Security Reviews

The following table provides an overview of all security reviews and associated work found in this repo, along with a link to the review report. You can also use the GitHub search box to look for specific reviews.

Project/Product	Review Date	Facilitated By	Issues	Methodology	Scope
fluxcd/flux2	2021-09-01	AdaLogics, Open Source Technology Improvement Fund	Severe	Dynamic-Analysis, Code-Review, External-Review, Fuzzing	Implementation/Full
c-ares/c-ares	2023-05-30	OSTIF - X41 D-Sec	Non-Severe	Static-Analysis, Dynamic-Analysis, Code-Review, External-Review, Fuzzing	Implementation/Full
linux-kernel, torvalds/linux	2021-01-15	Open Source Technology Improvement Fund, Atredis Partners	Non-Severe	External-Review	Non-Implementation
linux-kernel, torvalds/linux	2021-04-15	Open Source Technology Improvement Fund, Trail of Bits	Non-Severe	External-Review	Non-Implementation
ring, rustls, and 3 more	2020-06-15	Cure53	Non-Severe	Static-Analysis, Dynamic-Analysis, Code-Review, External-Review	Implementation/Full
veracrypt/veracrypt	2016-08-16	Open Source Technology Improvement Fund, Quarkslab	Severe	Code-Review	Implementation/Partial
zerotier	2020-03-23	Trail of Bits	Not-Examined	External-Review	Non-Implementation
coredns/coredns, miekg/dns	2018-02-03	Cloud Native Computing Foundation, Linux Foundation, Cure53	Non-Severe	External-Review	Implementation/Full
helm/helm/tree/v3.3.0-rc.1	2020-08-10	Trail of Bits	Severe	Static-Analysis, Dynamic-Analysis, Code-Review, External-Review	Implementation/Full
madler/zlib	2016-09-30	Trail of Bits, TrustInSoft	Non-Severe	External-Review	Implementation/Partial
open-policy-agent/frameworks/tree/master/constraint, open-policy-agent/gatekeeper, and 1 more	2020-03-10	Trail of Bits	Severe	Static-Analysis, Dynamic-Analysis, Code-Review, External-Review	Implementation/Full
etcd-io/etcd	2020-02-07	Trail of Bits	Severe	Static-Analysis, Dynamic-Analysis, Code-Review, External-Review	Non-Implementation
fail2ban/fail2ban	2021-07-01	GitHub	Non-Severe	Code-Review, External-Review	Implementation/Full
rook/rook/tree/release-1.1	2019-12-19	Trail of Bits	Severe	Static-Analysis, Dynamic-Analysis, Code-Review, External-Review, Fuzzing	Non-Implementation
standardnotes/SNCrypto, standardnotes/snjs	2020-09-08	Trail of Bits	Non-Severe	Static-Analysis, Code-Review, External-Review	Implementation/Partial
argoproj/argo-cd, argoproj/argo-events, and 4 more	2021-03-12	Trail of Bits	Severe	Static-Analysis, Dynamic-Analysis, Code-Review, External-Review	Implementation/Full
freedomofpress/securedrop-workstation	2020-12-18	Trail of Bits	Severe	External-Review	Implementation/Full
westerndigitalcorporation/sweet-b	2020-01-24	Trail of Bits	Severe	Static-Analysis, Code-Review, External-Review	Implementation/Partial
envoyproxy/envoy	2018-02-01	Cloud Native Computing Foundation, Linux Foundation, Cure53	Non-Severe	External-Review	Implementation/Full
openssl/openssl	2019-01-19	Open Source Technology Improvement Fund, Quarkslab	Non-Severe	Code-Review	Implementation/Partial
p-limit	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
os-homedir	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
get-stream	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
string-width	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
string-width	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
string-width	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-windows	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
json-stringify-safe	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
onetime	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
lazy-cache	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
path-key	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-extendable	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-extendable	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-extendable	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
end-of-stream	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
decamelize	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
balanced-match	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
balanced-match	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
merge-descriptors	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
find-up	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
has	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
p-locate	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
ansi-yellow	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
globals	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
color-name	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
buffer-from	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-stream	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-stream	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
has-value	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
path-exists	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
path-exists	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
code-point-at	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
set-blocking	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
to-object-path	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
destroy	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
copy-descriptor	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
copy-descriptor	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
callsites	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
os-tmpdir	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
binary-extensions	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
define-property	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
define-property	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
define-property	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
object-copy	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
imurmurhash	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
