ossf / omega-triage-portal
☆13Updated 10 months ago
Related projects: ⓘ
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆138Updated 6 months ago
- Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.☆79Updated last week
- OSS-Fuzz vulnerabilities for OSV.☆129Updated this week
- Prepackaged and precompiled github codeql container for rapid analysis, deployment and development.☆102Updated 9 months ago
- SARIF Microsoft Visual Studio Code extension☆110Updated this week
- Generate thousands of pull requests to fix widespread security vulnerabilities across GitHub.☆33Updated last month
- A community collection of security reviews of open source software components.☆92Updated 6 months ago
- Action to detect if a secret is initially detected in a PR commit☆11Updated 2 weeks ago
- Collection of community-driven CodeQL query, library and extension packs☆64Updated last month
- Open Source Vulnerability schema.☆176Updated this week
- [Deprecated] GitHub's Field Team's CodeQL Custom Queries, Suites, and Configurations. See GitHubSecurityLab/CodeQL-Community-Packs instea…☆80Updated 4 months ago
- Python implementation of the package url spec. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase…☆65Updated 2 weeks ago
- OASIS SARIF TC: Repository for development of the draft standard, where requests for modification should be made via Github Issues☆164Updated 2 weeks ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆229Updated this week
- Checkmarx CxFlow GitHub Action with SARIF output☆52Updated 2 weeks ago
- Post Processor for Facebook Static Analysis Tools.☆129Updated this week
- This project is deprecated. Use https://github.com/returntocorp/semgrep instead☆73Updated 5 months ago
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.☆34Updated 2 years ago
- An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.☆126Updated this week
- Manager of third-party sources of Semgrep rules 🗂☆74Updated 2 months ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆177Updated last month
- CodeQL workshops for GitHub Universe☆91Updated last year
- XS-Leaks Wiki☆139Updated last month
- Collection of tools for analyzing open source packages.☆311Updated 2 months ago
- Python classes for the SARIF object model☆39Updated 5 months ago
- User-friendly documentation for the SARIF file format.☆275Updated 9 months ago
- Run CodeQL queries at scale using Multi-Repository Variant Analysis (MRVA)☆49Updated 5 months ago
- GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.☆206Updated 9 months ago
- Enrich SBOMs with data from third party services☆108Updated 3 weeks ago
- Produce an Open Source Vulnerability JSON file based on information in an SPDX document☆60Updated 3 months ago