OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, an…

Go library to consume and produce CycloneDX Software Bill of Materials (SBOM)

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

Software Component Verification Standard (SCVS)

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

GitHub action to generate a CycloneDX SBOM for .NET

A demo of the new System.CommandLine tools.

A Doom port written in C#

The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

Creates CycloneDX Software Bill of Materials (SBOM) from Rust (Cargo) projects

CycloneDX SBOM Model and Utils for Creating and Validating BOMs

creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

A .NET Core global tool to display and update outdated NuGet packages in a project

ArcSight CEF Parser

Import CSV and JSON into PostgreSQL the easy way

Original Apollo 11 Guidance Computer (AGC) source code for the command and lunar modules.

Snapshooter is a snapshot testing tool for .NET Core and .NET Framework

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. …

Fennec.NetCore - .NET Core API dumper & patcher

Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.

ReportGenerator converts coverage reports generated by coverlet, OpenCover, dotCover, Visual Studio, NCover, Cobertura, JaCoCo, Clover, gcov or lcov into human readable reports in various formats.

A public version of Unity's internal SSDLC. Meant to provide an example framework, not just to share with others, but to also take contributions and continue to improve and evolve.

Various data formats for the SPDX License List including RDFa, HTML, Text, and JSON

Official NGINX and Amplify Dockerfiles

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

📚 Freely available programming books