Open Source Software

We believe in OSS and work to give back whenever possible.

Check code for potential issues.

Our crush tool makes it easy to do quick code reviews.

  • Cross Platform, Integrate into CI/CD
  • Check code for injections and other patterns
  • Extend with your own checks
  • Tune with threshold, tags for check type and file type
  • Compare results to previous results to minimize noise

Inject security into your PR process with some automation of code checks. screenshot

Quickly automate user auditing.

Our gaa tool makes it easy to perform user audits.

  • Google Apps
  • AWS
  • GitHub
  • O365 (In progress)

Future ideas include automation templates and evidence capture. screenshot

Simplifying secure file sharing in S3.

S3S2 makes it easy to build a file sharing solution with partners that ensures data is always encrypted in S3. It also provides a manifest and configuration capability to capture metadata.

  • S3 and KMS based server side encryption
  • OpenPGP key generation and encryption
  • Portable across Linux, Mac and Windows
S3S2 screenshot

Build security into your CI/CD pipeline.

We've been working on Glue for years as an OWASP project.

  • Harness other security tools
  • Publish to JIRA
  • Run in a docker image
  • Easily add new tools
glue screenshot

Work to make package managers more secure.

A new and recent project we have been working on is Packman which provides a framework for reaching out to developers and maintainers of different packaging systems to work to establish baseline security capabilities across the systems.

  • OWASP Project
  • Checklist for package managers
  • Long play to make ecosystems safer
glue screenshot

Want to talk about security and open source software?