Skip to content

@mergebase MergeBase

Change the repository type filter

All

    Repositories list

    25 repositories

    • defender-demo-shopizer

      Public
      A shopping cart app (backend) for the Defender feature demo. Some modifications have been made for the purpose of the demo.
      Java
      Apache License 2.0
      3k000Updated Mar 20, 2024Mar 20, 2024

    • defender-demo-shopizer-reactjs

      Public
      A shopping cart app (frontend) for the Defender feature demo. Some modifications have been made for the purpose of the demo.
      JavaScript
      Apache License 2.0
      127000Updated Jan 29, 2024Jan 29, 2024

    • jag-file-submission

      Public
      Generic File Submission API - published API from BC Government. TAG_TOOL, OWNER_KELLY, DC_PUBLIC
      Java
      Apache License 2.0
      130026Updated Jan 17, 2023Jan 17, 2023

    • sample

      Public
      Public testing data. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
      0000Updated Nov 18, 2022Nov 18, 2022

    • stupid-git-tricks

      Public
      Experimental test data. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
      Brainfuck
      0000Updated Oct 14, 2022Oct 14, 2022

    • struts-example

      Public
      Example of struts vulnerability. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
      Java
      0000Updated Sep 19, 2022Sep 19, 2022

    • contains-oss

      Public
      An Open Source Java tool to examine binary Java artifacts that we make available to clients and prospects. TAG_PRODUCTION, OWNER_KEN, DC_PUBLIC
      Java
      Other
      3201Updated Jul 7, 2022Jul 7, 2022

    • Vulnerability.Direct.OldStyle

      Public
      Sample project. TAG_TESTING, OWNER_KEN, DC_PUBLIC
      C#
      0004Updated Jun 23, 2022Jun 23, 2022

    • mergebase-scan-action

      Public
      Repository for the MergeBase Scan Github action, which is available in the Github Marketplace. TAG_PRODUCTION, OWNER_DELAN, DC_PUBLIC
      Dockerfile
      0000Updated Jun 8, 2022Jun 8, 2022

    • Vulnerability.Direct

      Public
      Sample dotnet project with direct dependencies on vulnerable NuGet components. TAG_TESTING, OWNER_KEN, DC_PUBLIC
      C#
      0003Updated May 17, 2022May 17, 2022

    • log4j-transitive-example

      Public
      Public testing data. Small Java project that depends indirectly on log4j-core-2.14.0.jar (to test SCA tools) TAG_TESTING, OWNER_KEN, DC_PUBLIC
      Other
      3100Updated Mar 30, 2022Mar 30, 2022

    • log4j-direct-example

      Public
      Public testing data. Small Java project that depends directly on log4j-core-2.14.0.jar (to test SCA tools) TAG_TESTING, OWNER_KEN, DC_PUBLIC
      Other
      0001Updated Mar 30, 2022Mar 30, 2022

    • Vulnerability.Transitive

      Public
      Sample dotnet project with transitive dependencies on vulnerable NuGet components. TAG_TESTING, OWNER_KEN, DC_PUBLIC
      C#
      0000Updated Mar 17, 2022Mar 17, 2022

    • log4j-detector

      Public
      A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
      log4jscannerdetectorcybersecuritypentestscavulnerability-scannercve-2021-44228log4shellcve-2021-45046
      Java
      Other
      98634329Updated Mar 10, 2022Mar 10, 2022

    • yarn-composer-sample

      Public
      0000Updated Mar 2, 2022Mar 2, 2022

    • madness

      Public
      Public Testing Data. TAG_TESTING, OWNER_DELAN, DC_PUBLIC
      2000Updated Feb 24, 2022Feb 24, 2022

    • Packages

      Public
      A fork from a separate public repository of vulnerabilities JSON files containing vulnerable packages. TAG_VULN_DATA, OWNER_KEN, DC_PUBLIC
      C#
      MIT License
      3000Updated Feb 14, 2022Feb 14, 2022

    • csv-compare

      Public
      CSV-Compare is a tool for comparing vulnerability scans as reported in CSV files outputted by mergebase and OWASP-Dependency-Check tools. TAG_TOOL, OWNER_KEN, DC_PUBLIC
      Java
      Other
      0000Updated Feb 9, 2022Feb 9, 2022

    • log4j-samples

      Public
      Public testing data. Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228. TAG_TESTING, OWNER_KEN, DC_PUBLIC
      log4jcve-2021-44228cve-2021-45046
      11410Updated Dec 30, 2021Dec 30, 2021

    • CVE-2021-44228-Apache-Log4j-Rce

      Public
      Apache Log4j 远程代码执行 - A fork of the example exploit code for the Log4J vulnerability. Used for reference. TAG_TESTING, OWNER_KEN, DC_PUBLIC
      Java
      752000Updated Dec 11, 2021Dec 11, 2021

    • struts-demo

      Public
      Example of struts vulnerability. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
      Java
      1008Updated Nov 25, 2021Nov 25, 2021

    • usn2json

      Public
      usn2json - A published tool that converts mail archives to JSON. TAG_TOOL, OWNER_KELLY, DC_PUBLIC
      Java
      0000Updated Jun 2, 2021Jun 2, 2021

    • Java2Json

      Public
      Java 1.2 compatible JSON parser/formatter written as a single source file. This is Open Source. TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
      Java
      0100Updated May 3, 2021May 3, 2021

    • vuln-example-apacheds-all

      Public
      Vulnerability examples. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
      5000Updated Apr 1, 2021Apr 1, 2021

    • flower

      Public
      Used for demoing commit graph capabilities. TAG_TESTING, OWNER_DELAN, DC_PUBLIC
      2000Updated Nov 5, 2020Nov 5, 2020