Projects we track
As part of the Be-Secure project, the community will be tracking the following projects –
Hyperledger Fabric
Blockchain solutions | DA
Hyperledger Fabric delivers a uniquely elastic and extensible architecture, distinguishing it from alternative blockchain solutions. Planning for the future of enterprise blockchain requires building on top of a fully-vetted, open source architecture; Hyperledger Fabric is your starting point. This project is an Active Hyperledger project. Hyperledger Fabric is a platform for distributed ledger solutions, underpinned by a modular architecture delivering high degrees of confidentiality, resiliency, flexibility and scalability. It is designed to support pluggable implementations of different components, and accommodate the complexity and intricacies that exist across the economic ecosystem.
Hyperledger Indy
Blockchain solutions | DA
This is the official SDK for Hyperledger Indy, which provides a distributed-ledger-based foundation for self-sovereign identity. Indy provides a software ecosystem for private, secure, and powerful identity, and the Indy SDK enables clients for it. The major artifact of the SDK is a C-callable library; there are also convenience wrappers for various programming languages and Indy CLI tool. All bugs, stories, and backlog for this project are managed through Hyperledger's Jira in project IS (note that regular Indy tickets are in the INDY project instead.)
Hyperledger BESU
Blockchain solutions | DA
Besu is an Apache 2.0 licensed, MainNet compatible, Ethereum client written in Java.
Hyperledger Sawtooth
Blockchain solutions | DA
Hyperledger Sawtooth is an enterprise solution for building, deploying, and running distributed ledgers (also called blockchains). It provides an extremely modular and flexible platform for implementing transaction-based updates to shared state between untrusted parties coordinated by consensus algorithms.
Hyperledger BURROW
Blockchain solutions | DA
Hyperledger Burrow is a permissioned Ethereum smart-contract blockchain node. It executes Ethereum EVM and WASM smart contract code (usually written in Solidity) on a permissioned virtual machine. Burrow provides transaction finality and high transaction throughput on a proof-of-stake Tendermint consensus engine.
Hyperledger IROHA
Blockchain solutions | DA
Iroha is a straightforward distributed ledger technology (DLT), inspired by Japanese Kaizen principle — eliminate excessiveness (muri). Iroha has essential functionality for your asset, information and identity management needs, at the same time being an efficient and trustworthy crash fault-tolerant tool for your enterprise needs.
Hyperledger ARIES
Blockchain solutions | DA
Hyperledger Aries allows trusted online peer-to-peer interactions based on decentralized identities and verifiable credentials. Aries includes a protocol definition, tools, and reference implementations. The Aries protocol supports identities rooted in a variety of distributed ledgers or blockchains. This approach to identity is often called Self Soverign Identity (SSI).
Hyperledger CACTUS
Blockchain solutions | DA
Hyperledger Cactus aims to provide Decentralized, Secure and Adaptable Integration between Blockchain Networks. Hyperledger Cactus is currently undergoing a major refactoring effort to enable the desired to-be architecture which will enable plug-in based collaborative development to increase the breadth of use cases & Ledgers supported.
Hyperledger CELLO
Blockchain solutions | DA
Hyperledger Cello is a blockchain provision and operation system, which helps manage blockchain networks in an efficient way.
Hyperledger CALIPER
Blockchain solutions | DA
Caliper is a blockchain performance benchmark framework, which allows users to test different blockchain solutions with predefined use cases, and get a set of performance test results.
DefectDojo
Vulnerability management tool | S
DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, triage vulnerabilities and push findings into defect trackers.
OWASP Zed Attack Proxy
security tool | S
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing
BeEF
Browser Exploitation Framework | S
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
OpenDXL Ontology
Interoperable cybersecurity messaging | S
The OpenDXL Ontology project is focused on the development of an open and interoperable cybersecurity messaging format for use with the OpenDXL messaging bus.
CS-Suite
AWS infrastructure auditing tool | S
CS Suite is a one stop tool for auditing the security posture of the AWS infrastructure and does system audits as well. CS Suite leverages current open source tools capabilities and has other missing checks added into one tool to rule them all.
