MergeBase

log4j-detector

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC

log4j-samples

Public testing data. Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228. TAG_TESTING, OWNER_KEN, DC_PUBLIC

contains-oss

An Open Source Java tool to examine binary Java artifacts that we make available to clients and prospects. TAG_PRODUCTION, OWNER_KEN, DC_PUBLIC

Java2Json

Java 1.2 compatible JSON parser/formatter written as a single source file. This is Open Source. TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC

log4j-transitive-example

Public testing data. Small Java project that depends indirectly on log4j-core-2.14.0.jar (to test SCA tools) TAG_TESTING, OWNER_KEN, DC_PUBLIC

CVE-2021-44228-Apache-Log4j-Rce

Apache Log4j 远程代码执行 - A fork of the example exploit code for the Log4J vulnerability. Used for reference. TAG_TESTING, OWNER_KEN, DC_PUBLIC

flower

Used for demoing commit graph capabilities. TAG_TESTING, OWNER_DELAN, DC_PUBLIC

mergebase-scan-action

Repository for the MergeBase Scan Github action, which is available in the Github Marketplace. TAG_PRODUCTION, OWNER_DELAN, DC_PUBLIC

stupid-git-tricks

Experimental test data. TAG_TESTING, OWNER_KELLY, DC_PUBLIC

usn2json

usn2json - A published tool that converts mail archives to JSON. TAG_TOOL, OWNER_KELLY, DC_PUBLIC

Vulnerability.Direct.OldStyle

Sample project. TAG_TESTING, OWNER_KEN, DC_PUBLIC

Vulnerability.Transitive

Sample dotnet project with transitive dependencies on vulnerable NuGet components. TAG_TESTING, OWNER_KEN, DC_PUBLIC

csv-compare

CSV-Compare is a tool for comparing vulnerability scans as reported in CSV files outputted by mergebase and OWASP-Dependency-Check tools. TAG_TOOL, OWNER_KEN, DC_PUBLIC

defender-demo-shopizer

A shopping cart app (backend) for the Defender feature demo. Some modifications have been made for the purpose of the demo.

defender-demo-shopizer-reactjs

A shopping cart app (frontend) for the Defender feature demo. Some modifications have been made for the purpose of the demo.

jag-file-submission

Generic File Submission API - published API from BC Government. TAG_TOOL, OWNER_KELLY, DC_PUBLIC

log4j-direct-example

Public testing data. Small Java project that depends directly on log4j-core-2.14.0.jar (to test SCA tools) TAG_TESTING, OWNER_KEN, DC_PUBLIC

madness

Public Testing Data. TAG_TESTING, OWNER_DELAN, DC_PUBLIC

Packages

A fork from a separate public repository of vulnerabilities JSON files containing vulnerable packages. TAG_VULN_DATA, OWNER_KEN, DC_PUBLIC

sample

Public testing data. TAG_TESTING, OWNER_KELLY, DC_PUBLIC

struts-demo

Example of struts vulnerability. TAG_TESTING, OWNER_KELLY, DC_PUBLIC

struts-example

Example of struts vulnerability. TAG_TESTING, OWNER_KELLY, DC_PUBLIC

vuln-example-apacheds-all

Vulnerability examples. TAG_TESTING, OWNER_KELLY, DC_PUBLIC

Vulnerability.Direct

Sample dotnet project with direct dependencies on vulnerable NuGet components. TAG_TESTING, OWNER_KEN, DC_PUBLIC

yarn-composer-sample