Here are some tools that we are working on:

• airflowscan – a hardening checklist and static analysis tool for Apache Airflow
• Bug Bounty Search – a search engine for URLs in scope via bug bounty platforms, build using Google’s Custom Search Engine (CSE). More information can be found at GitHub. Based on the work by Arkadiy Tetelman (@arkadiyt).
• Public Cloud Storage Search – a search engine for content shared publicly via cloud storage services, build using Google’s Custom Search Engine (CSE). More information can be found at GitHub.
• truegaze – Static analysis tool for Android/iOS apps focusing on security issues outside the source code

Tools for detection of supply chain attacks:

• dont_curl_and_bash – List of projects using the curl/bash pattern
• icecrust – A tool for verification of software downloads using checksums and PGP. Also includes two example dashboards:
  • icetrust_dashboard
  • icetrust_uptime
• release_auditor – A tool for checking if GitHub release assets were modified after publication.

More tools can be found on our GitHub page