STIX-shifter
Python library | S
STIX-shifter is an open source python library allowing software to connect to products that house data repositories by using STIX Patterning, and return results as STIX Observations
openscap
SCAP document scanner | S
The oscap program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents.
fuzzbench
Fuzzing research evaluator | S
FuzzBench is a free service that evaluates fuzzers on a wide variety of real-world benchmarks, at Google scale. The goal of FuzzBench is to make it painless to rigorously evaluate fuzzing research and make fuzzing research easier for the community to adopt.
ghidra
Software reverse engineering (SRE) framework | S
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features.
differential-privacy
Repository tool | S
This repository contains libraries to generate ε- and (ε, δ)-differentially private statistics over datasets
Syncope
Digital identity manager | S
Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology and released under Apache 2.0 license.
pritunl-zero
Authentication system | S
Pritunl-Zero is a zero trust system that provides secure authenticated access to internal services from untrusted networks without the use of a VPN.
Pacu
AWS exploitation framework | S
Pacu is an open-source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality.
Nmap
Network scanner | S
Nmap is released under a custom license, which is based on (but not compatible with) GPLv2. The Nmap license allows free usage by end users, and we also offer a commercial license for companies that wish to redistribute Nmap technology with their products.
TRASA
Access control | S
TRASA is a unified access control platform with identity-aware access proxy, privileged access management, two-factor authentication, device trust, and access policy features that enable secure remote access to Web, SSH, RDP, and Database services
Kestrel
Web server | A
Kestrel threat hunting language provides an abstraction for threat hunters to focus on what to hunt instead of how to hunt. The abstraction makes it possible to codify resuable hunting knowledge in a composable and sharable manner.
Snort
Intrusion Prevention System | S
Snort 3 is the next generation Snort IPS (Intrusion Prevention System). This file will show you what Snort++ has to offer and guide you through the steps from download to demo
CSET
Security Evaluation Tool | S
The Cyber Security Evaluation Tool (CSET®) is a Department of Homeland Security (DHS) product that assists organizations in protecting their key national cyber assets. It was developed by cybersecurity experts under the direction of CISA. The tool provides users with a systematic and repeatable approach to assessing the security posture of their cyber systems and networks
Malcolm
Network analyzer | S
Malcolm is a powerful network traffic analysis tool suite
CTI
Repository tool | S
This repository contains the MITRE ATT&CK® and CAPEC™ datasets expressed in STIX 2.0. See USAGE or USAGE-CAPEC for information on using this content with python-stix2.
OSSEC
Platform for monitor | S
OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution
Zeek
Network tool | S
A powerful framework for network traffic analysis and security monitoring.
Security Onion Solutions
Security Onion maintainer | S
Security Onion Solutions, LLC is the creator and maintainer of Security Onion, a free and open platform for threat hunting, network security monitoring, and log management. Security Onion includes best-of-breed free and open tools including Suricata, Zeek, Wazuh, the Elastic Stack and many others
OpenCTI
Security threat manager | S
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats.
Croc
File transfer | S
croc is a tool that allows any two computers to simply and securely transfer files and folders.
Security Monkey
AWS monitor | S
Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. Support is available for OpenStack public and private clouds. Security Monkey can also watch and monitor your GitHub organizations, teams, and repositories.
Scorecard
Automated analyzer | S
Automate analysis and trust decisions on the security posture of open source projects.
Syft
SBOM Generator | S
A CLI tool and go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner tool like Grype.
Grype
Vulnerability scanner | S
A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems.
Emmy
Protocols Library | S
Emmy is a library for building protocols/applications based on zero-knowledge proofs, for example anonymous credentials. Zero-knowledge proofs are client-server protocols (in crypto terms also prover-verifier, where the prover takes on the role of the client, and the verifier takes on the role of the server) where the client proves a knowledge of a secret without actually revealing the secret
Threat Dragon
Threat modelling | S
Threat Dragon is a free, open-source, cross-platform threat modelling application including system diagramming and a threat rule engine to auto-generate threats/mitigations. It is an OWASP Incubator Project and follows the values and principles of the threat modeling manifesto. The roadmap for the project is a simple UX, a powerful rule engine and integration with other development lifecycle tools.
