Repositories list

• dylint

  Public
  Run Rust lints from dynamic libraries

  Rust

  •

  Apache License 2.0

  •23•417•23•2•Updated Jan 3, 2025Jan 3, 2025

• angrop

  Public
  Python

  •

  BSD 2-Clause "Simplified" License

  •1•2•0•0•Updated Jan 3, 2025Jan 3, 2025

• test-fuzz

  Public
  To make fuzzing Rust easy

  Rust

  •

  GNU Affero General Public License v3.0

  •16•164•11•3•Updated Jan 3, 2025Jan 3, 2025

• challenge-tasks

  Public
  Python

  •0•0•0•1•Updated Jan 2, 2025Jan 2, 2025

• vast

  Public
  VAST is an experimental compiler pipeline designed for program analysis of C and C++. It provides a tower of IRs as MLIR dialects to choose the best fit representations for a program analysis or further program abstraction.

  ccppclang+ 5compilersprogram-analysisintermediate-representationcompiler-frontendmlir

  C++

  •

  Apache License 2.0

  •25•402•162•7•Updated Jan 2, 2025Jan 2, 2025

• sigstore-rekor-types

  Public
  Python models for Rekor's API types

  Python

  •

  Apache License 2.0

  •1•4•0•0•Updated Jan 2, 2025Jan 2, 2025

• testing-handbook

  Public
  Trail of Bits Testing Handbook

  C++

  •

  Creative Commons Attribution 4.0 International

  •7•59•12•6•Updated Jan 2, 2025Jan 2, 2025

• pip-plugin-pep740

  Public
  An implementation of a pip plugin that verifies PEP-740 attestations before installing a package, and aborts the installation if verification fails.

  Python

  •

  Apache License 2.0

  •0•0•1•1•Updated Jan 2, 2025Jan 2, 2025

• cargo-unmaintained

  Public
  Find unmaintained packages in Rust projects

  Rust

  •

  GNU Affero General Public License v3.0

  •2•67•5•0•Updated Jan 2, 2025Jan 2, 2025

• are-we-pep740-yet

  Public
  Are we PEP 740 yet?

  HTML

  •

  BSD 2-Clause "Simplified" License

  •3•6•0•0•Updated Jan 1, 2025Jan 1, 2025

• rfc3161-client

  Public
  An Opinionated Python RFC3161 Client

  rfc3161timestamp-protocol

  Rust

  •

  Apache License 2.0

  •0•1•1•0•Updated Dec 31, 2024Dec 31, 2024

• necessist

  Public
  A mutation-based tool for finding bugs in tests

  testingrust

  Rust

  •

  GNU Affero General Public License v3.0

  •10•110•16•0•Updated Dec 31, 2024Dec 31, 2024

• ruzzy

  Public
  A coverage-guided fuzzer for pure Ruby code and Ruby C extensions

  rubyruby-gemruby-extension+ 3fuzzingfuzzerlibfuzzer

  Ruby

  •

  GNU Affero General Public License v3.0

  •6•93•10•0•Updated Dec 30, 2024Dec 30, 2024

• cookiecutter-python

  Public
  A cookiecutter template for a best-practices Python project

  Python

  •

  Apache License 2.0

  •5•13•0•0•Updated Dec 28, 2024Dec 28, 2024

• zkdocs

  Public
  Interactive documentation on zero-knowledge proof systems and related primitives.

  cryptographyzero-knowledge

  HTML

  •

  Creative Commons Attribution 4.0 International

  •37•152•5•4•Updated Dec 27, 2024Dec 27, 2024

• publications

  Public
  Publications from Trail of Bits

  conference-presentationsacademic-paperssecurity-reviews

  Python

  •

  Creative Commons Attribution Share Alike 4.0 International

  •185•1.5k•4•1•Updated Dec 27, 2024Dec 27, 2024

• gh-action-adapt-sigstore-pypi

  Public
  Python

  •

  Apache License 2.0

  •0•0•0•1•Updated Dec 26, 2024Dec 26, 2024

• build-wrap

  Public
  Help protect against malicious build scripts

  Rust

  •

  GNU Affero General Public License v3.0

  •3•8•0•0•Updated Dec 24, 2024Dec 24, 2024

• cargo-line-test

  Public
  Run tests by the lines they exercise

  Rust

  •0•1•1•0•Updated Dec 23, 2024Dec 23, 2024

• pypi-attestations

  Public
  A library to convert between Sigstore Bundles and PEP 740 Attestation objects

  Python

  •

  Apache License 2.0

  •2•4•3•0•Updated Dec 19, 2024Dec 19, 2024

• rfc8785.py

  Public
  A pure-Python implementation of RFC8785 (JSON Canonicalization Scheme)

  pythonserializationjson+ 2cryptographycanonicalization

  Python

  •

  Apache License 2.0

  •2•1•0•0•Updated Dec 19, 2024Dec 19, 2024

• eth-security-toolbox

  Public
  A Docker container preconfigured with all of the Trail of Bits Ethereum security tools.

  Dockerfile

  •

  GNU Affero General Public License v3.0

  •108•677•1•0•Updated Dec 18, 2024Dec 18, 2024

• codeql-queries

  Public
  CodeQL queries developed by Trail of Bits

  CodeQL

  •

  GNU Affero General Public License v3.0

  •4•82•5•2•Updated Dec 18, 2024Dec 18, 2024

• ctf-challenges

  Public
  CTF Challenges

  ctfctf-challenges

  Solidity

  •16•125•0•0•Updated Dec 17, 2024Dec 17, 2024

• semgrep-rules

  Public
  Semgrep queries developed by Trail of Bits.

  Go

  •

  GNU Affero General Public License v3.0

  •38•371•7•3•Updated Dec 17, 2024Dec 17, 2024

• vscode-weaudit

  Public
  Create code bookmarks and code highlights with a click.

  TypeScript

  •

  GNU General Public License v3.0

  •17•183•12•3•Updated Dec 16, 2024Dec 16, 2024

• v4-core

  Public
  🦄 🦄 🦄 🦄 Core smart contracts of Uniswap v4

  Solidity

  •

  Other

  •1k•1•0•2•Updated Dec 14, 2024Dec 14, 2024

• polytracker

  Public
  An LLVM-based instrumentation tool for universal taint tracking, dataflow analysis, and tracing.

  dataflow-analysistaint-trackingllvm+ 2instrumentationtaint-analysis

  C++

  •

  Apache License 2.0

  •45•538•45•1•Updated Dec 13, 2024Dec 13, 2024

• it-depends

  Public
  A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

  dependency-analysisdependency-graphhacktoberfest+ 4vulnerability-scannersbomhacktoberfest2021sbom-generator

  Python

  •

  GNU Lesser General Public License v3.0

  •20•338•24•0•Updated Dec 12, 2024Dec 12, 2024

• instafix-llvm

  Public
  LLVM fork for INSTAFIX

  LLVM

  •

  Other

  •12k•0•0•9•Updated Dec 9, 2024Dec 9, 2024