Open Source Software

We believe in OSS and work to give back whenever possible.

Check code for potential issues.

Our crush tool makes it easy to do quick code reviews.

  • Cross Platform, Integrate into CI/CD
  • Check code for injections and other patterns
  • Extend with your own checks
  • Tune with threshold, tags for check type and file type
  • Compare results to previous results to minimize noise

Inject security into your PR process with some automation of code checks.

github.com/jemurai/crush screenshot

Quickly automate user auditing.

Our gaa tool makes it easy to perform user audits.

  • Google Apps
  • AWS
  • GitHub
  • O365 (In progress)

Future ideas include automation templates and evidence capture.

github.com/jemurai/gaa screenshot

Simplifying secure file sharing in S3.

S3S2 makes it easy to build a file sharing solution with partners that ensures data is always encrypted in S3. It also provides a manifest and configuration capability to capture metadata.

  • S3 and KMS based server side encryption
  • OpenPGP key generation and encryption
  • Portable across Linux, Mac and Windows
S3S2 screenshot

Build security into your CI/CD pipeline.

We've been working on Glue for years as an OWASP project.

  • Harness other security tools
  • Publish to JIRA
  • Run in a docker image
  • Easily add new tools
glue screenshot

Work to make package managers more secure.

A new and recent project we have been working on is Packman which provides a framework for reaching out to developers and maintainers of different packaging systems to work to establish baseline security capabilities across the systems.

  • OWASP Project
  • Checklist for package managers
  • Long play to make ecosystems safer
glue screenshot

Want to talk about security and open source software?