Alternatives and similar repositories for Surfactant

Users that are interested in Surfactant are comparing it to the libraries listed below

• shivasurya / code-pathfinder
  Code Pathfinder, the open-source alternative to GitHub CodeQL built with GoLang. Built for advanced structural search, derive insights, f…
  ☆63Updated last month
• AppThreat / atom
  atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.
  ☆68Updated last month
• kaansk / go-epss
  A Golang library for interacting with the EPSS (Exploit Prediction Scoring System).
  ☆29Updated 5 months ago
• trailofbits / testing-handbook
  Trail of Bits Testing Handbook
  ☆77Updated last month
• listendev / lstn
  A CLI tool to analyze the behavior of your dependencies using listen.dev
  ☆12Updated last week
• securesauce / precli
  Precaution CLI - command line static application security testing tool
  ☆24Updated last week
• kannkyo / epss-api
  EPSS(Exploit Prediction Scoring System) API client
  ☆18Updated 2 weeks ago
• iosifache / ossfortress
  Workshop for finding software vulnerabilities using open source tools, which includes a Goat-like Python and C application
  ☆26Updated 10 months ago
• DefectDojo / Community-Contribs
  DefectDojo Community Content
  ☆18Updated last month
• SecureStackCo / visualizing-software-supply-chain
  A project to visualize the software supply chain
  ☆51Updated last year
• trailofbits / deptective
  Deptective automatically determines the native dependencies required to run any arbitrary program or command.
  ☆77Updated last week
• chainguard-dev / self-attestation
  Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.
  ☆21Updated 2 years ago
• semgrep / semgrep-docs
  Documentation of Semgrep: a fast, open-source, static analysis tool.
  ☆41Updated this week
• CERTCC / VINCE
  VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordin…
  ☆71Updated 3 weeks ago
• jonescyber-ai / Blackfyre
  ☆29Updated 6 months ago
• jt0dd / threat-recognition
  ☆21Updated 3 years ago
• AppThreat / vulnerability-db
  Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers…
  ☆121Updated this week
• Neuroengine-vulns / autokaker
  Automated vulnerability discovery and annotation
  ☆67Updated 11 months ago
• franksec42 / Vulnerability-management-maturity
  Maturity Model Collaborative project
  ☆15Updated 2 years ago
• chainguard-dev / bom-shelter
  A place to systematically store software bill of materials (SBOM) documents.
  ☆46Updated 2 years ago
• meta-fun / awesome-software-supply-chain-security
  Sharing software supply chain security open source projects
  ☆50Updated 2 years ago
• antitree / seccomp-diff
  ☆81Updated last week
• rusakovichma / TicTaaC
  Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …
  ☆65Updated 3 weeks ago
• LuizBoina / dragon-gpt
  Dragon-GPT uses Chat-GPT, or local LLM, to execute automatic and AI-powered threat modeling analysis on a given OWASP Threat Dragon diagr…
  ☆36Updated 3 weeks ago
• lightspin-tech / red-bucket-gcp
  ☆10Updated 3 years ago
• avolens / kubefuzz
  Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification.
  ☆74Updated last year
• ebpffoundation / publications
  Publications from the eBPF foundation
  ☆23Updated 8 months ago
• ossf / security-reviews
  A community collection of security reviews of open source software components.
  ☆95Updated last year
• x-stp / rxtls
  rxtls is a hyper-optimized, per-core Certificate Transparency (CT) log processor built for one purpose: to extract and process 100,000+ X…
  ☆34Updated this week
• h4sh5 / pypi-auto-scanner
  Automatically scan new pypi packages for potentially malicious code
  ☆30Updated last year