Security Reviews

October 17, 2023 ยท View on GitHub

The following table provides an overview of all security reviews and associated work found in this repo, along with a link to the review report. You can also use the GitHub search box to look for specific reviews.

Project/ProductReview DateFacilitated ByIssuesMethodologyScope
fluxcd/flux22021-09-01AdaLogics, Open Source Technology Improvement FundSevereDynamic-Analysis, Code-Review, External-Review, FuzzingImplementation/Full
c-ares/c-ares2023-05-30OSTIF - X41 D-SecNon-SevereStatic-Analysis, Dynamic-Analysis, Code-Review, External-Review, FuzzingImplementation/Full
linux-kernel, torvalds/linux2021-01-15Open Source Technology Improvement Fund, Atredis PartnersNon-SevereExternal-ReviewNon-Implementation
linux-kernel, torvalds/linux2021-04-15Open Source Technology Improvement Fund, Trail of BitsNon-SevereExternal-ReviewNon-Implementation
ring, rustls, and 3 more2020-06-15Cure53Non-SevereStatic-Analysis, Dynamic-Analysis, Code-Review, External-ReviewImplementation/Full
veracrypt/veracrypt2016-08-16Open Source Technology Improvement Fund, QuarkslabSevereCode-ReviewImplementation/Partial
zerotier2020-03-23Trail of BitsNot-ExaminedExternal-ReviewNon-Implementation
coredns/coredns, miekg/dns2018-02-03Cloud Native Computing Foundation, Linux Foundation, Cure53Non-SevereExternal-ReviewImplementation/Full
helm/helm/tree/v3.3.0-rc.12020-08-10Trail of BitsSevereStatic-Analysis, Dynamic-Analysis, Code-Review, External-ReviewImplementation/Full
madler/zlib2016-09-30Trail of Bits, TrustInSoftNon-SevereExternal-ReviewImplementation/Partial
open-policy-agent/frameworks/tree/master/constraint, open-policy-agent/gatekeeper, and 1 more2020-03-10Trail of BitsSevereStatic-Analysis, Dynamic-Analysis, Code-Review, External-ReviewImplementation/Full
etcd-io/etcd2020-02-07Trail of BitsSevereStatic-Analysis, Dynamic-Analysis, Code-Review, External-ReviewNon-Implementation
fail2ban/fail2ban2021-07-01GitHubNon-SevereCode-Review, External-ReviewImplementation/Full
rook/rook/tree/release-1.12019-12-19Trail of BitsSevereStatic-Analysis, Dynamic-Analysis, Code-Review, External-Review, FuzzingNon-Implementation
standardnotes/SNCrypto, standardnotes/snjs2020-09-08Trail of BitsNon-SevereStatic-Analysis, Code-Review, External-ReviewImplementation/Partial
argoproj/argo-cd, argoproj/argo-events, and 4 more2021-03-12Trail of BitsSevereStatic-Analysis, Dynamic-Analysis, Code-Review, External-ReviewImplementation/Full
freedomofpress/securedrop-workstation2020-12-18Trail of BitsSevereExternal-ReviewImplementation/Full
westerndigitalcorporation/sweet-b2020-01-24Trail of BitsSevereStatic-Analysis, Code-Review, External-ReviewImplementation/Partial
envoyproxy/envoy2018-02-01Cloud Native Computing Foundation, Linux Foundation, Cure53Non-SevereExternal-ReviewImplementation/Full
openssl/openssl2019-01-19Open Source Technology Improvement Fund, QuarkslabNon-SevereCode-ReviewImplementation/Partial
p-limit2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
os-homedir2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
get-stream2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
string-width2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
string-width2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
string-width2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
is-windows2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
json-stringify-safe2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
onetime2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
lazy-cache2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
path-key2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
is-extendable2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
is-extendable2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
is-extendable2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
end-of-stream2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
decamelize2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
balanced-match2022-05-05OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
balanced-match2022-05-05OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
merge-descriptors2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
find-up2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
has2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
p-locate2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
ansi-yellow2022-05-05OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
globals2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
color-name2022-05-05OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
buffer-from2022-05-05OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
is-stream2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
is-stream2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
has-value2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
path-exists2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
path-exists2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
code-point-at2022-05-05OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
set-blocking2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
to-object-path2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
destroy2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
copy-descriptor2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
copy-descriptor2022-05-05OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
callsites2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
os-tmpdir2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
binary-extensions2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
define-property2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
define-property2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
define-property2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
