OpenCode skill + MCP server that runs an automated GitHub Copilot PR review loop: request review, wait, triage, push fixes, reply, resolve, repeat.

Jagged Frontier: LLM vulnerability detection benchmark harnesses (API + Claude Code agentic)

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

Build and query a graph database representation of source code

Proof of thought : LLM-based reasoning using Z3 theorem proving with multiple backend support (SMT2 and JSON DSL)

Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)

a static analysis tool for finding vulnerabilities in C/C++ source code

OpenAnt from Knostic is the leading open source LLM-based vulnerability discovery product, helping defenders proactively find verified security flaws while minimizing both false positives and false…

Where a Gopher meets lots of 🌳 Sitters

ACER is an AST-based Callgraph Generator Development Framework

Rust implementation of stack graphs

Go bindings for tree-sitter

aider is AI pair programming in your terminal

Language-agnostic AI auditor that autonomously builds and refines adaptive knowledge graphs for deep, iterative code reasoning.

A blazing fast AI Gateway with integrated guardrails. Route to 1,600+ LLMs, 50+ AI Guardrails with 1 fast & friendly API.

Buttercup finds and patches software vulnerabilities

A flexible framework for security teams to build and deploy AI-powered workflows that complement their existing security operations.

OSV-SCALIBR: A library for Software Composition Analysis

Pishi is a code coverage tool like kcov for macOS.

A PowerPoint add-in that splits slides according to slideshow-time animation effects

Golem automates C/C++ vulnerability discovery with SemGrep+LLVM+LLM

A collection of utilities for building extensions using Burp's Montoya API

Advanced Burp Suite Logging Extension

Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini

Playwright MCP server

Tool for finding URLs, paths, secrets and generating raw HTTP requests and OpenApi specifications from config files and annotations used in JAR / WAR / APK applications.