ossf-cve-benchmark / ossf-cve-benchmarkView external linksLinks
The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.
☆160Mar 12, 2024Updated last year
Alternatives and similar repositories for ossf-cve-benchmark
Users that are interested in ossf-cve-benchmark are comparing it to the libraries listed below
Sorting:
- Paper, data and code from Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding In…☆19Jan 28, 2021Updated 5 years ago
- ☆12Jun 8, 2021Updated 4 years ago
- Run CodeQL queries at scale using Multi-Repository Variant Analysis (MRVA)☆61Apr 16, 2025Updated 9 months ago
- Salesforce Policy Deviation Checker☆30Sep 30, 2020Updated 5 years ago
- Present ZAProxy results in GitHub Advanced Security☆18May 24, 2024Updated last year
- Keeps track of what repos needs to be saved from the new Github " Exploits and malware policy"☆23May 15, 2021Updated 4 years ago
- A tool for analyzing the attack surface of an application☆19Mar 5, 2025Updated 11 months ago
- An Intentionally designed Vulnerable Android Application built in Kotlin.☆256Mar 2, 2022Updated 3 years ago
- Original workshops and staging area for new ones☆16Jul 3, 2025Updated 7 months ago
- ☆69Jul 18, 2025Updated 6 months ago
- Kubernetes offensive framework built in eBPF☆39Mar 14, 2023Updated 2 years ago
- ☆74Sep 30, 2020Updated 5 years ago
- This repo demonstrates how to use the GitHub Code Scanning API to export all the alerts in an organization to a CSV file☆18Jul 12, 2023Updated 2 years ago
- GH CLI CodeQL Scan Extension☆20Sep 4, 2025Updated 5 months ago
- REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and defau…☆265Jan 13, 2022Updated 4 years ago
- A JavaScript components vulnerability scanner, based on RetireJS☆36Jun 8, 2020Updated 5 years ago
- A Python module that enables the automation of Firefox☆33Jan 5, 2026Updated last month
- This is a PoC exploit for CVE-2020-8559 Kubernetes Vulnerability☆54Jul 23, 2020Updated 5 years ago
- GitHub Actions Cache Native Malware - for Educational and Research Purposes only.☆92Jan 28, 2026Updated 2 weeks ago
- ☆124Nov 8, 2023Updated 2 years ago
- ☆13Feb 26, 2021Updated 4 years ago
- OSS-Fuzz vulnerabilities for OSV.☆171Updated this week
- Depstubber generates type-correct stubs for Go dependencies, for use in testing☆17Mar 21, 2025Updated 10 months ago
- This repository contains CodeQL queries and libraries which support various Coding Standards.☆187Updated this week
- Collection of content discovery wordlists in one wordlist.☆38Jan 18, 2022Updated 4 years ago
- The clever vulnerability dependency finder☆96May 10, 2022Updated 3 years ago
- Static code analysis tool based on Elasticsearch☆129Jan 23, 2021Updated 5 years ago
- GitHub Secret Scanning Auto Remediator (GSSAR)☆46Jan 1, 2026Updated last month
- Create tar/zip archives that try to exploit zipslip vulnerability.☆48Sep 20, 2024Updated last year
- ☆75Updated this week
- ☆23Mar 29, 2022Updated 3 years ago
- Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect☆24Jan 26, 2026Updated 2 weeks ago
- CVE database☆21Sep 2, 2020Updated 5 years ago
- ☆12Mar 24, 2018Updated 7 years ago
- ☆11Dec 19, 2024Updated last year
- Kantega Web Application Security Hero Challenge☆19Dec 3, 2020Updated 5 years ago
- Official code for the paper entitled "Toward Intelligent and Secure Cloud: Large Language Model Empowered Proactive Defense"☆15Apr 10, 2025Updated 10 months ago
- Offensive tool for guessing Active Directory credentials via Kerberos☆10Jan 1, 2024Updated 2 years ago
- siml is a CLI tool for discovering similar, related to, competitive, or alternative options to a given site.☆14Apr 30, 2023Updated 2 years ago