Skip to content
View harekrishnarai's full-sized avatar
:octocat:
Securing apps via pentesting, code reviews & supply chain defense πŸ”
:octocat:
Securing apps via pentesting, code reviews & supply chain defense πŸ”
42 followers · 40 following

Achievements

Achievement: Pair ExtraordinaireAchievement: QuickdrawAchievement: YOLOAchievement: StarstruckAchievement: Pull Sharkx2

Achievements

Achievement: Pair ExtraordinaireAchievement: QuickdrawAchievement: YOLOAchievement: StarstruckAchievement: Pull Sharkx2

Highlights

Block or report harekrishnarai

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
harekrishnarai/README.md

Hey there, I'm Hare Krishna Rai

Twitter Badge LinkedIn Badge

🎯 Security Researcher | Speaker | Open Source Contributor

  • πŸ”’ Product Security Engineer at Okta (Auth0 Team) – focused on secure software supply chains.

  • 🧠 Creator of SCAGoat β€” a vulnerable-by-design application to evaluate SCA tools and supply chain attack detection.

  • πŸ—£οΈ Featured Speaker at top-tier security conferences:

    Black Hat Europe 2024 Black Hat Asia 2025 DEF CON Forum 2024 AppSec Village 2024

  • 🧰 Regular secure coding trainer, reviewer for security conferences, and CTF enthusiast.

  • πŸ” Researching OSS poisoning, model exposure abuse, malicious packages, and DevSecOps automations.

πŸ“Š GitHub Stats & Achievements

Streak Stats
Top Languages

GitHub Trophies

πŸ“Œ Featured Project: SCAGoat
A deliberately insecure and compromised SCA testbed that simulates:

  • CVE exposure in Node.js and Spring Boot apps
  • Malicious/compromised packages
  • Reachability and fix validation workflows
    Ideal for evaluating SCA tools, container scanners, and CI/CD defenses.

Profile Views

πŸ’¬ Let’s connect to talk about research, secure development, OSS risks, or collaborations!

Pinned Loading

  1. Damn-vulnerable-sca Damn-vulnerable-sca Public

    Damn Vulnerable SCA Application

    Java 36 29

  2. depcheck depcheck Public

    A CLI tool to identify SCA security vulnerabilities in packages and provide suggestions for upgrade versions, breaking changes, CVSS and advisories.

    Go 1