The security workflow engine!

GoRE - Package gore is a library for analyzing Go binaries

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatab…

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

CycloneDX SBOM Model and Utils for Creating and Validating BOMs

franz-go is a feature complete, pure Go library for Kafka from 0.8.0 through 4.1+. Producing, consuming, transacting, administrating, etc.

A tool to create, transform and attest VEX metadata

The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.

OSS-Fuzz - continuous fuzzing for open source software.

Incubating project for decoupling responsibilities from Dependency-Track's monolithic API server into separate, scalable services.

Gives criticality score for an open source project

Config files for my GitHub profile.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Free Accounting Software

Cloud cost estimates for Terraform in pull requests💰📉 Shift FinOps Left!

Kubernetes audit logging, when you don't control the control plane

Mega list of 1 on 1 meeting questions compiled from a variety to sources

AppSec Ezine Public Repository.

Writeups for HacktheBox 'boot2root' machines

Research on GraphQL from an AppSec point of view.

Shell Script For Attacking Wireless Connections Using Built-In Kali Tools. Supports All Securities (WEP, WPS, WPA, WPA2)

Wiki to collect Red Team infrastructure hardening resources

coWPAtty: WPA2-PSK Cracking

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources