google / osv.dev

Related projects: ⓘ

• slsa-framework / slsa
  Supply-chain Levels for Software Artifacts
  ☆1,521Updated this week
• google / osv-scanner
  Vulnerability scanner written in Go which uses the data provided by https://osv.dev
  ☆6,117Updated this week
• google / clusterfuzzlite
  ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
  ☆454Updated 3 months ago
• ossf / package-analysis
  Open Source Package Analysis
  ☆720Updated last week
• guacsec / guac
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,257Updated this week
• OWASP / threat-dragon
  An open source threat modeling tool from OWASP
  ☆888Updated this week
• ossf / scorecard
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆4,390Updated this week
• CVEProject / cvelist
  Pilot program for CVE submission through GitHub. CVE Record Submission via Pilot PRs ending 6/30/2023
  ☆1,309Updated this week
• devops-kung-fu / bomber
  Scans Software Bill of Materials (SBOMs) for security vulnerabilities
  ☆494Updated last week
• DependencyTrack / dependency-track
  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
  ☆2,582Updated this week
• ShiftLeftSecurity / sast-scan
  Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…
  ☆790Updated last year
• ossf / allstar
  GitHub App to set and enforce security policies
  ☆1,240Updated this week
• owasp-dep-scan / dep-scan
  OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …
  ☆982Updated last week
• github / advisory-database
  Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
  ☆1,709Updated this week
• semgrep / semgrep-rules
  Semgrep rules registry
  ☆773Updated this week
• awesomeSBOM / awesome-sbom
  A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
  ☆466Updated last week
• CycloneDX / cdxgen
  Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…
  ☆546Updated this week
• CloudSecurityAlliance / gsd-database
  Global Security Database
  ☆305Updated 4 months ago
• anchore / syft
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆6,015Updated this week
• DataDog / stratus-red-team
  Granular, Actionable Adversary Emulation for the Cloud
  ☆1,742Updated this week
• tcosolutions / betterscan
  Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
  ☆786Updated this week
• opencve / opencve
  CVE Alerting Platform
  ☆1,767Updated this week
• opensbom-generator / spdx-sbom-generator
  Support CI generation of SBOMs via golang tooling.
  ☆396Updated 8 months ago
• CVEProject / cvelistV5
  CVE cache of the official CVE List in CVE JSON 5 format
  ☆705Updated this week
• intel / cve-bin-tool
  The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnera…
  ☆1,183Updated this week
• DataDog / guarddog
  GuardDog is a CLI tool to Identify malicious PyPI and npm packages
  ☆586Updated last week
• OWASP / wrongsecrets
  Vulnerable app with examples showing how to not use secrets
  ☆1,203Updated this week
• microsoft / sbom-tool
  The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
  ☆1,570Updated this week
• wireghoul / graudit
  grep rough audit - source code auditing tool
  ☆1,487Updated last month
• sigstore / cosign
  Code signing and transparency for containers and binaries
  ☆4,376Updated last week