Automated Security Scanning & Vulnerability Management @Google
Joined October 2011
- Tweets 1,455
- Following 423
- Followers 3,321
- Likes 742
7 Photos and videos
Pinned Tweet
17 Jan 2025
Today, we announced the official release of OSV-SCALIBR, Google's software composition analysis library. If you are working in vuln management / security scanning, SCALIBR is for you! SCALIBR is powering most of Google's vuln scanning. Please RT
security.googleblog.com/2025…
3
75
209
14,907
Sebastian Lekies retweeted
May 14
The vulnapocalypse is here, but Opus 4.7 still routinely confuses the direction of a wild memcpy.
LLMs are super crazy powerful, and in many ways superhuman, but in some ways ... well, not quite there yet.
7
16
98
8,853
Sebastian Lekies retweeted
11 Aug 2025
Got a knack for security? We've launched a rewards program for OSV-SCALIBR and want your help!
Earn cash 💰 for creating new plugins that detect vulnerabilities, secrets, or extract software inventory.
bughunters.google.com/blog/6…
1
16
67
6,071
Sebastian Lekies retweeted
24 Jul 2025
I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥
The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇
gmsgadget.com/
1/4
12
173
458
42,852
Sebastian Lekies retweeted
22 Jul 2025
Protect your systems from leaked credentials! 🚨 We're excited to announce Veles, a new open-source secret and credential scanner from Google. Veles helps you find and fix sensitive data exposures in your source code and artifacts, with more features on the way!
Learn how Veles is battle-tested at Google and how it can help secure your organization: goo.gle/veles-scanner #Veles #OpenSource #Security #Cybersecurity #SecretsScanning
20
34
3,239
22 Jul 2025
Veles, Google's new open-source secret scanner, is now available. This tool, built into our SCALIBR scanner, identifies exposed credentials with an extensible architecture for new secret types. We'd love to hear your feedback and answer any questions. opensource.googleblog.com/20…
2
6
519
Sebastian Lekies retweeted
17 Jan 2025
Today Google announced a new OSV-SCALIBR: A library for Software composition analysis. It allows to extract software dependencies, generate SBOM’s and scan them via osv.dev!
More details in our blogpost: security.googleblog.com/2025…
4
7
722
Sebastian Lekies retweeted
17 Jan 2025
Google has launched OSV-SCALIBR, an open-source library for software composition analysis! It identifies vulnerabilities and generates SBOMs, supporting various OS and languages. 🛡️🔍 #OpenSource #Google #SoftwareSecurity #CybersecurityNews
link: ift.tt/qE5l48z
1
1
5
322
Sebastian Lekies retweeted
17 Jan 2025
Google releases OSV-SCALIBR, an open source library for software composition analysis and file system scanning. securityweek.com/google-rele…
1
1
304
Sebastian Lekies retweeted
17 Jan 2025
Google’s New OSV-SCALIBR: Your Software’s Superhero or Just Another Sidekick?
Hot Take:
Google's OSV-SCALIBR: Because keeping tabs on your software vulnerabilities should be as easy as keeping tabs on your ex's Instagram story. With this new tool, Google is basically saying, "Don't worry, we got your back (and your code's back)!"
buff.ly/42jkbj7
1
1
209
17 Jan 2025
Today, we announced the official release of OSV-SCALIBR, Google's software composition analysis library. If you are working in vuln management / security scanning, SCALIBR is for you! SCALIBR is powering most of Google's vuln scanning. Please RT
security.googleblog.com/2025…
3
75
209
14,907
17 Jan 2025
SCALIBR is a library that allows you to enumerate all software installed in a given file system, such as containers, VMs, running machines, or code repositories. Additionally, it offers extensible vulnerability scanning capabilities. Reach out in case you have questions.
1
4
5
1,512
Sebastian Lekies retweeted
17 Jan 2025
OSV-SCALIBR: A library for Software Composition Analysis
security.googleblog.com/2025…
3
3
901
Sebastian Lekies retweeted
22 Apr 2024
⚒️ SCALIBR (Software Composition Analysis Library)
An extensible file system scanner used to extract software inventory data (e.g. installed language packages) and detect vulnerabilities
By @Google
github.com/google/osv-scalib…
10
31
2,759
Sebastian Lekies retweeted
16 Jan 2025
OSV-SCALIBR: A library for Software Composition Analysis: ift.tt/XrvxnOD by Google Online Security Blog #infosec #cybersecurity #technology #news
1
1
204
Sebastian Lekies retweeted
17 Jan 2025
"OSV-SCALIBR combines Google’s internal vulnerability management expertise into one scanning library with significant new capabilities ..." security.googleblog.com/2025… < it's open source, and you can use what Google uses for software composition analysis
4
8
754
Sebastian Lekies retweeted
4 Nov 2024
I wish we could deprecate javascript: URIs which are one of the few remaining XSS vectors for modern SPAs. Until then we can use CSP to disable javascript: URIs.
Here's a prototype for a refactoring free strict & hash-based CSP that does that: github.com/google/strict-csp…
2
4
16
1,784
Sebastian Lekies retweeted
19 Mar 2024
Tsunami wants to be the best platform for scanning your AI infrastructure. Come join the party.
bughunters.google.com/blog/5…
7
11
1,647
Sebastian Lekies retweeted
19 Mar 2024
Are you passionate about expanding the capabilities of the Tsunami network scanner, and would like to help keep AI infrastructure secure? See our blog post for details on getting involved and how your efforts will be rewarded 💸!
bughunters.google.com/blog/5… bughunters.google.com/blog/5…
26
85
9,604
Sebastian Lekies retweeted
7 Nov 2023
⚗️ localtoast
Localtoast is a scanner for running security-related configuration checks such as CIS benchmarks in an easily configurable manner.
github.com/google/localtoast
1
12
57
6,816