microsoft / bandit-sarif-formatter
A report formatter for Bandit (a Python security analyzer) that produces output in the SARIF format.
☆18Updated last year
Related projects: ⓘ
- Python implementation of the package url spec. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase…☆65Updated 2 weeks ago
- A tool to generate a SBOM (Software Bill of Materials) for an installed Python module☆25Updated 3 weeks ago
- Python implementation of OWASP CycloneDX☆66Updated this week
- CVSS2/3/4 library with interactive calculator for Python 2 and Python 3☆81Updated this week
- Security audit Python project dependencies against security advisory databases.☆64Updated 2 weeks ago
- Python classes for the SARIF object model☆39Updated 5 months ago
- Audit python packages for known vulnerabilities☆28Updated 2 years ago
- A Sigstore client written in Python☆220Updated this week
- A community collection of security reviews of open source software components.☆92Updated 6 months ago
- A GitHub Action for pip-audit☆66Updated last month
- OWASP Foundation Web Respository☆17Updated 4 months ago
- Python Faker provider for security related data☆35Updated last month
- A Python library to parse, validate and create SPDX documents.☆178Updated 3 weeks ago
- This project is deprecated. Use https://github.com/returntocorp/semgrep instead☆73Updated 5 months ago
- Generate VEX (Vulnerability Exploitability Exchange) CycloneDX documents☆19Updated last year
- CodeQL Security Queries☆19Updated last week
- Library to ingest and generate SBOMs☆16Updated 3 weeks ago
- Advisory database for Python packages published on pypi.org☆251Updated this week
- A GitHub Action for sigstore-python☆45Updated last month
- Open Source Vulnerability schema.☆176Updated this week
- Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs…☆30Updated last month
- Low-effort reachability analysis for third-party code vulnerabilities.☆19Updated last year
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆69Updated this week
- Post Processor for Facebook Static Analysis Tools.☆129Updated this week
- A place to systematically store software bill of materials (SBOM) documents.☆42Updated last year
- 🕵️ File browser for distributions on PyPI☆80Updated 3 months ago
- This is a repository of vulnerability advisories for projects in scope for the Python Software Foundation CVE Numbering Authority (CNA)☆25Updated last week
- Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.☆79Updated last week
- Software Component Verification Standard (SCVS)☆133Updated 5 months ago
- Semgrep extension for Visual Studio Code☆53Updated last week