Ossillate Inc.

All

22 repositories

packj
Public
Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
python npm rubygems devops static-analysis pypi supply-chain sandboxing developer-tools dynamic-analysis
Python
•
GNU Affero General Public License v3.0
•36•629•11•3•Updated Apr 2, 2024Apr 2, 2024
packj-github-action
Public
Packj audits pull requests for malicious/risky open-source deps
security-audit static-analysis infosec malware-analysis vulnerability-scanner supply-chain-security supply-chain-attacks security security-tools
4•10•1•0•Updated Aug 29, 2023Aug 29, 2023
sinopia
Public
Private npm repository server
JavaScript
•655•0•0•1•Updated Jun 14, 2023Jun 14, 2023
top-1m
Public
0•0•0•0•Updated May 25, 2023May 25, 2023
packj-github-action-demo
Public
This test repo demos usage of Packj.dev GitHub Action to flag risky devs
Apache License 2.0
•0•2•1•27•Updated May 12, 2023May 12, 2023
packj-npm-registry-firewall-action-demo
Public
Demo for Packj NPM registry firewall action
Apache License 2.0
•0•0•0•4•Updated May 9, 2023May 9, 2023
packj-npm-registry-firewall-action
Public
Packj firewall for NPM registry
Apache License 2.0
•0•0•0•0•Updated May 9, 2023May 9, 2023
packj-npm
Public
packj-npm
TypeScript
•
MIT License
•2•0•0•1•Updated May 4, 2023May 4, 2023
packj-circleci-orb
Public
Packj CircleCI Orb
0•0•0•0•Updated Feb 28, 2023Feb 28, 2023
packj-gitlab-runner
Public
Packj GitLab Runner
0•0•0•0•Updated Feb 20, 2023Feb 20, 2023
confused
Public
Tool to check for dependency confusion vulnerabilities in multiple package management systems
Go
•
MIT License
•93•0•0•0•Updated Nov 30, 2022Nov 30, 2022
Frelatage
Public
The Python Fuzzer that the world deserves 🐍
Python
•
MIT License
•16•1•0•0•Updated Mar 22, 2022Mar 22, 2022
Symbolica
Public
Symbolica's open-source symbolic execution engine.
C#
•
MIT License
•6•0•0•0•Updated Feb 25, 2022Feb 25, 2022
tag-security
Public
🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
Shell
•
Other
•518•0•0•0•Updated Feb 1, 2022Feb 1, 2022
packagedna
Public
This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes. secure development, if currently supported, possible backdoors (malicio…
Python
•
MIT License
•16•0•0•0•Updated Aug 6, 2021Aug 6, 2021
maloss
Public
Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
Java
•
MIT License
•22•0•0•0•Updated Apr 26, 2021Apr 26, 2021
software-supply-chain-compromises
Public
A dataset of software supply chain compromises. Please help us maintain it!
Creative Commons Zero v1.0 Universal
•29•0•0•0•Updated Jan 5, 2021Jan 5, 2021
exploits
Public
exploits and proof-of-concept vulnerability demonstration files from the team at Hacker House
C
•
Other
•108•0•0•0•Updated Dec 9, 2020Dec 9, 2020
pypi-scan
Public
Scan pypi for typosquatting
Python
•
Apache License 2.0
•13•0•0•0•Updated Nov 24, 2020Nov 24, 2020
pypi_malware
Public
PyPI malware packages
Python
•
The Unlicense
•7•0•0•0•Updated Dec 12, 2018Dec 12, 2018
pypi-bad
Public
Bad packages from the pypi repository
Python
•6•0•0•0•Updated Dec 3, 2018Dec 3, 2018
osspolice
Public
Identifying Open-Source License Violation and 1-day Security Risk at Large Scale
Python
•
GNU General Public License v3.0
•30•0•0•0•Updated Jan 23, 2018Jan 23, 2018