Security Reviews

The following table provides an overview of all security reviews and associated work found in this repo, along with a link to the review report. You can also use the GitHub search box to look for specific reviews.

Project/Product	Review Date	Facilitated By	Issues	Methodology	Scope
fluxcd/flux2	2021-09-01	AdaLogics, Open Source Technology Improvement Fund	Severe	Dynamic-Analysis, Code-Review, External-Review, Fuzzing	Implementation/Full
c-ares/c-ares	2023-05-30	OSTIF - X41 D-Sec	Non-Severe	Static-Analysis, Dynamic-Analysis, Code-Review, External-Review, Fuzzing	Implementation/Full
linux-kernel, torvalds/linux	2021-01-15	Open Source Technology Improvement Fund, Atredis Partners	Non-Severe	External-Review	Non-Implementation
linux-kernel, torvalds/linux	2021-04-15	Open Source Technology Improvement Fund, Trail of Bits	Non-Severe	External-Review	Non-Implementation
ring, rustls, and 3 more	2020-06-15	Cure53	Non-Severe	Static-Analysis, Dynamic-Analysis, Code-Review, External-Review	Implementation/Full
veracrypt/veracrypt	2016-08-16	Open Source Technology Improvement Fund, Quarkslab	Severe	Code-Review	Implementation/Partial
zerotier	2020-03-23	Trail of Bits	Not-Examined	External-Review	Non-Implementation
coredns/coredns, miekg/dns	2018-02-03	Cloud Native Computing Foundation, Linux Foundation, Cure53	Non-Severe	External-Review	Implementation/Full
helm/helm/tree/v3.3.0-rc.1	2020-08-10	Trail of Bits	Severe	Static-Analysis, Dynamic-Analysis, Code-Review, External-Review	Implementation/Full
madler/zlib	2016-09-30	Trail of Bits, TrustInSoft	Non-Severe	External-Review	Implementation/Partial
open-policy-agent/frameworks/tree/master/constraint, open-policy-agent/gatekeeper, and 1 more	2020-03-10	Trail of Bits	Severe	Static-Analysis, Dynamic-Analysis, Code-Review, External-Review	Implementation/Full
etcd-io/etcd	2020-02-07	Trail of Bits	Severe	Static-Analysis, Dynamic-Analysis, Code-Review, External-Review	Non-Implementation
fail2ban/fail2ban	2021-07-01	GitHub	Non-Severe	Code-Review, External-Review	Implementation/Full
rook/rook/tree/release-1.1	2019-12-19	Trail of Bits	Severe	Static-Analysis, Dynamic-Analysis, Code-Review, External-Review, Fuzzing	Non-Implementation
standardnotes/SNCrypto, standardnotes/snjs	2020-09-08	Trail of Bits	Non-Severe	Static-Analysis, Code-Review, External-Review	Implementation/Partial
argoproj/argo-cd, argoproj/argo-events, and 4 more	2021-03-12	Trail of Bits	Severe	Static-Analysis, Dynamic-Analysis, Code-Review, External-Review	Implementation/Full
freedomofpress/securedrop-workstation	2020-12-18	Trail of Bits	Severe	External-Review	Implementation/Full
westerndigitalcorporation/sweet-b	2020-01-24	Trail of Bits	Severe	Static-Analysis, Code-Review, External-Review	Implementation/Partial
envoyproxy/envoy	2018-02-01	Cloud Native Computing Foundation, Linux Foundation, Cure53	Non-Severe	External-Review	Implementation/Full
openssl/openssl	2019-01-19	Open Source Technology Improvement Fund, Quarkslab	Non-Severe	Code-Review	Implementation/Partial
p-limit	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
os-homedir	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
get-stream	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
string-width	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
string-width	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
string-width	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-windows	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
json-stringify-safe	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
onetime	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
lazy-cache	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
path-key	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-extendable	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-extendable	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-extendable	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
end-of-stream	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
decamelize	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
balanced-match	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
balanced-match	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
merge-descriptors	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
find-up	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
has	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
p-locate	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
ansi-yellow	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
globals	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
color-name	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
buffer-from	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-stream	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-stream	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
has-value	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
path-exists	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
path-exists	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
code-point-at	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
set-blocking	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
to-object-path	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
destroy	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
copy-descriptor	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
copy-descriptor	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
callsites	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
os-tmpdir	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
binary-extensions	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
define-property	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
define-property	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
define-property	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
object-copy	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
imurmurhash	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
strip-ansi	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
