vulnerability discovery and annotationβ66Updated last year
- β149Updated last month
- Demonstrates how a malicious dependency could negatively impact the build output.β24Updated 2 years ago
- Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification.β74Updated 2 years ago
- boostsecurityio/lotpβ134Updated 5 months ago
- Monthly CVE Statsβ43Updated last week
- Autogrep automates Semgrep rule generation and filtering by using LLMs to analyze vulnerability patches, enabling automatic creation of hβ¦β49Updated 7 months ago