Skip to content
@Ozark-Security-Labs

Ozark Security Labs

We develop open-source tools for developers and AppSec teams.

Ozark Security Labs

We build deterministic application-security tooling for developers and AppSec teams.

Products

  • deterministic-deps — GitHub Action that flags non-deterministic dependency declarations across 9 ecosystems.
  • AuthMap — authorization coverage mapping across routes, handlers, and data mutations.
  • SessionScope — session, cookie, JWT, and token lifecycle auditor.
  • PkgWarden — package-manager hardening advisor for dependency-ingestion controls.
  • rulepath — deterministic analysis of business-logic flaws and invariant enforcement.

Internal standard library

Every external dependency consumed by an Ozark product lives inside this org as an owned, trimmed osl-prefixed fork. We patch CVEs and bugs directly in the fork rather than waiting on upstream, and we never auto-sync — upstream commits are cherry-picked deliberately.

The full policy, the fork-and-trim runbook, and the current index of forks live in this repo:

If you found this org through a CVE advisory or are reviewing how we handle a specific vulnerability, the fork's CHANGELOG-OZARK.md is the per-dep history.

Pinned Loading

  1. supply-chain-hardening supply-chain-hardening Public

    Recipe-driven best practices for deterministic dependencies and supply chain hardening, from baseline to SLSA L3.

Repositories

Showing 10 of 13 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…