AppThreat / atomLinks
atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.
β84Updated this week
Alternatives and similar repositories for atom
Users that are interested in atom are comparing it to the libraries listed below
Sorting:
- π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.β42Updated last year
- Code Hierarchy Exploration Net (chen)β24Updated last week
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and oβ¦β79Updated this week
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebasβ¦β160Updated last year
- Manager of 14 third-party sources comprising approximately 4,000 Semgrep rules πβ98Updated last month
- A very simple open source implementation of Google's Project Naptimeβ184Updated 10 months ago
- Trail of Bits Testing Handbook - appsec.guideβ92Updated this week
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.2, purl, and versβ¦β135Updated this week
- An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.β301Updated this week
- Focused malicious code detection ruleset, with a high protection-to-noise ratioβ142Updated 11 months ago
- Browser based Privacy Aware SBoM Explorationβ27Updated last month
- SAST + LLM Interprocedural Context Extractorβ176Updated 3 months ago
- future-proof vulnerability detection benchmark, based on CVEs in open-source reposβ63Updated this week
- A place to systematically store software bill of materials (SBOM) documents.β50Updated 2 years ago
- Sharing software supply chain security open source projectsβ53Updated 3 years ago
- A static analyzer powered by AIβ23Updated last year
- Low-effort reachability analysis for third-party code vulnerabilities.β22Updated 2 years ago
- β52Updated last year
- Data about all known supply-chain attacks through historyβ63Updated 8 months ago
- AI-Native Static Code Analysis for modern security teams. Built for finding vulnerabilities, advanced structural search, derive insights β¦β97Updated this week
- Automated vulnerability discovery and annotationβ68Updated last year
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,β¦β139Updated 2 years ago
- Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification.β75Updated 2 years ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β68Updated 7 months ago
- Autogrep automates Semgrep rule generation and filtering by using LLMs to analyze vulnerability patches, enabling automatic creation of hβ¦β72Updated 11 months ago
- ChainReactor is a research project that leverages AI planning to discover exploitation chains for privilege escalation on Unix systems. Tβ¦β58Updated last year
- CodeQL queries developed by Trail of Bitsβ144Updated 3 weeks ago
- A comprehensive list of software composition analysis tools.β162Updated 3 months ago
- πA cutting edge context aware GraphQL API fuzzing tool!β156Updated this week
- Metis is an open-source, AI-driven tool for deep security code reviewβ465Updated this week