Skip to content
@trailofbits

Trail of Bits

More code: binary lifters @lifting-bits, blockchain @crytic, forks @trail-of-forks
README.md
The Trail of Bits logo

Since 2012, Trail of Bits has helped secure some of the world's most targeted organizations and devices.

We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Some of our work:


Pinned Loading

  1. publications publications Public

    Publications from Trail of Bits

    Python 1.8k 220

  2. skills skills Public

    Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

    Python 3k 235

  3. fickling fickling Public

    A Python pickling decompiler and static analyzer

    Python 604 67

  4. vscode-weaudit vscode-weaudit Public

    Create code bookmarks and code highlights with a click.

    TypeScript 230 28

  5. semgrep-rules semgrep-rules Public

    Semgrep queries developed by Trail of Bits.

    Go 483 46

  6. codeql-queries codeql-queries Public

    CodeQL queries developed by Trail of Bits

    CodeQL 147 7

Repositories

Showing 10 of 263 repositories
  • build-wrap Public

    Help protect against malicious build scripts

    trailofbits/build-wrap’s past year of commit activity
    Rust 25 AGPL-3.0 4 1 1 Updated Feb 27, 2026
  • test-fuzz Public

    To make fuzzing Rust easy

    trailofbits/test-fuzz’s past year of commit activity
    Rust 197 AGPL-3.0 25 11 (1 issue needs help) 4 Updated Feb 27, 2026
  • elaborate Public

    Wrappers for standard library functions and types to produce more elaborate error messages

    trailofbits/elaborate’s past year of commit activity
    Rust 4 Apache-2.0 1 2 1 Updated Feb 27, 2026
  • cargo-unmaintained Public

    Find unmaintained packages in Rust projects

    trailofbits/cargo-unmaintained’s past year of commit activity
    Rust 85 AGPL-3.0 13 11 2 Updated Feb 27, 2026
  • claude-code-devcontainer Public

    Sandboxed devcontainer for running Claude Code in bypass mode safely. Built for security audits and untrusted code review.

    trailofbits/claude-code-devcontainer’s past year of commit activity
    Shell 450 Apache-2.0 38 0 3 Updated Feb 27, 2026
  • publications Public

    Publications from Trail of Bits

    trailofbits/publications’s past year of commit activity
    Python 1,769 CC-BY-SA-4.0 219 0 0 Updated Feb 27, 2026
  • mcp-context-protector Public

    MCP security wrapper

    trailofbits/mcp-context-protector’s past year of commit activity
    Python 213 Apache-2.0 17 5 6 Updated Feb 27, 2026
  • pip-plugin-pep740 Public

    An implementation of a pip plugin that verifies PEP-740 attestations before installing a package, and aborts the installation if verification fails.

    trailofbits/pip-plugin-pep740’s past year of commit activity
    Python 5 Apache-2.0 0 1 0 Updated Feb 27, 2026
  • gosentry Public Forked from golang/go

    Security-oriented Go toolchain, focused on state-of-the-art fuzzing capabilities.

    trailofbits/gosentry’s past year of commit activity
    Go 15 BSD-3-Clause 19,985 0 0 Updated Feb 27, 2026
  • deptective Public

    Deptective automatically determines the native dependencies required to run any arbitrary program or command.

    trailofbits/deptective’s past year of commit activity
    Python 129 LGPL-3.0 0 1 3 Updated Feb 27, 2026
View all repositories