Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.

Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.

Curated collection of cybersecurity tools featured in Black Hat Arsenal events.

[ISSTA 2024] PatchFinder: A Two-Phase Approach to Security Patch Tracing for Disclosed Vulnerabilities in Open Source Software

Secure your code in seconds. VibeSafe is an AI-native DevSecOps CLI tool that detects vulnerabilities, secrets, insecure configs, and hallucinated dependencies before they ship.

TuxCare SecureChain enhances Java supply chain security through vetted libraries, vulnerability fixes, and extended support. Ideal for enterprise-level compliance and secure development.

Apache OfBiz Auth Bypass Scanner for CVE-2023-51467

Securiskan: Scan files for malware. Secure your digital space.

How to secure your development pipeline with static application security test (SAST) / Dynamic application security test (DAST), software composition analysis (SCA) using Sonarqube.

InvisioVault is My daily learning sandbox for mastering steganography. Hide any files from documents and photos to videos and full folders inside ordinary images that look perfectly normal. Built with curiosity, crafted with passion.

This repository provides comprehensive guides, configurations, rules, and practical examples for Snort, the open-source intrusion detection system (IDS). Ideal for cybersecurity professionals and enthusiasts looking to enhance their network security skills.

Comprehensive Exploit Chain for Multiple Vulnerabilities in VinChin Backup & Recovery <= 7.2

A pure client side CycloneDX SBOM Generator for node/npm projects

Multi-cloud xSPM platform to scan, visualize, and remediate security risks across cloud, containers, and Kubernetes environments.

This CLI Program is an antivirus tool designed to scan directories, files, or entire drives for malicious content using YARA rules. It features options for manual or periodic scans, with quarantine capabilities for detected threats. The script utilizes OS-specific paths and interfaces.

Comprehensive taxonomy of AI security vulnerabilities, LLM adversarial attacks, prompt injection techniques, and machine learning security research. Covers 71+ attack vectors including model poisoning, agentic AI exploits, and privacy breaches.

ASTRA (Architecture and Security Threat Review and Analysis) is a collaborative, business-driven methodology for security architecture review and threat modeling. NOT an audit.

A pure client side Bitbucket Pipe containing a collection of open source tools to perform various types of additional analysis on a CycloneDX or SPDX sBOM (Software Bill of Materials).

This tool automates the process of auditing a web application for common security vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and missing HTTP security headers. The results of the audit are stored in an HTML report for easy review.