Stars
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, an…
Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
Software Component Verification Standard (SCVS)
Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
GitHub action to generate a CycloneDX SBOM for .NET
A demo of the new System.CommandLine tools.
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects
CycloneDX SBOM Model and Utils for Creating and Validating BOMs
creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects
Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects
CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
A .NET Core global tool to display and update outdated NuGet packages in a project
Import CSV and JSON into PostgreSQL the easy way
Original Apollo 11 Guidance Computer (AGC) source code for the command and lunar modules.
Snapshooter is a snapshot testing tool for .NET Core and .NET Framework
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. …
Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
ReportGenerator converts coverage reports generated by coverlet, OpenCover, dotCover, Visual Studio, NCover, Cobertura, JaCoCo, Clover, gcov or lcov into human readable reports in various formats.
A public version of Unity's internal SSDLC. Meant to provide an example framework, not just to share with others, but to also take contributions and continue to improve and evolve.
A script that can see if an email address is valid in Office365 (user/email enumeration). This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering a…
WAFBench (wb) is a tool to measure the performance of WAF(Web Application Firewall) . It's based on latest code of ab (ApacheBench), and adds support for real trace replaying, framework of testing …