Skip to content

@mergebase MergeBase

Change the repository type filter

All

    Repositories list

    25 repositories

    • log4j-direct-example

      Public
      Public testing data. Small Java project that depends directly on log4j-core-2.14.0.jar (to test SCA tools) TAG_TESTING, OWNER_KEN, DC_PUBLIC
      Other
      0001Updated Dec 19, 2025Dec 19, 2025

    • defender-demo-shopizer

      Public
      A shopping cart app (backend) for the Defender feature demo. Some modifications have been made for the purpose of the demo.
      Java
      Apache License 2.0
      3.3k000Updated Mar 20, 2024Mar 20, 2024

    • defender-demo-shopizer-reactjs

      Public
      A shopping cart app (frontend) for the Defender feature demo. Some modifications have been made for the purpose of the demo.
      JavaScript
      Apache License 2.0
      185000Updated Jan 29, 2024Jan 29, 2024

    • jag-file-submission

      Public
      Generic File Submission API - published API from BC Government. TAG_TOOL, OWNER_KELLY, DC_PUBLIC
      Java
      Apache License 2.0
      120026Updated Jan 17, 2023Jan 17, 2023

    • sample

      Public
      Public testing data. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
      0000Updated Nov 18, 2022Nov 18, 2022

    • stupid-git-tricks

      Public
      Experimental test data. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
      Brainfuck
      0000Updated Oct 14, 2022Oct 14, 2022

    • struts-example

      Public
      Example of struts vulnerability. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
      Java
      1000Updated Sep 19, 2022Sep 19, 2022

    • contains-oss

      Public
      An Open Source Java tool to examine binary Java artifacts that we make available to clients and prospects. TAG_PRODUCTION, OWNER_KEN, DC_PUBLIC
      Java
      Other
      3301Updated Jul 7, 2022Jul 7, 2022

    • Vulnerability.Direct.OldStyle

      Public
      Sample project. TAG_TESTING, OWNER_KEN, DC_PUBLIC
      C#
      0004Updated Jun 23, 2022Jun 23, 2022

    • mergebase-scan-action

      Public
      Repository for the MergeBase Scan Github action, which is available in the Github Marketplace. TAG_PRODUCTION, OWNER_DELAN, DC_PUBLIC
      Dockerfile
      0000Updated Jun 8, 2022Jun 8, 2022

    • Vulnerability.Direct

      Public
      Sample dotnet project with direct dependencies on vulnerable NuGet components. TAG_TESTING, OWNER_KEN, DC_PUBLIC
      C#
      1003Updated May 17, 2022May 17, 2022

    • log4j-transitive-example

      Public
      Public testing data. Small Java project that depends indirectly on log4j-core-2.14.0.jar (to test SCA tools) TAG_TESTING, OWNER_KEN, DC_PUBLIC
      Other
      3100Updated Mar 30, 2022Mar 30, 2022

    • Vulnerability.Transitive

      Public
      Sample dotnet project with transitive dependencies on vulnerable NuGet components. TAG_TESTING, OWNER_KEN, DC_PUBLIC
      C#
      0000Updated Mar 17, 2022Mar 17, 2022

    • log4j-detector

      Public
      A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any applicati…
      log4jscannerdetector
      log4jscannerdetectorcybersecuritypentestscavulnerability-scannercve-2021-44228log4shellcve-2021-45046
      Java
      Other
      97640329Updated Mar 10, 2022Mar 10, 2022

    • yarn-composer-sample

      Public
      0000Updated Mar 2, 2022Mar 2, 2022

    • madness

      Public
      Public Testing Data. TAG_TESTING, OWNER_DELAN, DC_PUBLIC
      2000Updated Feb 24, 2022Feb 24, 2022

    • Packages

      Public
      A fork from a separate public repository of vulnerabilities JSON files containing vulnerable packages. TAG_VULN_DATA, OWNER_KEN, DC_PUBLIC
      C#
      MIT License
      3000Updated Feb 14, 2022Feb 14, 2022

    • csv-compare

      Public
      CSV-Compare is a tool for comparing vulnerability scans as reported in CSV files outputted by mergebase and OWASP-Dependency-Check tools. TAG_TOOL, OWNER_KEN, …
      Java
      Other
      0000Updated Feb 9, 2022Feb 9, 2022

    • log4j-samples

      Public
      Public testing data. Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-4422…
      log4jcve-2021-44228cve-2021-45046
      log4jcve-2021-44228cve-2021-45046
      11400Updated Dec 30, 2021Dec 30, 2021

    • CVE-2021-44228-Apache-Log4j-Rce

      Public
      Apache Log4j 远程代码执行 - A fork of the example exploit code for the Log4J vulnerability. Used for reference. TAG_TESTING, OWNER_KEN, DC_PUBLIC
      Java
      733000Updated Dec 11, 2021Dec 11, 2021

    • struts-demo

      Public
      Example of struts vulnerability. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
      Java
      1008Updated Nov 25, 2021Nov 25, 2021

    • usn2json

      Public
      usn2json - A published tool that converts mail archives to JSON. TAG_TOOL, OWNER_KELLY, DC_PUBLIC
      Java
      0000Updated Jun 2, 2021Jun 2, 2021

    • Java2Json

      Public
      Java 1.2 compatible JSON parser/formatter written as a single source file. This is Open Source. TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC
      Java
      0100Updated May 3, 2021May 3, 2021

    • vuln-example-apacheds-all

      Public
      Vulnerability examples. TAG_TESTING, OWNER_KELLY, DC_PUBLIC
      5000Updated Apr 1, 2021Apr 1, 2021

    • flower

      Public
      Used for demoing commit graph capabilities. TAG_TESTING, OWNER_DELAN, DC_PUBLIC
      2000Updated Nov 5, 2020Nov 5, 2020
    ProTip! When viewing an organization's repositories, you can use the props. filter to filter by custom property.