Alternatives and similar repositories for ossf-cve-benchmark

Users that are interested in ossf-cve-benchmark are comparing it to the libraries listed below

• IQTLabs / software-supply-chain-compromises
  A dataset of software supply chain compromises. Please help us maintain it!
  ☆129Updated 2 years ago
• ossf / security-reviews
  A community collection of security reviews of open source software components.
  ☆95Updated last year
• trailofbits / it-depends
  A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…
  ☆365Updated 7 months ago
• spoofzu / jvmxray
  Externalize Java application access to protected resources as log messages.
  ☆42Updated last month
• SAP / risk-explorer-for-software-supply-chains
  A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…
  ☆77Updated last week
• iosifache / semgrep-rules-manager
  Manager of third-party sources of Semgrep rules 🗂
  ☆87Updated last year
• Yelp / fuzz-lightyear
  A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos enginee…
  ☆223Updated last year
• ajinabraham / libsast
  Generic SAST Library
  ☆132Updated last month
• AppThreat / vulnerability-db
  Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers…
  ☆121Updated 2 weeks ago
• DataDog / malicious-software-packages-dataset
  An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
  ☆214Updated this week
• semgrep-old / rules-owasp-asvs
  Semgrep rules corresponding to the OWASP ASVS standard
  ☆27Updated 4 years ago
• cve-search / git-vuln-finder
  Finding potential software vulnerabilities from git commit messages
  ☆416Updated last year
• planetlevel / jot
  Java Observability Toolkit
  ☆61Updated last year
• microsoft / OSSGadget
  Collection of tools for analyzing open source packages.
  ☆350Updated this week
• microsoft / codeql-container
  Prepackaged and precompiled github codeql container for rapid analysis, deployment and development.
  ☆119Updated last year
• DefectDojo / defectdojo_api
  Python API library for DefectDojo
  ☆42Updated 2 years ago
• SAP / project-kb
  Home page of project "KB"
  ☆127Updated 4 months ago
• OWASP / cwe-tool
  A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
  ☆60Updated 2 months ago
• magnologan / awesome-sca
  A comprehensive list of software composition analysis tools.
  ☆151Updated last year
• OWASP / IoT-Security-Verification-Standard-ISVS
  OWASP IoT Security Verification Standard (ISVS)
  ☆143Updated 2 years ago
• elttam / semgrep-rules
  ☆197Updated 8 months ago
• OWASP / Software-Component-Verification-Standard
  Software Component Verification Standard (SCVS)
  ☆149Updated 4 months ago
• srcclr / efda
  Evaluation Framework for Dependency Analysis (EFDA)
  ☆43Updated 3 years ago
• google / oss-fuzz-vulns
  OSS-Fuzz vulnerabilities for OSV.
  ☆159Updated this week
• ossf / osv-schema
  Open Source Vulnerability schema.
  ☆205Updated this week
• Teebytes / TnT-Fuzzer
  OpenAPI 2.0 (Swagger) fuzzer written in python. Basically TnT for your API.
  ☆111Updated 2 years ago
• secmerc / materialize-threats
  ☆66Updated 2 weeks ago
• xiaofen9 / Lynx
  A Node.js vulnerability finding tool.
  ☆95Updated 4 years ago
• pbom-dev / OSCAR
  A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain
  ☆95Updated 5 months ago
• AppThreat / atom
  atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.
  ☆70Updated last week