Tools for CVE managing, exploring and collect some data about their weaknesses and classifications
ISM vocabulary types, generated CVE enums, and Span for marque
Tools for CVE managing, exploring and collect some data about their weaknesses and classifications
CI/CD authority graph analyzer: how credentials, tokens, and artifacts propagate across pipelines—implicit trust-boundary breaks and non-obvious privilege escalation. Graph-first; not a YAML linter, generic scanner, or policy engine.
ODNI ISM (Information Security Marking) schema package, vendored. Designed as a build-dependency for codegen. SHA-256 verified at compile time.
Aggregates security advisories from GHSA, NVD, OSV, CISA KEV, and more
Async API security scanner with passive and active checks for CORS, CSP, GraphQL, JWT, OpenAPI, and API posture.
SBOM generation tool for uv projects - Generate CycloneDX SBOMs from uv.lock files
VAST XML validator and inspector — validate, inspect wrapper chains, and auto-fix IAB VAST 2.0–4.3 ad tags
VAST XML validator, SIMID linter, and VPAID detector — IAB VAST 2.0–4.3, 121 rules, zero runtime dependencies
Drop-in Rust sidecar that wraps any MCP server: scans tool calls for prompt injection (UTS-39 confusable-folding + Unicode strip + Aho+Regex), validates Ed25519 manifest signatures with TOFU keystore + Sigstore Rekor bridge, strips loader-class env keys (LD_PRELOAD, NODE_OPTIONS, ...) from spawned children, detects tools/list schema drift (Layer 7 closes rug-pull / silent-redefinition class with NFKC-canonical fingerprint + bidirectional inbound/outbound gate + BLAKE3 or SHA-256 backend for FIPS/PCI/HIPAA + optional JCS RFC 8785 canonicalisation + _meta.fingerprint cross-tool audit injection), serves a fully-wired rmcp 1.5 control-plane behind the rmcp-control feature (MCP spec 2025-11-25, closes CVE-2026-42559 transitively), exports OTLP gRPC telemetry, blocks marketplace-poisoning vectors. <5ms p99 overhead.
Tools for CVE managing, exploring and collect some data about their weaknesses and classifications