Coverage-guided, in-process fuzzing for the JVM

JQF + Zest: Coverage-guided semantic fuzzing for Java.

OSS-Fuzz - continuous fuzzing for open source software.

A curated list of tech stacks for building different applications & features

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, an…

Metasploit Framework

OpenSSF Scorecard - Security health metrics for Open Source

Supply-chain Levels for Software Artifacts

GUAC aggregates software security metadata into a high fidelity graph database.

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

This is the development repository for the OpenFHE library. The current version is 1.4.2 (released on October 20, 2025).

OWASP CRS (Official Repository)

Automatically provision and manage TLS certificates in Kubernetes

An HTTP library for Rust

Single Sign-on authentication support for Moqui

Modern observability platform: 10x easier, 140x lower storage cost, petabyte scale. Open-source alternative to Elasticsearch/Splunk/Datadog for logs, metrics, traces, RUM, and more.

SQLCipher is a standalone fork of SQLite that adds 256 bit AES encryption of database files and other security features.

Conscrypt is a Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension.

Ruby on Rails

Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)

Cross-platform asynchronous I/O

A modern, portable, easy to use crypto library.

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a rang…

🛡️ Open-source and next-generation Web Application Firewall (WAF)

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections…