Repositories list

• vast

  Public
  VAST is an experimental compiler pipeline designed for program analysis of C and C++. It provides a tower of IRs as MLIR dialects to choose the best fit representations for a program analysis or further program abstraction.

  ccppclang+ 5compilersprogram-analysisintermediate-representationcompiler-frontendmlir

  C++

  •

  Apache License 2.0

  •24•398•160•5•Updated Nov 27, 2024Nov 27, 2024

• pypi-attestations

  Public
  A library to convert between Sigstore Bundles and PEP 740 Attestation objects

  Python

  •

  Apache License 2.0

  •1•4•4•0•Updated Nov 27, 2024Nov 27, 2024

• pe-parse

  Public
  Principled, lightweight C/C++ PE parser

  pe-formatportable-executablehacktoberfest

  C++

  •

  MIT License

  •157•805•17•1•Updated Nov 27, 2024Nov 27, 2024

• cargo-unmaintained

  Public
  Find unmaintained packages in Rust projects

  Rust

  •

  GNU Affero General Public License v3.0

  •2•66•5•12•Updated Nov 27, 2024Nov 27, 2024

• testing-handbook

  Public
  Trail of Bits Testing Handbook

  C++

  •

  Creative Commons Attribution 4.0 International

  •7•58•12•7•Updated Nov 27, 2024Nov 27, 2024

• dylint

  Public
  Run Rust lints from dynamic libraries

  Rust

  •

  Apache License 2.0

  •21•406•23•3•Updated Nov 27, 2024Nov 27, 2024

• publications

  Public
  Publications from Trail of Bits

  conference-presentationsacademic-paperssecurity-reviews

  Python

  •

  Creative Commons Attribution Share Alike 4.0 International

  •184•1.5k•4•1•Updated Nov 27, 2024Nov 27, 2024

• polytracker

  Public
  An LLVM-based instrumentation tool for universal taint tracking, dataflow analysis, and tracing.

  dataflow-analysistaint-trackingllvm+ 2instrumentationtaint-analysis

  C++

  •

  Apache License 2.0

  •45•535•45•1•Updated Nov 27, 2024Nov 27, 2024

• pip-plugin-pep740

  Public
  An implementation of a pip plugin that verifies PEP-740 attestations before installing a package, and aborts the installation if verification fails.

  Python

  •

  Apache License 2.0

  •0•0•1•1•Updated Nov 26, 2024Nov 26, 2024

• rfc3161-client

  Public
  An Opinionated Python RFC3161 Client

  rfc3161timestamp-protocol

  Rust

  •

  Apache License 2.0

  •0•2•1•0•Updated Nov 26, 2024Nov 26, 2024

• vscode-sarif-explorer

  Public
  SARIF Explorer: A VSCode extension that helps you visualize and triage static analysis results

  static-analysisvscode-extensionsarif

  TypeScript

  •

  GNU General Public License v3.0

  •3•21•5•1•Updated Nov 26, 2024Nov 26, 2024

• necessist

  Public
  A mutation-based tool for finding bugs in tests

  testingrust

  Rust

  •

  GNU Affero General Public License v3.0

  •10•110•16•2•Updated Nov 26, 2024Nov 26, 2024

• build-wrap

  Public
  Help protect against malicious build scripts

  Rust

  •

  GNU Affero General Public License v3.0

  •3•7•1•0•Updated Nov 26, 2024Nov 26, 2024

• sigstore-rekor-types

  Public
  Python models for Rekor's API types

  Python

  •

  Apache License 2.0

  •1•4•0•0•Updated Nov 25, 2024Nov 25, 2024

• instafix-llvm

  Public
  LLVM fork for INSTAFIX

  LLVM

  •

  Other

  •12k•0•0•9•Updated Nov 25, 2024Nov 25, 2024

• cargo-line-test

  Public
  Run tests by the lines they exercise

  Rust

  •0•0•1•0•Updated Nov 25, 2024Nov 25, 2024

• zkdocs

  Public
  Interactive documentation on zero-knowledge proof systems and related primitives.

  cryptographyzero-knowledge

  HTML

  •

  Creative Commons Attribution 4.0 International

  •23•146•5•3•Updated Nov 22, 2024Nov 22, 2024

• test-fuzz

  Public
  To make fuzzing Rust easy

  Rust

  •

  GNU Affero General Public License v3.0

  •16•162•11•3•Updated Nov 22, 2024Nov 22, 2024

• awesome-ml-security

  Public
  machine-learning

  Creative Commons Attribution 4.0 International

  •12•96•1•1•Updated Nov 21, 2024Nov 21, 2024

• cookiecutter-python

  Public
  A cookiecutter template for a best-practices Python project

  Python

  •

  Apache License 2.0

  •5•13•0•0•Updated Nov 20, 2024Nov 20, 2024

• are-we-pep740-yet

  Public
  Are we PEP 740 yet?

  HTML

  •

  BSD 2-Clause "Simplified" License

  •3•6•0•0•Updated Nov 20, 2024Nov 20, 2024

• codeql-queries

  Public
  CodeQL queries developed by Trail of Bits

  CodeQL

  •

  GNU Affero General Public License v3.0

  •3•76•4•4•Updated Nov 19, 2024Nov 19, 2024

• CompChomper

  Public
  CompChomper is a framework for measuring how LLMs perform at code completion.

  Python

  •

  Apache License 2.0

  •0•14•0•0•Updated Nov 19, 2024Nov 19, 2024

• krf

  Public
  A kernelspace syscall interceptor and randomized faulter

  linux-kernelsyscallsfault-injection+ 2hacktoberfestfreebsd

  C

  •

  GNU General Public License v3.0

  •35•350•11•0•Updated Nov 18, 2024Nov 18, 2024

• ctf

  Public
  CTF Field Guide

  tutorialsctfsecurity-ctf

  C

  •

  Creative Commons Attribution Share Alike 4.0 International

  •242•1.3k•12•2•Updated Nov 15, 2024Nov 15, 2024

• semgrep-rules

  Public
  Semgrep queries developed by Trail of Bits.

  Go

  •

  GNU Affero General Public License v3.0

  •32•332•7•1•Updated Nov 15, 2024Nov 15, 2024

• windows-ctl

  Public
  Rust libraries and utilities for parsing Windows Certificate Trust Lists

  cryptographyauthenticoderust

  Rust

  •

  Apache License 2.0

  •2•8•0•0•Updated Nov 11, 2024Nov 11, 2024

• osquery

  Public
  SQL powered operating system instrumentation, monitoring, and analytics.

  C++

  •

  Other

  •2.5k•37•0•2•Updated Nov 10, 2024Nov 10, 2024

• vscode-weaudit

  Public
  Create code bookmarks and code highlights with a click.

  TypeScript

  •

  GNU General Public License v3.0

  •17•177•11•4•Updated Oct 29, 2024Oct 29, 2024

• empirehacking.nyc

  Public
  Empire Hacking NYC Meetup

  security-meetupnyc

  CSS

  •8•5•0•1•Updated Oct 28, 2024Oct 28, 2024