Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.

Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.

PatchFinder: A Two-Phase Approach to Security Patch Tracing for Disclosed Vulnerabilities in Open Source Software (ISSTA 2024)

Secure your code in seconds. VibeSafe is an AI-native DevSecOps CLI tool that detects vulnerabilities, secrets, insecure configs, and hallucinated dependencies before they ship.

TuxCare SecureChain enhances Java supply chain security through vetted libraries, vulnerability fixes, and extended support. Ideal for enterprise-level compliance and secure development.

Apache OfBiz Auth Bypass Scanner for CVE-2023-51467

Securiskan: Scan files for malware. Secure your digital space.

Comprehensive Exploit Chain for Multiple Vulnerabilities in VinChin Backup & Recovery <= 7.2

A pure client side CycloneDX SBOM Generator for node/npm projects

Multi-cloud xSPM platform to scan, visualize, and remediate security risks across cloud, containers, and Kubernetes environments.

A high-privilege behavior tracing and anti-malware tool with ISO comparison and auto-elimination capabilities.

This repository provides comprehensive guides, configurations, rules, and practical examples for Snort, the open-source intrusion detection system (IDS). Ideal for cybersecurity professionals and enthusiasts looking to enhance their network security skills.

This CLI Program is an antivirus tool designed to scan directories, files, or entire drives for malicious content using YARA rules. It features options for manual or periodic scans, with quarantine capabilities for detected threats. The script utilizes OS-specific paths and interfaces.

A pure client side Bitbucket Pipe containing a collection of open source tools to perform various types of additional analysis on a CycloneDX or SPDX sBOM (Software Bill of Materials).

This tool automates the process of auditing a web application for common security vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and missing HTTP security headers. The results of the audit are stored in an HTML report for easy review.

ASTRA (Architecture and Security Threat Review and Analysis) is a collaborative, business-driven methodology for security architecture review and threat modeling. NOT an audit.

Studying open source security resources in SUA

BlackVault is an open-source encrypted communication framework with embedded anti-tamper logic. Designed to detect unauthorized access and trigger system-level shutdowns, it offers autonomous, self-defending security at runtime.

Lightweight SOC lab with ELK, Suricata, ClamAV and Auditd — built and tested on a MacBook Air M1.