david-a-wheeler
My work title is "Director of Open Source Supply Chain Security" at the Linux Foundation. Much of this isn't work though.
Linux Foundation
Pinned Repositories
awesome-static-analysis
Static analysis tools for all programming languages
cl-metamath
Metamath library/verifier in Common Lisp
flawfinder
a static analysis tool for finding vulnerabilities in C/C++ source code
jiffo
Javascript Interactive Fiction Framework that's Open Source Software - INACTIVE
make-audit
Easy-to-use tool for auditing Makefiles for errors
make-booster
Utility routines to simplify using GNU make and Python
mmverify.py
Metamath verifier in Python
railroader
A static analysis security vulnerability scanner for Ruby on Rails applications (OSS fork of Brakeman)
spdx-tutorial
A brief tutorial on how to use Software Package Data Exchange (SPDX)
vim-metamath
vim mode for editing metamath files
david-a-wheeler's Repositories
david-a-wheeler/flawfinder
a static analysis tool for finding vulnerabilities in C/C++ source code
david-a-wheeler/spdx-tutorial
A brief tutorial on how to use Software Package Data Exchange (SPDX)
david-a-wheeler/railroader
A static analysis security vulnerability scanner for Ruby on Rails applications (OSS fork of Brakeman)
david-a-wheeler/mmverify.py
Metamath verifier in Python
david-a-wheeler/make-booster
Utility routines to simplify using GNU make and Python
david-a-wheeler/make-audit
Easy-to-use tool for auditing Makefiles for errors
david-a-wheeler/david-a-wheeler.github.io
Personal website contents
david-a-wheeler/metamath-test
Test metamath verification implementations
david-a-wheeler/oss-vulnerability-guide
A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications.
david-a-wheeler/plot-stars
Plot nearby stars, e.g., for Project Hail Mary
david-a-wheeler/security-reviews
A community collection of security reviews of open source software components.
david-a-wheeler/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
david-a-wheeler/cosign
Container Signing
david-a-wheeler/forallx-yyc
UCalgary version of forallx, an introduction to formal logic
david-a-wheeler/fulcio
Sigstore OIDC PKI
david-a-wheeler/metamath-lamp
david-a-wheeler/omega-triage-portal
david-a-wheeler/openproofs.github.io
david-a-wheeler/OSSGadget
Collection of tools for analyzing open source packages.
david-a-wheeler/rekor
Software Supply Chain Transparency Log
david-a-wheeler/scorecard
Security Scorecards - Security health metrics for Open Source
david-a-wheeler/scorecard-action
Official GitHub Action for OpenSSF Scorecard.
david-a-wheeler/security-baseline
david-a-wheeler/security-insights-spec
OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Issues.
david-a-wheeler/sigstore-python
A codesigning tool for Python packages
david-a-wheeler/spdx-3-model
david-a-wheeler/temporary
david-a-wheeler/wg-best-practices-os-developers
OSSF Working group: secure code best practices for open source developers
david-a-wheeler/wg-securing-critical-projects
Helping allocate resources to secure the critical open source projects we all depend on.
david-a-wheeler/www-dwheeler-com
Repository representing alias www.dwheeler.com, NOT main dwheeler.com site