Trivy
Vulnerability scan | S
Trivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and language-specific packages (Bundler, Composer, npm, yarn, etc.). In addition, Trivy scans Infrastructure as Code (IaC) files such as Terraform, Dockerfile and Kubernetes, to detect potential configuration issues that expose your deployments to the risk of attack.
OWASP Glue
Framework for Security tools | S
Glue is a framework for running a series of tools. Generally, it is intended as a backbone for automating a security analysis pipeline of tools.
ModSecurity
Interface for ModSecurity Connectors | S
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. In general, it provides the capability to load/interpret rules written in the ModSecurity SecRules format and apply them to HTTP content provided by your application via Connectors.
Archery
Vulnerability assessment/management | S
Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.
Trellis
Trellis is an open source project and completely free to use.
However, the amount of effort needed to maintain and develop new features and products within the Roots ecosystem is not sustainable without proper financial backing.
GitLab-foss
GitLab FOSS is a read-only mirror of GitLab, with all proprietary code removed. This project was previously used to host GitLab Community Edition, but all development has now moved to https://gitlab.com/gitlab-org/gitlab.
GitLabhq
GitLab CE Mirror | Please open new issues in our issue tracker on GitLab.com
Molecule
Molecule project is designed to aid in the development and testing of Ansible roles.
Molecule provides support for testing with multiple instances, operating systems and distributions, virtualization providers, test frameworks and testing scenarios.
Molecule encourages an approach that results in consistently developed roles that are well-written, easily understood and maintained.
Server
MariaDB was designed as a drop-in replacement of MySQL(R) with more features, new storage engines, fewer bugs, and better performance.
MariaDB is brought to you by the MariaDB Foundation and the MariaDB Corporation. Please read the CREDITS file for details about the MariaDB Foundation, and who is developing MariaDB.
MariaDB is developed by many of the original developers of MySQL who now work for the MariaDB Corporation, the MariaDB Foundation and by many people in the community.
Meta-ros
As of Milestone 16 (2021-06-24), this branch can be used to build the releases current at the end of June 2021 of ROS 2 dashing, eloquent, foxy, galactic, and rolling and ROS 1 melodic and noetic with the honister OpenEmbedded release series.
The original implementation of meta-ros for ROS 1 Indigo Igloo (https://github.com/bmwcarit/meta-ros) was transferred here on 2019-06-25. It has been converted to use recipes generated by superflore.
Lightning
Lightning is a (TV) app development framework that offers great portability and performance.
Moodle
Moodle - the world's open source learning platform
Moodle https://moodle.org is a learning platform designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalised learning environments.
You can download Moodle https://download.moodle.org and run it on your own web server, ask one of our Moodle Partners https://moodle.com/partners/ to assist you, or have a MoodleCloud site https://moodle.com/cloud/ set up for you.
Moodle is widely used around the world by universities, schools, companies and all manner of organisations and individuals.
Odoo
Odoo is a suite of web based open source business apps.
The main Odoo Apps include an Open Source CRM, Website Builder, eCommerce, Warehouse Management, Project Management, Billing & Accounting, Point of Sale, Human Resources, Marketing, Manufacturing, ...
Odoo Apps can be used as stand-alone applications, but they also integrate seamlessly so you get a full-featured Open Source ERP when you install several Apps.
KochiOrgBook (KOB)
KochiOrgBook is a community initiative focused on building a digital ecosystem for the various associations in Kochi.
Jackhammer
Jackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev team, QA team and being a facilitator for TPM to understand and track the quality of the code going into production. It could do static code analysis and dynamic analysis with inbuilt vulnerability management capability. It finds security vulnerabilities in the target applications and it helps security teams to manage the chaos in this new age of continuous integration and continuous/multiple deployments.
