Xint Code is a new tool that automates the analysis of source code and binaries to find critical security vulnerabilities without human intervention. It recently identified major RCE bugs in popular databases, outperforming human teams at the ZeroDay Cloud competition. The tool aims to enhance security in open-source projects through responsible deployment.

RAPTOR is an open-source security research framework that automates code scanning, fuzzing, and vulnerability analysis. It integrates various tools for offensive and defensive security tasks, including evidence collection for GitHub repositories. The framework aims to enhance security research through agentic workflows and community contributions.

Aura Inspector is a tool for testing Salesforce Experience Cloud applications. It helps identify misconfigurations, automate testing, and discover accessible records in both guest and authenticated contexts. You can run it in various modes, including unauthenticated and authenticated scenarios.

This article introduces SkillKit, an open source package manager that consolidates over 31 skill sources and translates them into 44 agent formats. It operates locally without requiring an account and includes features like memory, security scanning, and team workflows.

RAPTOR is a security research framework that automates offensive and defensive tasks like code scanning, fuzzing, and vulnerability analysis. It integrates various tools for testing and evidence collection, making it easier for researchers to identify and address security issues in software. The tool is open-source and encourages community contributions.

The guide provides insights into the OWASP Top 10 CI/CD security risks, emphasizing how automation and Infrastructure as Code (IaC) practices have expanded attack surfaces. It outlines the dangers of Dependency-Poisoned Pipeline Execution (D-PPE) attacks and stresses the importance of securing CI/CD pipelines against both direct and indirect threats.

Google has launched OSS Rebuild to enhance trust in open source software by automating the reproduction of package builds and generating SLSA Provenance. This initiative aims to improve security against supply chain attacks while minimizing the burden on package maintainers. By providing tools for build verification and observability, OSS Rebuild seeks to empower security teams and improve the integrity of open source software ecosystems.

Tracecat is an open source automation platform designed for security and IT engineers, featuring YAML-based templates and a no-code UI for streamlined workflows. It offers community support, deployment options via Docker and AWS, and an Enterprise Edition with additional features. Users can access a registry of integration templates and contribute to the ongoing development of the platform.

OSS Rebuild is a new initiative aimed at enhancing trust in open source package ecosystems by enabling the reproduction of upstream artifacts. This project automates the creation of build definitions for popular package registries, providing security teams with valuable data to mitigate supply chain attacks while minimizing the burden on package maintainers. It seeks to improve transparency and security across various open source ecosystems, starting with support for PyPI, npm, and Crates.io.

ComplianceAsCode is a project aimed at creating security policy content for various platforms and products, facilitating the development and maintenance of security content in multiple formats like SCAP, Ansible, and Bash. It encourages collaboration and aims to provide a format-agnostic approach to security compliance, with a focus on community contributions and ease of use. The project also includes tools for evaluating and applying security configurations across different environments.

StarGuard is a CLI tool designed to identify risks in open-source projects by detecting fake-star campaigns, dependency hijacks, and license issues. It automates the due diligence process by providing a trust score based on various public signals, making it faster and more efficient than manual reviews. The tool offers detailed analyses of stars, dependencies, licenses, maintainers, and code signals, with outputs available in multiple formats.

PWN is an open security automation framework designed to foster trust and innovation in cybersecurity through collaborative development. Users can create custom automation drivers by leveraging pre-built modules, with installation instructions provided for Debian-based Linux distros and OSX. The framework encourages community contributions and interoperability with commercial security tools while emphasizing the importance of obtaining permission before conducting security activities.