quinzhi

advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

purl-spec

A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

bom-examples

A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)

cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

pyt

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

synopsys-detect

Scanning and analysis for Synopsys products.

blackduck-docker-inspector

shc

Shell script compiler

docker-drag

Download image from the Docker Hub HTTPS API

trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

dpkg-licenses

A command line tool which lists the licenses of all installed packages in a Debian-based system (like Ubuntu)

rpm-parser

Produce a list of dependencies from an RPM database file

syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

cli

Snyk CLI scans and monitors your projects for security vulnerabilities.

grype

A vulnerability scanner for container images and filesystems

codechecker

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy

Bear

Bear is a tool that generates a compilation database for clang tooling.

cs-self-learning

计算机自学指南

jd-gui

A standalone Java Decompiler GUI

Elkeid

Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices.

spring-framework

Spring Framework

yasca

Yet Another Source Code Analyzer

llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.

sunlogin_rce

向日葵 RCE

dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

PinTools

Pintool example and PoC for dynamic binary analysis

yaml-vfs

A gem which can gen VFS YAML file.

grammars-v4

Grammars written for ANTLR v4; expectation that the grammars are free of actions.

pmd

An extensible multilanguage static code analyzer.

moby

The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems