pombredanne
Passionate FOSS hacker. On a mission towards easier and safer open source code reuse with open source SCA tools, data and standards @aboutcode-org
@aboutcode-org and @nexB Earth
Pinned Repositories
aboutcode-toolkit
:white_check_mark: AboutCode Toolkit provides a simple way to document provenance metadata (origin and license) about third-party code that you use in your project: it includes utilities to generate inventory/BOM or Attribution documentation.
scancode-toolkit
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
scancode-workbench
:bar_chart: ScanCode Workbench is a desktop app to review and conclude license and origin from code scans generated by ScanCode Toolkit.
vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
awesome-succint-data-structures
A curated list of awesome succint data structures, libraries, algorithms and articles for efficient computing in a smaller memory footprint.
gpl-history
labyrinth
Come inside, and have a nice cup of tea.
xxHash-3
Extremely fast non-cryptographic hash algorithm
pombredanne's Repositories
pombredanne/gpl-history
pombredanne/apkindex-archive
Archive for APKINDEX
pombredanne/audit-filter
Filter for npm audit results
pombredanne/automation-working-group
CVE Automation Working Group
pombredanne/codellm-devkit
codellm-devkit provides unified language to get off-the-shelf static analysis for multiple programming languages and support for applying those analyses for code LLM use cases.
pombredanne/compliance-scripts
A collection of scripts for license compliance scanning, mostly experimental
pombredanne/crustfilt
pombredanne/cve-search
a tool to perform local searches for known vulnerabilities
pombredanne/CVEfixes
CVEfixes: Automated Collection of Vulnerabilities and Their Fixes from Open-Source Software
pombredanne/fabric8-analytics-jobs
pombredanne/fabric8-analytics-server-
pombredanne/foss-policy-template
Plain text version of the OSADL Open Source Policy Template: The Basis for License Compliance
pombredanne/go-vcsurl
Lenient VCS repository URL parsing library for Go
pombredanne/https-gitbox.apache.org-repos-asf-commons-lang
pombredanne/license_tools
Collection of tools for working with Open Source licenses
pombredanne/malcontent
#supply #chain #attack #detection
pombredanne/malcontent-samples
Samples used for developing and testing malcontent rules.
pombredanne/mercator-go
pombredanne/Morefixes
MoreFixes: A Large-Scale Dataset of CVE Fix Commits Mined through Enhanced Repository Discovery
pombredanne/nvd-mirror
A mirror of CVE json provided by NVD's API 2.0.
pombredanne/OSSGadget
Collection of tools for analyzing open source packages.
pombredanne/pdbpy
A pure python implementation of Program Database file parsing
pombredanne/python-build-standalone
Produce redistributable builds of Python
pombredanne/rex-parser-generator
👑 REx Parser Generator
pombredanne/rure-python
Python wrapper of the RuRe.
pombredanne/rusty-dawg
Rust library for indexing and quickly searching large pretraining corpora
pombredanne/supplyshield
SupplyShield is an open-source application security orchestration framework designed to secure your software supply chain from vulnerabilities.
pombredanne/symbolicator
Puts the ator into symbolic
pombredanne/ValveResourceFormat
🔬 Valve's Source 2 resource file format parser, decompiler, and exporter.
pombredanne/website-3
Kubernetes website and documentation repo: