Skip to content

Add SCOUT to Binary Analysis and SBOM sections#10

Merged
hexsecs merged 2 commits into
hexsecs:mainfrom
R00T-Kim:add-scout-entry
May 4, 2026
Merged

Add SCOUT to Binary Analysis and SBOM sections#10
hexsecs merged 2 commits into
hexsecs:mainfrom
R00T-Kim:add-scout-entry

Conversation

@R00T-Kim
Copy link
Copy Markdown
Contributor

@R00T-Kim R00T-Kim commented May 3, 2026

What changed

Adds SCOUT to two relevant sections:

  • Binary Parsing and Analysis Tools — SCOUT performs Ghidra-driven P-code SSA dataflow taint on extracted firmware binaries with externally-cited 4-tier confidence caps.
  • Firmware Supply Chain and SBOM — SCOUT emits CycloneDX 1.6 + VEX with SLSA L2 in-toto attestation as part of its standard 42-stage pipeline.

Why it belongs in the list

  • Apache-2.0, pure Python 3.10+ stdlib (zero pip deps — air-gap friendly).
  • Tested on 1,123 firmware (FirmAE corpus, v2.6.1 refresh): 1110 success / 4 partial / 9 fatal (98.8%).
  • Outputs are standards-conformant: SARIF 2.1.0 (GitHub Code Scanning), CycloneDX 1.6 + VEX, SLSA L2.
  • Every finding is anchored to a (file_path, byte_offset, sha256, rationale, reasoning_trail) tuple, suitable for analyst review and EU CRA Annex I / FDA 524B / ISO 21434 compliance pipelines.

Verification

  • Description follows the * [Project Name](url) - Short description. format.
  • Repo URL resolves: https://github.com/R00T-Kim/SCOUT (public, Apache-2.0).
  • Both new entries placed alphabetically/contextually after the most-similar existing tool in their section.

@R00T-Kim
Add SCOUT to Binary Analysis and SBOM sections
f5c125f 
SCOUT performs Ghidra-driven P-code SSA dataflow taint on extracted firmware
binaries with externally-cited 4-tier confidence caps, and emits CycloneDX 1.6
+ VEX with SLSA L2 in-toto attestation. Apache-2.0, pure Python 3.10+ stdlib.
@R00T-Kim R00T-Kim requested a review from hexsecs as a code owner May 3, 2026 14:43
@hexsecs
Copy link
Copy Markdown
Owner

hexsecs commented May 3, 2026

The check failed due to a duplicate link. Just pick one category (either is fine with me) and resubmit.

@R00T-Kim @claude
Drop SBOM-section SCOUT entry to satisfy duplicate-link check
62534b9 
Per maintainer review on PR hexsecs#10: keep a single SCOUT entry under
Binary Parsing and Analysis Tools, drop the duplicate listing in
Firmware Supply Chain and SBOM. Binary Analysis is the primary
positioning since SCOUT's distinguishing capability is Ghidra
P-code SSA dataflow taint with 4-tier confidence caps; SBOM
output is one of many pipeline artifacts.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@hexsecs hexsecs merged commit 2ca20a3 into hexsecs:main May 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hexsecs hexsecs Awaiting requested review from hexsecs hexsecs is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@R00T-Kim @hexsecs