Terminalizer
Record your terminal and generate animated gif images or share a web player link terminalizer.com
Lycan
Lycan is an implementation of the OpenC2 OASIS standard for command and control messaging. The current implementation is based on the Language Specification v1.0.
Given the influence of STIX/CyBoX on OpenC2, this library is heavily based on the STIX 2 Python API internals. Property validation and object extension support aligns with STIX2 conventions and OpenC2 custom properties also support stix2 properties.
SWIG-WX
SWIG reads annotated C/C++ header files and creates wrapper code (glue code) in order to make the corresponding C/C++ libraries available to the listed languages, or to extend C/C++ programs with a scripting language.
Shellinabox
Shell In A Box implements a web server that can export arbitrary command line tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser and does not require any additional browser plugins.
Osmedeus
Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.
TKLDev
TKLDev is the mother of all TurnKey apps. It's used to give birth to all TurnKey apps, including new versions of itself. It's designed to make simple things simple, and hard things possible. It's a self-contained build system that can be used to rapidly prototype and repeatably build any generic Debian-based Linux distribution or TurnKey GNU/Linux system from source.
Patton
Patton is a set of tools for helping admins and security auditors to search for vulnerabilities in software components and computer systems.
Patton contains, at this moment, the tools needed to analyze vulnerabilities on Ubuntu, Debian and RHEL 8 or newer systems and we are currently working on increasing the targets to include Python dependencies.
Patton is an OWASP project: https://owasp.org/www-project-patton/
PPM - PHP Process Manager
PHP-PM is a process manager, supercharger and load balancer for PHP applications.
It's based on ReactPHP and works best with applications that use request-response frameworks like Symfony's HTTPKernel. The approach of this is to kill the expensive bootstrap of PHP (declaring symbols, loading/parsing files) and the bootstrap of feature-rich frameworks. See Performance section for a quick hint. PHP-PM basically spawns several PHP instances as worker bootstraping your application (eg. the whole Symfony Kernel) and hold it in the memory to be prepared for every incoming request: This is why PHP-PM makes your application so fast.
phpcs-security-audit
phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.
It currently has core PHP rules as well as Drupal 7 specific rules.
The tool also checks for CVE issues and security advisories related to the CMS/framework. This enables you to follow the versioning of components during static code analysis.
TurnKey Core
TurnKey Core is the base operating system which all TurnKey GNU/Linux solutions share in common. It is commonly deployed standalone as a convenient starting point for custom system integrations. Benefits include automatic daily security updates, 1-click backup and restore, a web control panel, and preconfigured system monitoring with optional email alerts.
deployment
The Software Assurance Marketplace (SWAMP) is a platform for running software assurance tools on your code. It is a joint effort of four research institutions -- the Morgridge Institute for Research, Indiana University, the University of Illinois at Urbana-Champaign, and the University of Wisconsin-Madison -- to advance the capabilities and increase the adoption of software assurance technologies through an open continuous assurance facility.
openc2-lycan-python
Lycan is an implementation of the OpenC2 OASIS standard for command and control messaging. The current implementation is based on the Language Specification v1.0.
Given the influence of STIX/CyBoX on OpenC2, this library is heavily based on the STIX 2 Python API internals. Property validation and object extension support aligns with STIX2 conventions and OpenC2 custom properties also support stix2 properties.
powerfulseal
A powerful chaos engineering tool for Kubernetes clusters. PowerfulSeal injects failure into your Kubernetes clusters, so that you can detect problems as early as possible. It allows for writing scenarios describing complete chaos experiments.
mkdocs-material
Material for MkDocs is a theme for MkDocs, a static site generator geared towards (technical) project documentation. If you're familiar with Python, you can install Material for MkDocs with pip, the Python package manager. If not, we recommended using docker.
ros_comm
ROS communications-related packages, including core client libraries (roscpp, rospy, roslisp) and graph introspection tools (rostopic, rosnode, rosservice, rosparam).
emacs-secondmate
An open-source, mini imitation of GitHub Copilot using EleutherAI GPT-Neo-2.7B (via Huggingface Model Hub) for Emacs.