strip-ansi	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
strip-ansi	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
inline-process-browser	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
shebang-regex	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
shebang-regex	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
isobject	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
isarray	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
methods	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
escape-string-regexp	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
escape-string-regexp	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
has-flag	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
has-flag	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
performance-now	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-plain-object	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-descriptor	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-descriptor	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
p-try	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
p-try	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
core-util-is	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
core-util-is	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
pascalcase	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
encodeurl	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
mimic-fn	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-fullwidth-code-point	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-fullwidth-code-point	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-fullwidth-code-point	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
supports-color	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
supports-color	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
supports-color	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
inherits	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
inherits	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
is-buffer	2022-05-06	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
shebang-command	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
shebang-command	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
ansi-regex	2022-05-08	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
ansi-regex	2022-05-05	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
through2	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
ms	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
ms	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
ms	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
ms	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
pkg-dir	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
number-is-nan	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
number-is-nan	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
path-is-absolute	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
path-is-absolute	2022-05-09	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
path-is-absolute	2022-05-07	OpenSSF / Omega	None	Static-Analysis	Implementation/Full
file-loader	2019-10-04	Microsoft (OSS Security Team)	None	Static-Analysis, Code-Review, Web-Search	Implementation/Full
atom-node-module-installer	2021-02-12		Severe	Static-Analysis, Web-Search	Implementation/Full
mime	2021-02-12		Non-Severe	Static-Analysis, Web-Search	Implementation/Full
cityhash	2019-10-30	Microsoft (OSS Security Team)	Non-Severe	Static-Analysis, Code-Review, Web-Search	Implementation/Full
iter-server	2021-02-12		Severe	Web-Search, Code-Review	Implementation/Full
cryo	2021-02-13		Severe	Static-Analysis, Web-Search	Implementation/Full
clap	2019-10-03	Microsoft (OSS Security Team)	None	Static-Analysis, Code-Review, Web-Search	Implementation/Full
left-pad	2019-04-08	Microsoft (OSS Security Team)	None	Static-Analysis, Web-Search, Code-Review	Implementation/Full
cri-o/cri-o	2022-06-13	OSTIF	Severe	Dynamic-Analysis, Code-Review, External-Review	Implementation/Full
sigstore	2022-04-01	Open Source Technology Improvement Fund	Severe	Dynamic-Analysis, Code-Review, External-Review, Fuzzing	Implementation/Full
argoproj/argoproj	2022-04-19	Open Source Technology Improvement Fund, Ada Logics	Severe	Code-Review	Implementation/Partial
kubeedge/kubeedge	2022-05-01	Open Source Technology Improvement Fund	Severe	External-Review, Code-Review	Implementation/Full
coreinfrastructure.org	2019-01-15	Linux Foundation, Core Infrastructure Initiative, Open Source Technology Improvement Fund	Non-Severe	External-Review	Non-Implementation
openvpn	2017-05-11	Open Source Technology Improvement Fund, Quarkslab	Severe	Code-Review	Implementation/Full
lunet-io/markdig, markdig	2019-10-03	Microsoft (OSS Security Team)	None	Static-Analysis, Code-Review, Web-Search	Implementation/Full
redis-64	2019-06-15	Microsoft (OSS Security Team)	Severe	Static-Analysis, Code-Review, Web-Search	Implementation/Partial
red-hat-enterprise-linux	2022-03-09		None	External-Review	Implementation/Full
mozilla-mobile/mozilla-vpn-client	2021-03-20	Cure53	Non-Severe	Code-Review	Implementation/Partial
nlnetlabs/unbound	2019-12-19	Open Source Technology Improvement Fund	Severe	External-Review, Code-Review	Implementation/Full
msft-wam	2021-02-12	Microsoft (OSS Security Team)	Severe	Static-Analysis, Code-Review	Implementation/Partial
add-tw, dep-b, and 26 more	2021-02-16	Microsoft (OSS Security Team)	Severe	Static-Analysis, Code-Review	Implementation/Partial
accessibility-insights-crawler, actions-on-google-nodejs, and 248 more	2021-02-12	Microsoft (OSS Security Team)	Severe	Static-Analysis, Code-Review	Implementation/Partial
qos-ch/slf4j	2022-03-20	Open Source Technology Improvement Fund	Non-Severe	External-Review, Code-Review	Implementation/Full

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Overview.md

Overview.md

Security Reviews

Files

Overview.md

Latest commit

History

Overview.md

File metadata and controls

Security Reviews