Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Asset inventory of over 800 public bug bounty programs.
Integrates Dependency-Check reports into SonarQube
《macOS软件安全与逆向分析》随书源码
A collection of cyber security books
Keyshuffling Attack for Persistent Early Code Execution in the Nintendo 3DS Secure Bootchain
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Monitoring exploits & references for CVEs
A simple Java command-line utility to mirror the CVE JSON data from NIST.
a programmer who loves reverse engineering and software security
Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the ...
Trickest Workflow for discovering log4j vulnerabilities and gathering the newest community payloads.
A Java library for parsing and programmatically using threat models
Integrates OWASP Zed Attack Proxy reports into SonarQube
The official repository of "GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics". The paper will appear in the IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, ...
A simple Java command-line utility to mirror the entire contents of VulnDB.
A Github repository I created while studying the Software Security course on Coursera. I made the repository public to discuss solutions with like-minded developers.