This is a much smaller model so will likely not be as effective as Copilot, but can still be interesting to play around with!
asciinema
asciinema project is built of several complementary pieces:
command-line based terminal session recorder, asciinema, website with an API at asciinema.org, javascript player
When you run asciinema rec in your terminal the recording starts, capturing all output that is being printed to your terminal while you’re issuing the shell commands. When the recording finishes (by hitting Ctrl-D or typing exit) then the captured output is uploaded to asciinema.org website and prepared for playback on the web.
ansistrano/deploy
ansistrano.deploy and ansistrano.rollback are Ansible roles to easily manage the deployment process for scripting applications such as PHP, Python and Ruby. It's an Ansible port for Capistrano.
clara-copilot
A alternative to Github Copilot for vscode until you get the access to github copilot
Lockdoor-Framework
Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
switchboard-dapp
Switchboard dApp is a revolutionary decentralized application that allows management of identities, assets, applications, services and access controls with DIDs(Decentralised Identifiers) and VCs(Verifiable Credentials)
iam-contracts
This package consists of EVM smart contracts related to EnergyWeb IAM. This is an implementation of an ENS resolver that represents a role definition. It extends the ENS Public Resolver with additional resolver profiles, specifically for the use case of issuing and verify role claims using a smart contract. In other words, this custom ENS resolver allows some properties of a role definition to be (usefully) readable by another smart contract
iam-client-lib
Identity and Access Management (IAM) Client Library: TypeScript library to be used within decentralized applications for authentication and authorization using DIDs (Decentralized Identifiers) and VCs (Verifiable Credentials)
passport-did-auth
This repository consists of a Node.js Password Strategy which provides verification of the issuance of claims made regarding roles defined in an Ethereum Naming System (ENS).
meta-agl-demo
The meta-agl-demo layer is the reference user interface layer for the DEMO platform of Automotive Grade Linux (AGL). The layer provides a reference platform and applications. The BitBake target name for the DEMO platform is agl-demo-platform, which is the full DEMO platform image.
meta-agl-devel
The meta-agl-devel layer contains components that are being tested or still in development. The layer also contains software packages that Original Equipment Manufacturers (OEMs) need but are not included in the AGL software.
meta-agl
The meta-agl layer provides the minimal set of software to boot an AGL Distribution system. You use this layer as the minimal core on which to build AGL profiles. NOTE: The meta-agl layer does not include a reference UI. The reference UI is included as part of the meta-agl-demo layer.
iam-cache-server
Cache server for decentralised Identity and Access Management
skf-labs
Here we find all the labs and write-ups for the security knowledge framework! These labs are correlated to knowledge-base id's which are on their place again correlated to security controls such as from the ASVS or NIST, etc.
skf-flask
The OWASP Security Knowledge Framework is an open source web application that explains secure coding principles in multiple programming languages. The goal of OWASP-SKF is to help you learn and integrate security by design in your software development and build applications that are secure by design. OWASP-SKF does this through manageable software development projects with checklists (using OWASP-ASVS/OWASP-MASVS or custom security checklists) and labs to practice security verification (using SKF-Labs, OWASP Juice-shop, and best practice code examples from SKF and the OWASP-Cheatsheets).
primeng
The Most Powerful Angular UI Component Library. PrimeNG is a rich set of open source native Angular UI components.
protocol-specifications
The Most Powerful Angular UI Component Library. PrimeNG is a rich set of open source native Angular UI components.Beckn is an open protocol that allows local businesses across any industry to be discovered and engaged by any beckn-enabled application. Beckn protocol helps businesses co-create solutions for the masses seamlessly, by combining services of any form or provider. Beckn protocol is a collection of open specifications consisting of protocol APIs, message formats, network design and reference architectures to allow any two entities to execute commercial transactions without being on the same platform.
