Alternatives and similar repositories for ossf-cve-benchmark

Users that are interested in ossf-cve-benchmark are comparing it to the libraries listed below

• SAP / risk-explorer-for-software-supply-chains
  A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…
  ☆79Updated last week
• IQTLabs / software-supply-chain-compromises
  A dataset of software supply chain compromises. Please help us maintain it!
  ☆129Updated 3 years ago
• ossf / security-reviews
  A community collection of security reviews of open source software components.
  ☆96Updated last year
• spoofzu / jvmxray
  Externalize Java application access to protected resources as log messages.
  ☆43Updated last week
• AppThreat / vulnerability-db
  Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.2, purl, and vers…
  ☆135Updated last week
• iosifache / semgrep-rules-manager
  Manager of 14 third-party sources comprising approximately 4,000 Semgrep rules 🗂
  ☆97Updated last month
• trailofbits / it-depends
  A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…
  ☆381Updated this week
• microsoft / codeql-container
  Prepackaged and precompiled github codeql container for rapid analysis, deployment and development.
  ☆122Updated 2 years ago
• microsoft / OSSGadget
  Collection of tools for analyzing open source packages.
  ☆355Updated last week
• semgrep-old / rules-owasp-asvs
  Semgrep rules corresponding to the OWASP ASVS standard
  ☆27Updated 5 years ago
• OWASP / Software-Component-Verification-Standard
  Software Component Verification Standard (SCVS)
  ☆153Updated 10 months ago
• SAP / project-kb
  Home page of project "KB"
  ☆133Updated 10 months ago
• AppThreat / atom
  atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.
  ☆84Updated this week
• microsoft / sarif-vscode-extension
  SARIF Microsoft Visual Studio Code extension
  ☆132Updated last week
• cve-search / git-vuln-finder
  Finding potential software vulnerabilities from git commit messages
  ☆419Updated 2 years ago
• planetlevel / jot
  Java Observability Toolkit
  ☆62Updated last year
• google / oss-fuzz-vulns
  OSS-Fuzz vulnerabilities for OSV.
  ☆169Updated this week
• pbom-dev / OSCAR
  A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain
  ☆97Updated 11 months ago
• Yelp / fuzz-lightyear
  A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos enginee…
  ☆226Updated last year
• OWASP / cwe-tool
  A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
  ☆62Updated 8 months ago
• xiaofen9 / Lynx
  A Node.js vulnerability finding tool.
  ☆96Updated 5 months ago
• DataDog / malicious-software-packages-dataset
  An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
  ☆300Updated this week
• cristianstaicu / SecBench.js
  ☆36Updated last year
• purs3lab / Argus
  ☆52Updated last year
• elttam / semgrep-rules
  ☆226Updated last month
• DefectDojo / defectdojo_api
  Python API library for DefectDojo
  ☆43Updated 2 years ago
• ossf / osv-schema
  Open Source Vulnerability schema.
  ☆229Updated this week
• srcclr / efda
  Evaluation Framework for Dependency Analysis (EFDA)
  ☆44Updated 3 years ago
• ajinabraham / libsast
  Generic SAST Library
  ☆135Updated 7 months ago
• magnologan / awesome-sca
  A comprehensive list of software composition analysis tools.
  ☆161Updated 3 months ago