strip-ansi	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
strip-ansi	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
strip-ansi	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
inline-process-browser	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
shebang-regex	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
shebang-regex	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
isobject	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
isarray	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
methods	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
escape-string-regexp	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
escape-string-regexp	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
has-flag	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
has-flag	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
performance-now	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-plain-object	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-descriptor	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-descriptor	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
p-try	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
p-try	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
core-util-is	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
core-util-is	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
pascalcase	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
encodeurl	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
mimic-fn	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-fullwidth-code-point	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-fullwidth-code-point	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-fullwidth-code-point	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
supports-color	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
supports-color	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
supports-color	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
inherits	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
inherits	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-buffer	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
shebang-command	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
shebang-command	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
ansi-regex	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
ansi-regex	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
through2	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
ms	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
ms	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
ms	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
ms	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
pkg-dir	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
number-is-nan	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
number-is-nan	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
path-is-absolute	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
path-is-absolute	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
path-is-absolute	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
file-loader	2019-10-04	Microsoft (OSS Security Team)	None	Static-Analysis, Code-Review, Web-Search	Implementation/Full
atom-node-module-installer	2021-02-12		Severe	Static-Analysis, Web-Search	Implementation/Full
mime	2021-02-12		Non-Severe	Static-Analysis, Web-Search	Implementation/Full
cityhash	2019-10-30	Microsoft (OSS Security Team)	Non-Severe	Static-Analysis, Code-Review, Web-Search	Implementation/Full
iter-server	2021-02-12		Severe	Web-Search, Code-Review	Implementation/Full
cryo	2021-02-13		Severe	Static-Analysis, Web-Search	Implementation/Full
clap	2019-10-03	Microsoft (OSS Security Team)	None	Static-Analysis, Code-Review, Web-Search	Implementation/Full
left-pad	2019-04-08	Microsoft (OSS Security Team)	None	Static-Analysis, Web-Search, Code-Review	Implementation/Full
cri-o/cri-o	2022-06-13	OSTIF	Severe	Dynamic-Analysis, Code-Review, External-Review	Implementation/Full
sigstore	2022-04-01	Open Source Technology Improvement Fund	Severe	Dynamic-Analysis, Code-Review, External-Review, Fuzzing	Implementation/Full
argoproj/argoproj	2022-04-19	Open Source Technology Improvement Fund, Ada Logics	Severe	Code-Review	Implementation/Partial
kubeedge/kubeedge	2022-05-01	Open Source Technology Improvement Fund	Severe	External-Review, Code-Review	Implementation/Full
coreinfrastructure.org	2019-01-15	Linux Foundation, Core Infrastructure Initiative, Open Source Technology Improvement Fund	Non-Severe	External-Review	Non-Implementation
openvpn	2017-05-11	Open Source Technology Improvement Fund, Quarkslab	Severe	Code-Review	Implementation/Full
lunet-io/markdig, markdig	2019-10-03	Microsoft (OSS Security Team)	None	Static-Analysis, Code-Review, Web-Search	Implementation/Full
redis-64	2019-06-15	Microsoft (OSS Security Team)	Severe	Static-Analysis, Code-Review, Web-Search	Implementation/Partial
red-hat-enterprise-linux	2022-03-09		None	External-Review	Implementation/Full
mozilla-mobile/mozilla-vpn-client	2021-03-20	Cure53	Non-Severe	Code-Review	Implementation/Partial
nlnetlabs/unbound	2019-12-19	Open Source Technology Improvement Fund	Severe	External-Review, Code-Review	Implementation/Full
msft-wam	2021-02-12	Microsoft (OSS Security Team)	Severe	Static-Analysis, Code-Review	Implementation/Partial
add-tw, dep-b, and 26 more	2021-02-16	Microsoft (OSS Security Team)	Severe	Static-Analysis, Code-Review	Implementation/Partial
accessibility-insights-crawler, actions-on-google-nodejs, and 248 more	2021-02-12	Microsoft (OSS Security Team)	Severe	Static-Analysis, Code-Review	Implementation/Partial
qos-ch/slf4j	2022-03-20	Open Source Technology Improvement Fund	Non-Severe	External-Review, Code-Review	Implementation/Full

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security Reviews

Uh oh!

FilesExpand file tree

Overview.md

Latest commit

History

Overview.md

File metadata and controls

Security Reviews