This repository serves as a benchmark environment for comparing various Software Composition Analysis (SCA) providers, with a specific focus on evaluating DeepSource's SCA capabilities against other solutions.
The main objectives of this repository are:
- To provide a controlled testing environment with known vulnerable dependencies
- To demonstrate DeepSource's ability to detect and remediate third-party vulnerabilities
- To compare the effectiveness of different SCA solutions in identifying and fixing security issues
- To showcase realistic scenarios with reachable vulnerable code
This repository contains intentionally vulnerable code samples and dependencies across various programming languages and package managers. Each vulnerability is carefully crafted to be reachable and exploitable, making it an ideal testing ground for SCA tools.
This repository is designed for testing and benchmarking purposes only. Do not use any code from this repository in production environments.
This project is licensed under the MIT License - see the LICENSE file for details.
The vulnerabilities in this repository are intentionally created for testing purposes. Do not deploy or use this code in any production environment.