The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.
☆162Mar 12, 2024Updated 2 years ago
Alternatives and similar repositories for ossf-cve-benchmark
Users that are interested in ossf-cve-benchmark are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆12Jun 8, 2021Updated 4 years ago
- Depstubber generates type-correct stubs for Go dependencies, for use in testing☆18Mar 21, 2025Updated last year
- Original workshops and staging area for new ones☆16Jul 3, 2025Updated 9 months ago
- This repo demonstrates how to use the GitHub Code Scanning API to export all the alerts in an organization to a CSV file☆18Jul 12, 2023Updated 2 years ago
- GitHub Advanced Security Pull Request Security Team required review GitHub App☆36Mar 30, 2026Updated last week
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- ☆12Jul 26, 2022Updated 3 years ago
- This repository contains a list of papers about software supply chain☆29May 22, 2024Updated last year
- ☆38Oct 4, 2024Updated last year
- Paper, data and code from Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding In…☆19Jan 28, 2021Updated 5 years ago
- Make it easy to probe the strengths and weaknesses of a hardened Node.js stack☆21May 3, 2019Updated 6 years ago
- OSS-Fuzz vulnerabilities for OSV.☆175Updated this week
- Public disclosure channel for security vulnerabilities☆17Nov 17, 2025Updated 4 months ago
- GitHub Code Scanning Mean Time to Remediate (GCSMTTR)☆14Jun 27, 2023Updated 2 years ago
- GitHub Secret Scanning Auto Remediator (GSSAR)☆48Updated this week
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Kubernetes offensive framework built in eBPF☆38Mar 14, 2023Updated 3 years ago
- SARIF Microsoft Visual Studio Code extension☆133Feb 14, 2026Updated last month
- This repository contains CodeQL queries and libraries which support various Coding Standards.☆199Updated this week
- ARVO: an Atlas of Reproducible Vulnerabilities in Open source software.☆67Feb 16, 2026Updated last month
- Keeps track of what repos needs to be saved from the new Github " Exploits and malware policy"☆23May 15, 2021Updated 4 years ago
- REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and defau…☆263Jan 13, 2022Updated 4 years ago
- [Deprecated] GitHub's Field Team's CodeQL Custom Queries, Suites, and Configurations. See GitHubSecurityLab/CodeQL-Community-Packs instea…☆85May 1, 2024Updated last year
- A tool for analyzing the attack surface of an application☆19Mar 5, 2025Updated last year
- QEMU to drcov trace file☆12Nov 21, 2020Updated 5 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- GitHub Advanced Security Python Toolkit☆14Mar 30, 2026Updated last week
- OWASP ZAP add-on to detect reflected parameter vulnerabilities efficiently☆12Feb 19, 2021Updated 5 years ago
- A Python module that enables the automation of Firefox☆33Updated this week
- Integrate the dharma grammar fuzzer into honggfuzz☆26Aug 11, 2017Updated 8 years ago
- Salesforce Policy Deviation Checker☆30Sep 30, 2020Updated 5 years ago
- Audit Node Module folder with YARA rules to identify possible malicious packages hiding in node_moudles☆20Mar 24, 2021Updated 5 years ago
- Action to detect if a secret is initially detected in a pull request☆20Mar 26, 2026Updated last week
- A CVE Heatmap Using CalPlot☆97Jan 25, 2021Updated 5 years ago
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆135Nov 15, 2025Updated 4 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- An Intentionally designed Vulnerable Android Application built in Kotlin.☆255Mar 2, 2022Updated 4 years ago
- Example CLI project to demo API architecture and protobom library☆26Mar 27, 2026Updated last week
- A JavaScript components vulnerability scanner, based on RetireJS☆36Jun 8, 2020Updated 5 years ago
- CVE database☆21Sep 2, 2020Updated 5 years ago
- ☆29Jan 31, 2025Updated last year
- This is a PoC exploit for CVE-2020-8559 Kubernetes Vulnerability☆54Jul 23, 2020Updated 5 years ago
- tree-sitter grammar for the CodeQL language☆35Aug 29, 2025Updated 7 months ago