andrewpollock
I'm a software engineer at Google, working on OSV.dev, which ties into open source vulnerability management and related software supply chain security.
Google Open Source Security TeamBrisbane
Pinned Repositories
aide
aide source code
andrewpollock
betterscan-ce
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan Community Edition (CE)
coreos-overlay
Custom ebuilds for CoreOS
advisory-database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
osv-scanner
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
osv.dev
Open source vulnerability DB and triage service.
cvelint
CLI tool to validate CVE v5 JSON records.
osv-schema
Open Source Vulnerability schema.
wg-best-practices-os-developers
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
andrewpollock's Repositories
andrewpollock/coreos-overlay
Custom ebuilds for CoreOS
andrewpollock/aide
aide source code
andrewpollock/andrewpollock
andrewpollock/betterscan-ce
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan Community Edition (CE)
andrewpollock/cantact.github.io
Webpage for CANtact tool
andrewpollock/cvelint
CLI tool to validate CVE v5 JSON records.
andrewpollock/docs
The open-source repo for docs.github.com
andrewpollock/generate
Generates Go (golang) Structs from JSON schema.
andrewpollock/go-git
A highly extensible Git implementation in pure Go.
andrewpollock/go-tools
Staticcheck - The advanced Go linter
andrewpollock/grpc
The C based gRPC (C++, Node.js, Python, Ruby, Objective-C, PHP, C#)
andrewpollock/json-formatter
Makes JSON easy to read.
andrewpollock/masterismail
andrewpollock/memos
An open-source, self-hosted memo hub with knowledge management and social networking.
andrewpollock/nvdtools
A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)
andrewpollock/oss-fuzz
OSS-Fuzz - continuous fuzzing for open source software.
andrewpollock/osv-scanner
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
andrewpollock/osv-schema
Open Source Vulnerability schema.
andrewpollock/osv.dev
Open source vulnerability DB and triage service.
andrewpollock/packageurl-go
Go implementation of the package url spec
andrewpollock/cve-cna-open-letter
An open letter to the CVE Project and CNAs
andrewpollock/cve-schema
This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published here. This repository is managed by the CVE Quality Working Group.
andrewpollock/purl-spec
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
andrewpollock/quality-workgroup
andrewpollock/renovate-rubygem-repro
Minimal reproduction for platform-specific RubyGem Renovate updating problem encountered
andrewpollock/rhcsaf2osv
Repo for collaborating on converting RedHat CSAF VEX to OSV. Final result now in https://github.com/ossf/osv-schema/tree/main/tools/redhat
andrewpollock/tools
[mirror] Go Tools