Skip to content
View harekrishnarai's full-sized avatar
:octocat:
Securing apps via pentesting, code reviews & supply chain defense ๐Ÿ”
:octocat:
Securing apps via pentesting, code reviews & supply chain defense ๐Ÿ”

Block or report harekrishnarai

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this userโ€™s behavior. Learn more about reporting abuse.

Report abuse
harekrishnarai/README.md

Hey there, I'm Hare Krishna Rai

Twitter Badge LinkedIn Badge


๐ŸŽฏ Security Researcher | Speaker | Open Source Contributor

  • ๐Ÿ”’ Product Security Engineer at Okta (Auth0 Team) โ€“ focused on secure software supply chains.

  • ๐Ÿง  Creator of SCAGoat โ€” a vulnerable-by-design application to evaluate SCA tools and supply chain attack detection.

  • ๐Ÿ—ฃ๏ธ Featured Speaker at top-tier security conferences:

    Black Hat Europe 2024 Black Hat Asia 2025 DEF CON Forum 2024 AppSec Village 2024

  • ๐Ÿงฐ Regular secure coding trainer, reviewer for security conferences, and CTF enthusiast.

  • ๐Ÿ” Researching OSS poisoning, model exposure abuse, malicious packages, and DevSecOps automations.


๐Ÿ“Š GitHub Stats & Achievements

Streak Stats
Top Languages

GitHub Trophies


๐Ÿ“Œ Featured Project: SCAGoat
A deliberately insecure and compromised SCA testbed that simulates:

  • CVE exposure in Node.js and Spring Boot apps
  • Malicious/compromised packages
  • Reachability and fix validation workflows
    Ideal for evaluating SCA tools, container scanners, and CI/CD defenses.

Profile Views


๐Ÿ’ฌ Letโ€™s connect to talk about research, secure development, OSS risks, or collaborations!

Pinned Loading

  1. Damn-vulnerable-sca Public

    Damn Vulnerable SCA Application

    Java 39 34

  2. depcheck Public

    A CLI tool to identify SCA security vulnerabilities in packages and provide suggestions for upgrade versions, breaking changes, CVSS and advisories.

    Go 1

  3. flowlyt Public

    Flowlyt is a security analyzer that scans GitHub Actions workflows to detect malicious patterns, misconfigurations, and secrets exposure, helping enforce secure CI/CD practices.

    Go 6 1

  4. scs-feed Public

    Aggregates and updates supply chain security blog posts daily using GitHub Actions (runs every day at 00:00 UTC).

    JavaScript 1

  5. combat-sca Public

    Python