stevespringett
I build stuff, I break stuff, I develop stuff to protect stuff. Creator of @DependencyTrack. Chair of @CycloneDX and @Ecma-TC54. Core team of @package-url
@ServiceNowChicago
Pinned Repositories
specification
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Software-Component-Verification-Standard
Software Component Verification Standard (SCVS)
purl-spec
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
Alpine
An opinionated scaffolding framework that jumpstarts Java projects with an API-first design, secure defaults, and minimal dependencies
CPE-Parser
A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST
cvss-calculator
A Java library for calculating CVSSv2 and CVSSv3 scores and vectors
disable-webassembly
Browser hacks to disable WebAssembly (WASM)
nist-data-mirror
A simple Java command-line utility to mirror the CVE JSON data from NIST.
threatmodel-sdk
A Java library for parsing and programmatically using threat models
stevespringett's Repositories
stevespringett/nist-data-mirror
A simple Java command-line utility to mirror the CVE JSON data from NIST.
stevespringett/disable-webassembly
Browser hacks to disable WebAssembly (WASM)
stevespringett/threatmodel-sdk
A Java library for parsing and programmatically using threat models
stevespringett/Alpine
An opinionated scaffolding framework that jumpstarts Java projects with an API-first design, secure defaults, and minimal dependencies
stevespringett/CPE-Parser
A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST
stevespringett/cvss-calculator
A Java library for calculating CVSSv2 and CVSSv3 scores and vectors
stevespringett/vulndb-data-mirror
A simple Java command-line utility to mirror the entire contents of VulnDB.
stevespringett/owasp-risk-rating-calculator
A Java library for programmatically calculating OWASP Risk Rating scores
stevespringett/touchdraw-aws-stencil-library
Amazon Web Services Stencil Library for TouchDraw
stevespringett/maven-uuid-generator
The Maven UUID Generator Plugin generates a unique UUID for each build and assigns the value to project.build.uuid
stevespringett/cocoapods-dependencies
Shows a project's CocoaPods dependency graph
stevespringett/json-schema-for-humans
Quickly generate HTML documentation from a JSON schema
stevespringett/owasp-masvs
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
stevespringett/schemastore
A collection of JSON schema files including full API
stevespringett/stevespringett.github.io
stevespringett/.github
Community health files for the @GitHub organization
stevespringett/18f.gsa.gov
The 18F website
stevespringett/1password-teams-open-source
Get a free 1Password Teams membership for your open source project
stevespringett/ASVS
Application Security Verification Standard
stevespringett/commons-parent
Apache Commons Parent
stevespringett/jsonschema-grammar-action
An experimental GitHub Action that performs a grammar check on JSON Schemas
stevespringett/owasp-change.github.io
An Open Letter to the OWASP Board
stevespringett/owasp.github.io
OWASP Foundation main site repository
stevespringett/SecureSoftwareSupplyChain
This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.
stevespringett/server-side-tls
Server side TLS Tools
stevespringett/startleft
StartLeft is an automation tool for generating Threat Models written in the Open Threat Model (OTM) format from a variety of different sources such as IaC files, diagrams or projects exported from Threat Modelling tools.
stevespringett/www-board-candidates
stevespringett/www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
stevespringett/www-policy
stevespringett/www-project-juice-shop
OWASP Foundation Web Respository