Pinned Repositories
contains-oss
An Open Source Java tool to examine binary Java artifacts that we make available to clients and prospects. TAG_PRODUCTION, OWNER_KEN, DC_PUBLIC
Java2Json
Java 1.2 compatible JSON parser/formatter written as a single source file. This is Open Source. TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
log4j-detector
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
log4j-samples
Public testing data. Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228. TAG_TESTING, OWNER_KEN, DC_PUBLIC
log4j-transitive-example
Public testing data. Small Java project that depends indirectly on log4j-core-2.14.0.jar (to test SCA tools) TAG_TESTING, OWNER_KEN, DC_PUBLIC
mergebase-scan-action
Repository for the MergeBase Scan Github action, which is available in the Github Marketplace. TAG_PRODUCTION, OWNER_DELAN, DC_PUBLIC
stupid-git-tricks
Experimental test data. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
usn2json
usn2json - A published tool that converts mail archives to JSON. TAG_TOOL, OWNER_KELLY, DC_PUBLIC
Vulnerability.Direct.OldStyle
Sample project. TAG_TESTING, OWNER_KEN, DC_PUBLIC
Vulnerability.Transitive
Sample dotnet project with transitive dependencies on vulnerable NuGet components. TAG_TESTING, OWNER_KEN, DC_PUBLIC
MergeBase's Repositories
mergebase/log4j-detector
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
mergebase/log4j-samples
Public testing data. Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228. TAG_TESTING, OWNER_KEN, DC_PUBLIC
mergebase/contains-oss
An Open Source Java tool to examine binary Java artifacts that we make available to clients and prospects. TAG_PRODUCTION, OWNER_KEN, DC_PUBLIC
mergebase/Java2Json
Java 1.2 compatible JSON parser/formatter written as a single source file. This is Open Source. TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
mergebase/log4j-transitive-example
Public testing data. Small Java project that depends indirectly on log4j-core-2.14.0.jar (to test SCA tools) TAG_TESTING, OWNER_KEN, DC_PUBLIC
mergebase/CVE-2021-44228-Apache-Log4j-Rce
Apache Log4j 远程代码执行 - A fork of the example exploit code for the Log4J vulnerability. Used for reference. TAG_TESTING, OWNER_KEN, DC_PUBLIC
mergebase/flower
Used for demoing commit graph capabilities. TAG_TESTING, OWNER_DELAN, DC_PUBLIC
mergebase/mergebase-scan-action
Repository for the MergeBase Scan Github action, which is available in the Github Marketplace. TAG_PRODUCTION, OWNER_DELAN, DC_PUBLIC
mergebase/stupid-git-tricks
Experimental test data. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
mergebase/usn2json
usn2json - A published tool that converts mail archives to JSON. TAG_TOOL, OWNER_KELLY, DC_PUBLIC
mergebase/Vulnerability.Direct.OldStyle
Sample project. TAG_TESTING, OWNER_KEN, DC_PUBLIC
mergebase/Vulnerability.Transitive
Sample dotnet project with transitive dependencies on vulnerable NuGet components. TAG_TESTING, OWNER_KEN, DC_PUBLIC
mergebase/csv-compare
CSV-Compare is a tool for comparing vulnerability scans as reported in CSV files outputted by mergebase and OWASP-Dependency-Check tools. TAG_TOOL, OWNER_KEN, DC_PUBLIC
mergebase/defender-demo-shopizer
A shopping cart app (backend) for the Defender feature demo. Some modifications have been made for the purpose of the demo.
mergebase/defender-demo-shopizer-reactjs
A shopping cart app (frontend) for the Defender feature demo. Some modifications have been made for the purpose of the demo.
mergebase/jag-file-submission
Generic File Submission API - published API from BC Government. TAG_TOOL, OWNER_KELLY, DC_PUBLIC
mergebase/log4j-direct-example
Public testing data. Small Java project that depends directly on log4j-core-2.14.0.jar (to test SCA tools) TAG_TESTING, OWNER_KEN, DC_PUBLIC
mergebase/madness
Public Testing Data. TAG_TESTING, OWNER_DELAN, DC_PUBLIC
mergebase/Packages
A fork from a separate public repository of vulnerabilities JSON files containing vulnerable packages. TAG_VULN_DATA, OWNER_KEN, DC_PUBLIC
mergebase/sample
Public testing data. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
mergebase/struts-demo
Example of struts vulnerability. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
mergebase/struts-example
Example of struts vulnerability. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
mergebase/vuln-example-apacheds-all
Vulnerability examples. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
mergebase/Vulnerability.Direct
Sample dotnet project with direct dependencies on vulnerable NuGet components. TAG_TESTING, OWNER_KEN, DC_PUBLIC
mergebase/yarn-composer-sample