Low-effort reachability analysis for third-party code vulnerabilities.

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container …

blint is a Binary Linter that checks the security properties and capabilities of your executables. It can also generate a Software Bill-of-Materials (SBOM) for supported binaries.

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Fast and accurate AI powered file content types detection

A set of utilities and tools to detect and search AI-generated code

BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.

Ruby implementation of the package url spec

PHP implementation of the package url spec

Tools to inspect source code and code symbols

atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.

VFCFinder: Searching for the Missing Vulnerability Fixing Commits

A cybersecurity dataset consisting of 4.3 million entries of Twitter, Blogs, Paper, and CVEs

PHP implementation of the package url spec

The comprehensive WSGI web application library.

Command line utility to identify the change that last modified a line of code. Useful for identifying which commit likely contributed to a vulnerability. Uses `git blame`.

MoreFixes: A Large-Scale Dataset of CVE Fix Commits Mined through Enhanced Repository Discovery

Given a CVE along with the PURL and the repository URL, identifies the root cause functions/methods for the CVE.

Typed interactions with the GitHub API v3

Run ScanCode.io pipelines from your Workflows

CrystalLens is a social media screening and analysis platform that collects posts from multiple sources (via Apify scrapers) and applies local AI (Ollama) to generate character insights, behavioral…

Python implementation of the package url spec. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and other generous sponsors.

ClamAV - Documentation is here: https://docs.clamav.net

SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It supports a variety of open source vulnerability scanners and integ…

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydata…

Registry index for crates.io

A changelog finder and parser for packages available on pypi, npm and rubygems.

☠️ Ground-truth dataset for vulnerability prediction (known research datasets and data sources included such as NVD, CVE Details and OSV); tools to automatically update the data are provided.

MegaVul - The largest, high-quality, extensible, continuously updated, C/C++/Java vulnerability dataset

Autogrep automates Semgrep rule generation and filtering by using LLMs to analyze vulnerability patches, enabling automatic creation of high-quality security rules without manual curation.