object-copy2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
imurmurhash2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
strip-ansi2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
strip-ansi2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
strip-ansi2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
inline-process-browser2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
shebang-regex2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
shebang-regex2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
isobject2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
isarray2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
methods2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
escape-string-regexp2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
escape-string-regexp2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
has-flag2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
has-flag2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
performance-now2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
is-plain-object2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
is-descriptor2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
is-descriptor2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
p-try2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
p-try2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
core-util-is2022-05-05OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
core-util-is2022-05-05OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
pascalcase2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
encodeurl2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
mimic-fn2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
is-fullwidth-code-point2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
is-fullwidth-code-point2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
is-fullwidth-code-point2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
supports-color2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
supports-color2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
supports-color2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
inherits2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
inherits2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
is-buffer2022-05-06OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
shebang-command2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
shebang-command2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
ansi-regex2022-05-08OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
ansi-regex2022-05-05OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
through22022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
ms2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
ms2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
ms2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
ms2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
pkg-dir2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
number-is-nan2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
number-is-nan2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
path-is-absolute2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
path-is-absolute2022-05-09OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
path-is-absolute2022-05-07OpenSSF / OmegaNoneStatic-AnalysisImplementation/Full
file-loader2019-10-04Microsoft (OSS Security Team)NoneStatic-Analysis, Code-Review, Web-SearchImplementation/Full
atom-node-module-installer2021-02-12SevereStatic-Analysis, Web-SearchImplementation/Full
mime2021-02-12Non-SevereStatic-Analysis, Web-SearchImplementation/Full
cityhash2019-10-30Microsoft (OSS Security Team)Non-SevereStatic-Analysis, Code-Review, Web-SearchImplementation/Full
iter-server2021-02-12SevereWeb-Search, Code-ReviewImplementation/Full
cryo2021-02-13SevereStatic-Analysis, Web-SearchImplementation/Full
clap2019-10-03Microsoft (OSS Security Team)NoneStatic-Analysis, Code-Review, Web-SearchImplementation/Full
left-pad2019-04-08Microsoft (OSS Security Team)NoneStatic-Analysis, Web-Search, Code-ReviewImplementation/Full
cri-o/cri-o2022-06-13OSTIFSevereDynamic-Analysis, Code-Review, External-ReviewImplementation/Full
sigstore2022-04-01Open Source Technology Improvement FundSevereDynamic-Analysis, Code-Review, External-Review, FuzzingImplementation/Full
argoproj/argoproj2022-04-19Open Source Technology Improvement Fund, Ada LogicsSevereCode-ReviewImplementation/Partial
kubeedge/kubeedge2022-05-01Open Source Technology Improvement FundSevereExternal-Review, Code-ReviewImplementation/Full
coreinfrastructure.org2019-01-15Linux Foundation, Core Infrastructure Initiative, Open Source Technology Improvement FundNon-SevereExternal-ReviewNon-Implementation
openvpn2017-05-11Open Source Technology Improvement Fund, QuarkslabSevereCode-ReviewImplementation/Full
lunet-io/markdig, markdig2019-10-03Microsoft (OSS Security Team)NoneStatic-Analysis, Code-Review, Web-SearchImplementation/Full
redis-642019-06-15Microsoft (OSS Security Team)SevereStatic-Analysis, Code-Review, Web-SearchImplementation/Partial
red-hat-enterprise-linux2022-03-09NoneExternal-ReviewImplementation/Full
mozilla-mobile/mozilla-vpn-client2021-03-20Cure53Non-SevereCode-ReviewImplementation/Partial
nlnetlabs/unbound2019-12-19Open Source Technology Improvement FundSevereExternal-Review, Code-ReviewImplementation/Full
msft-wam2021-02-12Microsoft (OSS Security Team)SevereStatic-Analysis, Code-ReviewImplementation/Partial
add-tw, dep-b, and 26 more2021-02-16Microsoft (OSS Security Team)SevereStatic-Analysis, Code-ReviewImplementation/Partial
accessibility-insights-crawler, actions-on-google-nodejs, and 248 more2021-02-12Microsoft (OSS Security Team)SevereStatic-Analysis, Code-ReviewImplementation/Partial
qos-ch/slf4j2022-03-20Open Source Technology Improvement FundNon-SevereExternal-Review, Code-ReviewImplementation/Full