The Omega Analyzer is a self-contained container image that has a broad set of security tools preinstalled, along with an orchestration script to run those tools against a target and aggregate the results. The analyzer is an orchestration tool set of 20+ security tools (including CodeQL).
While it can be used interactively, its primary purpose is to be run from the host, with output send to a mapped directory.
The Omega Assertion Framework (OAF) is a series of tools for generating assertions reflecting facts about a subject, and for consuming those assertions through policies.
It’s a policy-driven “bar” to measure OSS projects against.
OAF was designed to allow organizations to make decisions based on the security quality of open source projects through a rich, flexible, but simple data set.
The Omega Triage Portal is a web-application that can help manage automated vulnerability reports. It was designed for scale, (hundreds of thousands of projects, many millions of findings), but may also be useful at lower scale. Efficiently triage tool findings output across thousands of projects.
The Portal is in early development, and is ready for feedback use. Create a local instance via docker-compose, pull the image from Github Container Registry, or use Github Codespace to explore the Triage Portal.
This is a client for the Moderne API. It is how the OpenSSF Alpha Omega project generates automated pull requests to fix vulnerabilities, at-scale, across the entire open source ecosystem. This tooling enables at-scale automated pull requests.
