Skip to content
@trailofbits

Trail of Bits

More code: binary lifters @lifting-bits, blockchain @crytic, forks @trail-of-forks
README.md
The Trail of Bits logo

Since 2012, Trail of Bits has helped secure some of the world's most targeted organizations and devices.

We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Some of our work:


Pinned Loading

  1. publications publications Public

    Publications from Trail of Bits

    Python 1.8k 218

  2. skills skills Public

    Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

    Python 2.6k 213

  3. fickling fickling Public

    A Python pickling decompiler and static analyzer

    Python 601 66

  4. vscode-weaudit vscode-weaudit Public

    Create code bookmarks and code highlights with a click.

    TypeScript 228 28

  5. semgrep-rules semgrep-rules Public

    Semgrep queries developed by Trail of Bits.

    Go 474 46

  6. codeql-queries codeql-queries Public

    CodeQL queries developed by Trail of Bits

    CodeQL 145 7

Repositories

Showing 10 of 259 repositories
  • claude-code-config Public

    Opinionated defaults, documentation, and workflows for Claude Code at Trail of Bits

    trailofbits/claude-code-config’s past year of commit activity
    Shell 750 50 0 0 Updated Feb 14, 2026
  • vscode-weaudit Public

    Create code bookmarks and code highlights with a click.

    trailofbits/vscode-weaudit’s past year of commit activity
    TypeScript 228 GPL-3.0 28 14 (3 issues need help) 6 Updated Feb 14, 2026
  • aifirst-insecure-agent-labs Public
    trailofbits/aifirst-insecure-agent-labs’s past year of commit activity
    Python 3 2 0 4 Updated Feb 13, 2026
  • codeql Public Forked from github/codeql

    CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

    trailofbits/codeql’s past year of commit activity
    CodeQL 1 MIT 2,169 0 3 Updated Feb 13, 2026
  • it-depends Public

    A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

    trailofbits/it-depends’s past year of commit activity
    Python 382 LGPL-3.0 22 12 2 Updated Feb 13, 2026
  • protofuzz Public

    Google Protocol Buffers message generator

    trailofbits/protofuzz’s past year of commit activity
    Python 283 MIT 36 9 2 Updated Feb 13, 2026
  • blight Public

    A framework for instrumenting build tools

    trailofbits/blight’s past year of commit activity
    Python 90 Apache-2.0 7 20 6 Updated Feb 14, 2026
  • mcp-context-protector Public

    MCP security wrapper

    trailofbits/mcp-context-protector’s past year of commit activity
    Python 206 Apache-2.0 17 5 5 Updated Feb 13, 2026
  • pylock-attestations Public

    CLI tool to add attestation identities to `pylock.toml` files

    trailofbits/pylock-attestations’s past year of commit activity
    Python 5 Apache-2.0 1 4 0 Updated Feb 13, 2026
  • cookiecutter-python Public

    A cookiecutter template for a best-practices Python project

    trailofbits/cookiecutter-python’s past year of commit activity
    Python 29 Apache-2.0 7 0 2 Updated Feb 13, 2026
View all repositories