andrew

🚙

I may be slow to respond.

Andrew Nesbitt andrew

🚙

I may be slow to respond.

Working on mapping the world of open source software @ecosyste-ms and empowering developers with @octobox

3.4k followers · 3.5k following

Sponsoring

+23

Achievements

x2 x4 x4

Achievements

x2 x4 x4

Highlights

Developer Program Member
Pro

Organizations

Starred repositories

matthewdeanmartin / skip_trace

Who owns your dependencies

Python 2 Updated Dec 1, 2025

analysis-tools-dev / static-analysis

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

Rust 14,282 1,409 Updated Dec 26, 2025

social-web-foundation / jekyll-activitypub

A plugin for Jekyll to generate a feed in ActivityPub format

Ruby 11 1 Updated Aug 4, 2025

tiiuae / sbomnix

A suite of utilities to help with software supply chain challenges on nix targets

Python 225 30 Updated Nov 12, 2025

wilburhimself / gem_guard

GemGuard is your one-stop solution for Ruby supply chain security. Detect vulnerabilities, identify typosquats, generate SBOMs, and secure your dependencies with enterprise-grade tooling designed f…

Ruby 13 1 Updated Sep 2, 2025

andrew / go-bundler

Go-style imports for Ruby

Ruby 1 Updated Dec 25, 2025

in-toto / witness

Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

Go 511 74 Updated Dec 22, 2025

andrew / changelog-parser

Parse changelog files into structured data

Ruby 5 Updated Dec 23, 2025

adulau / mmdb-server

mmdb-server is an open source fast API server to lookup IP addresses for their geographic location.

Python 184 26 Updated Dec 22, 2025

Derek-Jones / ESEUR-code-data

Code and data used to create the examples in "Evidence-based Software Engineering based on the publicly available data"

R 420 48 Updated Sep 9, 2025

Derek-Jones / ESEUR-book

Issue handling for Evidence-based Software Engineering: based on the publicly available data

283 17 Updated Apr 5, 2025

opengrep / opengrep

🔎 Static code analysis engine to find security issues in code.

OCaml 1,978 161 Updated Dec 26, 2025

andrew / semgrep-codeql

Converted security rules fromcodeql to semgrep format.

1 Updated Dec 21, 2025

andrew / andrew

Content for GitHub profile

Ruby 9 1 Updated Dec 26, 2025

andrew / jekyll-stats

Jekyll plugin that generates site statistics

Ruby 1 Updated Dec 21, 2025

trevorwinser / advisories

Forked from ecosyste-ms/advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Ruby 1 Updated Dec 15, 2025

BurntSushi / ripgrep

ripgrep recursively searches directories for a regex pattern while respecting your gitignore

Rust 58,374 2,344 Updated Dec 17, 2025

iosifache / semgrep-rules-manager

Manager of 14 third-party sources comprising approximately 4,000 Semgrep rules 🗂

Python 92 6 Updated Dec 24, 2025

open-energy-transition / openmod-tracker

Repository to support analyzing energy system design models based on data

Python 20 10 Updated Dec 23, 2025

VirusTotal / yara

The pattern matching swiss knife

C 9,302 1,546 Updated Nov 26, 2025

semgrep / semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

OCaml 13,709 843 Updated Dec 26, 2025

ecosyste-ms / typosquatting-dataset

A curated dataset of known package typosquats from public security research. Maps malicious packages to their legitimate targets with ecosystem, classification, and source attribution.

3 1 Updated Dec 17, 2025

galtzo-floss / json_schemer-fuzz

Forked from deme0607/json-fuzz-generator

fuzz parameter generator from json-schema

Ruby 7 1 Updated Aug 13, 2025

Andrew Nesbitt andrew

Sponsors

Sponsoring

Highlights

Organizations

Starred repositories

hanami