A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications.
☆144Oct 5, 2023Updated 2 years ago
Alternatives and similar repositories for oss-vulnerability-guide
Users that are interested in oss-vulnerability-guide are comparing it to the libraries listed below
Sorting:
- A Python client for the Global CVE Allocation System.☆17Jan 31, 2026Updated last month
- ☆20Jul 16, 2025Updated 8 months ago
- Salesforce Policy Deviation Checker☆30Sep 30, 2020Updated 5 years ago
- ☆13Jan 4, 2023Updated 3 years ago
- Container Blackbox Security Auditing Tool: enumerates security configuration from within the target container☆106Nov 30, 2018Updated 7 years ago
- A taxonomy of all official CycloneDX property namespaces and names☆21Mar 2, 2026Updated 2 weeks ago
- A Java library for programmatically calculating OWASP Risk Rating scores☆19Apr 3, 2023Updated 2 years ago
- Open Source Vulnerability schema.☆240Updated this week
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆214Feb 4, 2026Updated last month
- A standard API specification for exchanging supply chain artifacts and intelligence☆103Mar 13, 2026Updated last week
- Tool for signing and verifying the integrity of CloudFormation templates☆15Feb 16, 2023Updated 3 years ago
- DFF (Digital Forensics Framework)☆11Jan 6, 2021Updated 5 years ago
- A documentation and tracking project with the goal of making package management systems more secure.☆51Mar 5, 2021Updated 5 years ago
- CSIRT Tooling: Best Practices in Developing, Maintaining and Distributing Open Source Tools☆16Feb 26, 2026Updated 3 weeks ago
- Python code for 1) permuting randomly-generated passwords for easier entry on mobile devices, and 2) for estimating entropy lost as a res…☆16May 5, 2016Updated 9 years ago
- ☆45Nov 17, 2025Updated 4 months ago
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆42May 11, 2023Updated 2 years ago
- Megatron - A System for Abuse- and Incident Handling☆45Mar 29, 2017Updated 8 years ago
- Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents☆23Jan 19, 2025Updated last year
- Slack alert bot for matching Github Audit Events☆10Nov 12, 2024Updated last year
- A set of Rust types for supporting COSE☆42Mar 2, 2026Updated 2 weeks ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆35Jan 25, 2026Updated last month
- Utilities to help with Dart source code generation.☆18Mar 1, 2026Updated 3 weeks ago
- ☆10May 2, 2018Updated 7 years ago
- A template for writing your Bachelor, Master or PhD thesis.☆11Sep 25, 2023Updated 2 years ago
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆81Updated this week
- Docker images for testing Google client libraries.☆21Updated this week
- A BOM repository server for distributing CycloneDX BOMs☆87Jul 1, 2025Updated 8 months ago
- Utility that provides an API and CLI to identify licenses and legal terms☆52Jul 11, 2025Updated 8 months ago
- Reverse Engineering tool for Ethereum EVM☆20Jun 30, 2016Updated 9 years ago
- OWASP Foundation Web Respository☆37Oct 3, 2025Updated 5 months ago
- Embed the Power of Lua into NGINX HTTP servers☆11Dec 1, 2015Updated 10 years ago
- Coq BPF interpreter☆19Jan 18, 2018Updated 8 years ago
- Another MISP module for Python☆18Feb 17, 2020Updated 6 years ago
- Software Component Verification Standard (SCVS)☆157Apr 1, 2025Updated 11 months ago
- Make rpc:calls from erlang to haskell☆17Mar 30, 2015Updated 10 years ago
- ☆15Mar 20, 2017Updated 9 years ago
- Type adapters for common Go protobuf messages☆18Oct 24, 2024Updated last year
- Security middleware to defend against SQL injection in Active Record.☆18Aug 4, 2025Updated 7 months ago