Pinned Repositories
dependency-check-gradle
The dependency-check gradle plugin is a Software Composition Analysis (SCA) tool that allows projects to monitor dependent libraries for known, published vulnerabilities.
DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
GrokAssembly
Mono/.NET Project to get information about an assembly. Primarily for OWASP Dependency Check
InstallCert
Java program to retrieve server certificate that can be added to local keystore
malicious-dependencies
Demonstrates how a malicious dependency could negatively impact the build output.
maven-indexer
Indexer for Maven Repositories
musical-octo-carnival
A journey through the insecure defaults in GitHub Actions - wait who committed code to my repo?
Open-Vulnerability-Project
Java libraries for working with available vulnerability data sources (GitHub Security Advisories, NVD, EPSS, CISA Known Exploited Vulnerabilities, etc.)
sast-puzzle
jeremylong's Repositories
jeremylong/DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
jeremylong/Open-Vulnerability-Project
Java libraries for working with available vulnerability data sources (GitHub Security Advisories, NVD, EPSS, CISA Known Exploited Vulnerabilities, etc.)
jeremylong/malicious-dependencies
Demonstrates how a malicious dependency could negatively impact the build output.
jeremylong/musical-octo-carnival
A journey through the insecure defaults in GitHub Actions - wait who committed code to my repo?
jeremylong/sast-puzzle
jeremylong/GrokAssembly
Mono/.NET Project to get information about an assembly. Primarily for OWASP Dependency Check
jeremylong/teller
Cloud native secrets management for developers - never leave your command line for secrets.
jeremylong/cdn-jscan
jeremylong/CPE-Parser
A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST
jeremylong/ossinsight
Open Source Software Insights - Analysis, Comparison, Trends, Rankings of Open Source Software. Follow us on Twitter: https://twitter.com/ossinsight
jeremylong/phosphor
Phosphor: Dynamic Taint Tracking for the JVM
jeremylong/class-file-format-rule
DEPRECATED: consider using org.codehaus.mojo:extra-enforcer-rules.
jeremylong/commons-jcs
Apache Commons JCS
jeremylong/cyclonedx-cocoapods
Creates CycloneDX Software Bill-of-Materials (SBOM) from Objective-C and Swift projects that use CocoaPods.
jeremylong/cyclonedx-core-java
CycloneDX SBOM Model and Utils for Creating and Validating BOMs
jeremylong/cyclonedx-gradle-plugin
Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
jeremylong/delete-workflow-runs
An action to delete workflow runs in a repository.
jeremylong/github-release-maven-plugin
Maven plugin for creating GitHub releases
jeremylong/guarddog
:snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI and npm packages
jeremylong/homebrew-core
🍻 Default formulae for the missing package manager for macOS
jeremylong/hyades
Proof-of-concept for decoupling responsibilities from Dependency-Track's monolithic API server into separate, scalable services, based on Apache Kafka.
jeremylong/jcs3-slf4j
Log adapter for use with JCS3 to bind to slf4j.
jeremylong/odc-falsepositives
throw away project to test dependency-check false positives
jeremylong/OSSRH-86213
jeremylong/owasp-change.github.io
An Open Letter to the OWASP Board
jeremylong/owasp-dependency-check-reproducer
jeremylong/purl-spec
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
jeremylong/sbt-dependency-check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs).
jeremylong/semver4j
Semantic versioning for Java apps.
jeremylong/workflow-test