Free universal database tool and SQL client

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

Add to each commit GitLab in a global commentary on the new anomalies added by this commit and add comment lines of modified files

Integrates Dependency-Check reports into SonarQube

DavMail POP/IMAP/SMTP/Caldav/Carddav/LDAP Exchange and Office 365 Gateway - Synced with main subversion repository at

🐘 SonarPHP: PHP static analyzer for SonarQube & SonarLint

The Web Application Vulnerability Scanner Evaluation Project

Java libraries for working with available vulnerability data sources (GitHub Security Advisories, NVD, EPSS, CISA Known Exploited Vulnerabilities, etc.)

OWASP Benchmark Project Utilities - Provides scorecard generation and crawling tools for Benchmark style test suites.

An automated platform for vulnerable scenario configuration

rhel-dependency-checker is an offline Redhat RPM Vulnerability scanner based on OVAL definition.