This is Go library for building GraphQL client with gqlgen

PORTGPT: Towards Automated Backporting Using Large Language Models(IEEE S&P2026)

A simple project to detect the Shai-Hulud npm supply chain attack

Redress - A tool for analyzing stripped Go binaries

Run malcontent security scanner on pull requests to detect malicious behavior changes between commits

Run zizmor from GitHub Actions!

Build your own custom Universal Blue Image!

Multi-Cloud Security Auditing Tool

The repository has collected about 10,000 malicious pypi packages. This dataset is the work of the ASE 2023 paper "An Empirical Study of Malicious Code In PyPI Ecosystem". Of course, we will contin…

Static analysis for GitHub Actions

A console script that allows you to easily update multiple git repositories at once

Scan GitHub Actions Workflow logs for IOCs

Linux kernel source tree with OpenPaX patch

Undocumented Change Detector #supplychain #security

Focused malicious code detection ruleset, with a high protection-to-noise ratio

This is a simple CLI tool that lists the latest version of a given package across all wolfi repositories

Tool for detecting violations of ordering axioms in qsort/bsearch callbacks.

A repo to conduct vulnerability enrichment.

Ressources for the regular meeting of distribution security teams

A simple CLI tool that queries OSV API to retrieve fixing information for a certain package

Application to keep track of updates on a Discourse server

Discourse API Client for Go

Work on fuzzing OpenPrinting projects

A tool for checking the security hardening options of the Linux kernel

The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability report…

TPM GPIO fail detection utility and proof of concept exploit