Starred repositories
Code and data used to create the examples in "Evidence-based Software Engineering based on the publicly available data"
Issue handling for Evidence-based Software Engineering: based on the publicly available data
🔎 Static code analysis engine to find security issues in code.
Converted security rules fromcodeql to semgrep format.
1
Updated Dec 21, 2025
trevorwinser / advisories
Forked from ecosyste-ms/advisoriesAn open API service providing security vulnerability metadata for many open source software ecosystems.
ripgrep recursively searches directories for a regex pattern while respecting your gitignore
Manager of third-party sources of Semgrep rules 🗂
Repository to support analyzing energy system design models based on data
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
A curated dataset of known package typosquats from public security research. Maps malicious packages to their legitimate targets with ecosystem, classification, and source attribution.
fuzz parameter generator from json-schema
🌴 TreeHaver is a cross-Ruby adapter for the tree-sitter & citrus parsing libraries; supporting MRI Ruby, JRuby, & TruffleRuby. Provides unified parsing API & AST when using ruby_tree_sitter, citrus…
Detect potential typosquatting packages across package ecosystems
Generate and verify lockfiles for GitHub Actions dependencies.
🌉 A bridge between decentralized social networks
🍺 Alcoholless: lightweight security sandbox for Homebrew (and others)
Parse, generate, and validate Software Bill of Materials (SBOM)
A utility to generate SPDX-compliant Bill of Materials manifests
Open Infrastructure Map, a view of infrastructure data in OpenStreetMap
A regular dump of the most-downloaded packages from PyPI
Create a contribution report based on contribution and sponsorsip by an organization or people with domains related to a given org
A GitHub Action used for publishing an Action to ghcr.io as an OCI container.
Schema.org profile for software types