mgreiler / awesome-code-review-research
☆40Updated 9 months ago
Related projects: ⓘ
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆126Updated 11 months ago
- OpenSSF Working Group on Securing Software Repositories☆86Updated 2 months ago
- A documentation and tracking project with the goal of making package management systems more secure.☆48Updated 3 years ago
- A community collection of security reviews of open source software components.☆92Updated 6 months ago
- ☆10Updated last year
- Technical Advisory Council☆107Updated last week
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆117Updated 3 months ago
- Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.☆79Updated last week
- 🤖 Run a Mayhem for API scan in GitHub Actions☆23Updated 3 months ago
- Fuzz testing for HTTP APIs with Artillery.io 🌪☆59Updated 2 years ago
- Awesome Snyk community contributions, champions, integrations, blogs, tools and more 💜☆42Updated 2 years ago
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆138Updated 6 months ago
- Fast and simple way to check any HTTP Headers☆45Updated last year
- Pin designs for security related items☆36Updated 4 months ago
- Generate a personal Jekyll website using your Bibtex references.☆10Updated 4 years ago
- Security scanning & static analysis tool☆92Updated last year
- Supply Chain Integrity Model☆102Updated last year
- Scans every git push to your Github organisations to find unwanted secrets.☆88Updated last year
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆69Updated this week
- A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos enginee…☆205Updated 4 months ago
- Tool for visualizing the Open SSF Scorecard Api data in a human friendly way☆12Updated this week
- A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC☆32Updated last month
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated 6 months ago
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.☆34Updated 2 years ago
- SIG Security - Software Bill of Materials☆18Updated 2 years ago
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆31Updated 2 months ago
- Equal Experts Secure Delivery Playbook☆26Updated last year
- Inject JS to the DOM to find vulnerable JavaScript libraries☆9Updated 2 weeks ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆177Updated last month
- A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.☆54Updated 2 weeks ago
- Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)☆176Updated 2 weeks ago