Name: Andrew Pollock
Type: User
Company: Google Open Source Security Team
Bio: I'm a software engineer at Google, working on OSV.dev, which ties into open source vulnerability management and related software supply chain security.
Location: Brisbane
Andrew Pollock's Projects
aide source code
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan Community Edition (CE)
Webpage for CANtact tool
Custom ebuilds for CoreOS
ο»ΏAn open letter to the CVE Project and CNAs
This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published here. This repository is managed by the CVE Quality Working Group.
CLI tool to validate CVE v5 JSON records.
The open-source repo for docs.github.com
Generates Go (golang) Structs from JSON schema.
A highly extensible Git implementation in pure Go.
Staticcheck - The advanced Go linter
The C based gRPC (C++, Node.js, Python, Ruby, Objective-C, PHP, C#)
Makes JSON easy to read.
An open-source, self-hosted memo hub with knowledge management and social networking.
A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)
OSS-Fuzz - continuous fuzzing for open source software.
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
Open Source Vulnerability schema.
Open source vulnerability DB and triage service.
Go implementation of the package url spec
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
Repo for collaborating on converting RedHat CSAF VEX to OSV