google / vanir
Vanir is a source code-based static analysis tool that automatically identifies the list of missing security patches in the target system. By default, Vanir pulls up-to-date CVEs from Open Source Vulnerabilities (OSV) together with their corresponding signatures so that users can transparently scan missing patches for an up-to-date list of CVEs.
☆325Updated 3 weeks ago
Alternatives and similar repositories for vanir:
Users that are interested in vanir are comparing it to the libraries listed below
- OSV-SCALIBR: A library for Software Composition Analysis☆319Updated this week
- Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streaml…☆242Updated this week
- A repo to conduct vulnerability enrichment.☆610Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆303Updated this week
- BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generato…☆360Updated last week
- Deep Linux runtime visibility meets Wireshark☆287Updated this week
- ClusterFuzzLite - Simple continuous fuzzing that runs in CI.☆476Updated 4 months ago
- Open Source Package Analysis☆828Updated this week
- ☆78Updated this week
- Open Source Vulnerability schema.☆198Updated last week
- A universal SBOM representation in protocol buffers☆281Updated last week
- An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.☆200Updated this week
- A very simple open source implementation of Google's Project Naptime☆139Updated 3 weeks ago
- PURL to CPE Relationship mapping project.☆86Updated this week
- CI/CD Security Analyzer☆655Updated last month
- Focused malicious code detection ruleset, with a high protection-to-noise ratio☆115Updated last month
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers…☆114Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆132Updated last year
- tool designed for identifying vulnerabilities in open source codebases at scale. It can gather and filter on key repository metrics such …☆225Updated 2 months ago
- Enrich SBOMs with data from third party services☆167Updated 2 weeks ago
- Atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.☆64Updated this week
- 🚀 Policy driven vetting of open source packages with malicious code analysis☆333Updated this week
- Threat-hunting tool for Linux☆819Updated last week
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆713Updated this week
- Gram is Klarna's own threat model diagramming tool☆320Updated last month
- A security layer for Git repositories☆503Updated this week
- #supply #chain #attack #detection☆514Updated this week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆561Updated 2 weeks ago
- A rewrite of YARA in Rust.☆738Updated last week
- OpenVEX Specification☆144Updated 3 weeks ago