Launch HN: EdgeBit (YC W23) – live software vulnerability analysis

1. syft

   1 39 6,706 9.8 Go

   CLI tool and library for generating a Software Bill of Materials from container images and filesystems

   

   Inside of the SBOMs, we can detect a lot: https://github.com/anchore/syft#supported-ecosystems

   You're right that the active/dormant detection needs to be customized per type of runtime. We cover rpm/deb, python and java with the node and others coming very soon. The compiled languages will be our main focus next. For example, Go binaries embed some dependency metadata in the binary itself.

   Also related to this effort is the "in-toto" integrity chain: https://in-toto.io/in-toto/ Since we're already connecting build to run, we aim to complete the chain.

2. CodeRabbit

   coderabbit.ai featured

   CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

   

3. sso-wall-of-shame

   2 215 730 7.8 JavaScript

   A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.

   

   FWIW it's frowned upon for security tools to have https://sso.tax, and your pricing page doesn't list any pricing.

Suggest a related project