Alternatives and similar repositories for ossf-cve-benchmark

Users that are interested in ossf-cve-benchmark are comparing it to the libraries listed below

• IQTLabs / software-supply-chain-compromises
  A dataset of software supply chain compromises. Please help us maintain it!
  ☆130Updated 3 years ago
• SAP / risk-explorer-for-software-supply-chains
  A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…
  ☆79Updated last week
• ossf / security-reviews
  A community collection of security reviews of open source software components.
  ☆96Updated last year
• iosifache / semgrep-rules-manager
  Manager of third-party sources of Semgrep rules 🗂
  ☆90Updated last year
• spoofzu / jvmxray
  Externalize Java application access to protected resources as log messages.
  ☆43Updated last month
• semgrep-old / rules-owasp-asvs
  Semgrep rules corresponding to the OWASP ASVS standard
  ☆28Updated 5 years ago
• microsoft / codeql-container
  Prepackaged and precompiled github codeql container for rapid analysis, deployment and development.
  ☆120Updated 2 years ago
• trailofbits / it-depends
  A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…
  ☆376Updated this week
• microsoft / OSSGadget
  Collection of tools for analyzing open source packages.
  ☆351Updated 3 months ago
• Yelp / fuzz-lightyear
  A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos enginee…
  ☆227Updated last year
• DataDog / malicious-software-packages-dataset
  An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
  ☆255Updated last week
• planetlevel / jot
  Java Observability Toolkit
  ☆62Updated last year
• OWASP / cwe-tool
  A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
  ☆61Updated 6 months ago
• ajinabraham / libsast
  Generic SAST Library
  ☆132Updated 5 months ago
• SAP / project-kb
  Home page of project "KB"
  ☆130Updated 8 months ago
• AppThreat / atom
  atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.
  ☆76Updated last week
• microsoft / sarif-vscode-extension
  SARIF Microsoft Visual Studio Code extension
  ☆122Updated last week
• pbom-dev / OSCAR
  A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain
  ☆96Updated 9 months ago
• AppThreat / vulnerability-db
  Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers…
  ☆131Updated this week
• google / oss-fuzz-vulns
  OSS-Fuzz vulnerabilities for OSV.
  ☆166Updated last week
• ossf / osv-schema
  Open Source Vulnerability schema.
  ☆215Updated last week
• OWASP / Software-Component-Verification-Standard
  Software Component Verification Standard (SCVS)
  ☆150Updated 7 months ago
• vishalgarg-sec / Software-Supply-Chain-Security
  A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…
  ☆138Updated last year
• srcclr / efda
  Evaluation Framework for Dependency Analysis (EFDA)
  ☆44Updated 3 years ago
• elttam / semgrep-rules
  ☆205Updated last week
• secmerc / materialize-threats
  ☆69Updated 4 months ago
• purs3lab / Argus
  ☆52Updated last year
• xiaofen9 / Lynx
  A Node.js vulnerability finding tool.
  ☆96Updated 3 months ago
• thought-machine / dracon
  Security scanning & static analysis tool
  ☆93Updated last year
• magnologan / awesome-sca
  A comprehensive list of software composition analysis tools.
  ☆156Updated last month