Alternatives and similar repositories for ossf-cve-benchmark

Users that are interested in ossf-cve-benchmark are comparing it to the libraries listed below

• IQTLabs / software-supply-chain-compromises
  A dataset of software supply chain compromises. Please help us maintain it!
  ☆130Updated 2 years ago
• SAP / risk-explorer-for-software-supply-chains
  A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…
  ☆78Updated last month
• ossf / security-reviews
  A community collection of security reviews of open source software components.
  ☆95Updated last year
• spoofzu / jvmxray
  Externalize Java application access to protected resources as log messages.
  ☆42Updated last month
• microsoft / OSSGadget
  Collection of tools for analyzing open source packages.
  ☆348Updated 2 weeks ago
• AppThreat / vulnerability-db
  Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers…
  ☆129Updated last month
• microsoft / codeql-container
  Prepackaged and precompiled github codeql container for rapid analysis, deployment and development.
  ☆119Updated last year
• trailofbits / it-depends
  A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…
  ☆370Updated 2 weeks ago
• semgrep-old / rules-owasp-asvs
  Semgrep rules corresponding to the OWASP ASVS standard
  ☆27Updated 4 years ago
• iosifache / semgrep-rules-manager
  Manager of third-party sources of Semgrep rules 🗂
  ☆87Updated last year
• ajinabraham / libsast
  Generic SAST Library
  ☆132Updated 2 months ago
• Yelp / fuzz-lightyear
  A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos enginee…
  ☆225Updated last year
• SAP / project-kb
  Home page of project "KB"
  ☆129Updated 5 months ago
• google / oss-fuzz-vulns
  OSS-Fuzz vulnerabilities for OSV.
  ☆162Updated last week
• DataDog / malicious-software-packages-dataset
  An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
  ☆225Updated this week
• OWASP / Software-Component-Verification-Standard
  Software Component Verification Standard (SCVS)
  ☆149Updated 5 months ago
• microsoft / sarif-vscode-extension
  SARIF Microsoft Visual Studio Code extension
  ☆120Updated last month
• JLLeitschuh / bulk-security-pr-generator
  Generate thousands of pull requests to fix widespread security vulnerabilities across GitHub.
  ☆33Updated 4 months ago
• elttam / semgrep-rules
  ☆199Updated 10 months ago
• secmerc / materialize-threats
  ☆66Updated last month
• OWASP / cwe-tool
  A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
  ☆62Updated 3 months ago
• purs3lab / Argus
  ☆48Updated last year
• magnologan / awesome-sca
  A comprehensive list of software composition analysis tools.
  ☆155Updated last year
• AppThreat / atom
  atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.
  ☆72Updated last week
• srcclr / efda
  Evaluation Framework for Dependency Analysis (EFDA)
  ☆43Updated 3 years ago
• planetlevel / jot
  Java Observability Toolkit
  ☆62Updated last year
• pbom-dev / OSCAR
  A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain
  ☆95Updated 7 months ago
• DefectDojo / defectdojo_api
  Python API library for DefectDojo
  ☆42Updated 2 years ago
• google / gke-auditor
  ☆74Updated 4 years ago
• Aurore54F / DoubleX
  Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale
  ☆76Updated 3 years ago