DevSecOps-MaturityModel
From a startup to a multinational corporation the software development industry is currently dominated by agile frameworks and product teams and as part of it DevOps strategies. It has been observed that during the implementation, security aspects are usually neglected or are at least not sufficient taken account of. It is often the case that standard safety requirements of the production environment are not utilized or applied to the build pipeline in the continuous integration environment with containerization or concrete docker. Therefore, the docker registry is often not secured which might result in the theft of the entire company’s source code. The OWASP DevSecOps Maturity Model provides opportunities to harden DevOps strategies and shows how these can be prioritized.
toit
This repository contains the Toit language implementation. It is fully open source and consists of the compiler, virtual machine, and standard libraries that together enable Toit programs to run on an ESP32.
conjur
A seamless open source interface to securely authenticate, control and audit non-human access across tools, applications, containers and cloud environments via robust secrets management. Conjur is designed to run in a Docker container(s), using Postgresql as the backing data store. It's easy to run both Conjur and Postgresql in Docker; see the demo directory for an example.
samm
OWASP SAMM has moved to a new organization: https://github.com/owaspsamm. There you will now find both the core model as well as all derived projects.
windster-tailwind-dashboard
Windster is a free and open-source Tailwind CSS admin dashboard layout featuring responsive sidebar layouts, authentication pages, charts, users, products pages and hundreds of Tailwind CSS components based on the Flowbite component library such as buttons, dropdowns, navbars, modals, datepickers, and more.
summon
summon is a command-line tool to make working with secrets easier. It provides an interface for Reading a secrets.yml file Fetching secrets from a trusted store Exporting secret values to a sub-process environment
appflowy
AppFlowy is an open-source alternative to Notion. You are in charge of your data and customizations. Built with Flutter and Rust.
augur
Augur is a software suite for collecting and measuring structured data about free and open-source software (FOSS) communities.
Manticore
Manticore is a symbolic execution tool for analysis of smart contracts and binaries.
Features
Program Exploration: Manticore can execute a program with symbolic inputs and explore all the possible states it can reach
Input Generation: Manticore can automatically produce concrete inputs that result in a given program state
Error Discovery: Manticore can detect crashes and other failure cases in binaries and smart contracts
Instrumentation: Manticore provides fine-grained control of state exploration via event callbacks and instruction hooks
Programmatic Interface: Manticore exposes programmatic access to its analysis engine via a Python API
Vulhub
Vulhub is an open-source collection of pre-built vulnerable docker environments. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment.
Plot
Observable Plot is a JavaScript library for exploratory data visualization.
Introduction
Installing
API Reference
Changelog
Contributing
clusterfuzz
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software project's development process:
llvm-project
The LLVM project has multiple components. The core of the project is itself called "LLVM". This contains all of the tools, libraries, and header files needed to process intermediate representations and convert them into object files. Tools include an assembler, disassembler, bitcode analyzer, and bitcode optimizer. It also contains basic regression tests.
UTM
UTM is a full featured system emulator and virtual machine host for iOS and macOS. It is based off of QEMU. In short, it allows you to run Windows, Linux, and more on your Mac, iPhone, and iPad.
openboxes
OpenBoxes is an Open Source Inventory and Supply Chain Management System. The initial implementation of OpenBoxes will occur at Partners In Health-supported facilities in Haiti.
dkan
DKAN is an open-source open-data platform inspired by CKAN (Comprehensive Knowledge Archive Network) and built on top of the very popular Drupal CMS (Content Management System).
openemr
OpenEMR is a Free and Open Source electronic health records and medical practice management application. It features fully integrated electronic health records, practice management, scheduling, electronic billing, internationalization, free support, a vibrant community, and a whole lot more. It runs on Windows, Linux, Mac OS X, and many other platforms
php-src
PHP is a popular general-purpose scripting language that is especially suited to web development. Fast, flexible and pragmatic, PHP powers everything from your blog to the most popular websites in the world. PHP is distributed under the PHP License v3.01.