Welcome to the OpenSSF CVE Benchmark project! The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools The benchmark addresses two problems that security teams face today when assessing