sarif — independent software & tools
-
patient-zero
Supply-chain attack scanner for the agent era. Triage in 30s with `npx patient-zero`, block malicious installs before postinstall runs, or drop into CI as a GitHub Action. Covers npm + Python + MCP agent configs. Free, MIT, no signup, no telemetry.
-
snitch
Single static-binary recon orchestrator in Go: chains subfinder, httpx, nmap, nuclei, ffuf, katana + injection testing (dalfox/crlfuzz/sqlmap), with dedup, diff-based webhook alerts, an interactive TUI and JSON/CSV/SARIF export.
-
markdownlint-obsidian
Obsidian Flavored Markdown linting engine — programmatic API and rule set