Stars
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
MATURE: A set of Maven tools for dealing with Dockerfiles
A new version of Soot with a completely overhauled architecture
Jar Jar Links is a utility that makes it easy to repackage Java libraries and embed them into your own distribution.
Nailgun is a client, protocol, and server for running Java programs from the command line without incurring the JVM startup overhead.
A Maven plugin that generates dependency graphs in various formats (DOT, GML, PlantUML, JSON and Text)
Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://ecl…
A Java implementation of Locality Sensitive Hashing (LSH)
Java library to generate markdown
Revapi is an API analysis and change tracking tool written in Java. Its focus is mainly on Java language itself but it has been specifically designed to not be limited to just Java. API is much mo…
A simple Java command-line utility to mirror the CVE JSON data from NIST.
CycloneDX SBOM Model and Utils for Creating and Validating BOMs
A pedagogically-curated collection of vulnerability demonstrations for undergraduate software engineering students.
A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes wit…
Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)
Plexus compiler a layer on top of compilers and used by maven-compiler-plugin
A dataset of reproducible breaking dependency updates, SANER 2024 (https://doi.org/10.1109/SANER60148.2024.00024)
SigTest is the tool for checking incompatibilities between different versions of the same API.
A pedagogically-curated collection of vulnerability demonstrations for undergraduate software engineering students.