Skip to content

dynatrace-oss/forge-artifacts

Repository files navigation

FORGE Artifacts

⚠️ This product is not officially supported by Dynatrace.

Proprietary

🚨 SECURITY WARNING & LIABILITY DISCLAIMER
This repository contains intentionally vulnerable applications, synthetic exploit traces, and security rules generated strictly for research, testing, and academic evaluation purposes.

Dual-Use & Vulnerable Code: The code and applications provided herein contain deliberate security flaws and mock credentials. They must never be deployed in production environments, public networks, or outside of FORGE's isolated sandbox environments.
No Official Support & Maintenance: This product is an academic research artifact, is provided as-is, and will not be actively maintained or supported by Dynatrace.
No Liability: Users assume all responsibility and liability for the execution, deployment, or utilization of these materials.

Companion data repository for FORGE — a multi-agent framework for automated vulnerability exploitability assessment, presented at the ARES 2026 AgentCy workshop.

Paper: FORGE: Multi-Agent Graduated Exploitation and Detection Engineering (arXiv:2606.03453)

Contents

Directory Description
knowledge/ CWE-specific exploitation and detection knowledge base; build cookbooks per language
results/ Per-CVE run artifacts: generated vulnerable apps, oracle traces, detection rules (Sigma/Snort)
scripts/ Analysis notebooks and scripts to regenerate RQ1-RQ4 statistics and paper figures from results/
cache/ EPSS, CVSS, and CWE enrichment cache files
docker/ Exploit-runner container definition

Runtime configs and prompt templates live in the forge code repository under data/config/ and data/prompts/.

Usage

Clone alongside the FORGE code repository:

git clone https://github.com/dynatrace-oss/forge.git
git clone https://github.com/dynatrace-oss/forge-artifacts.git

cd forge
uv sync
forge run CVE-2024-12345   # uses data/config/forge.yaml from the forge repo by default

Note on results/

The results/ directory contains per-CVE run artifacts including synthetic vulnerable applications generated for research purposes. These apps intentionally contain vulnerabilities and may include mock credentials — this is by design. They should never be deployed outside of FORGE's Podman sandbox.

Exploit scripts are not included in this release.

Citation

@inproceedings{forge-ares2026,
  title     = {{FORGE}: Multi-Agent Graduated Exploitation and Detection Engineering},
  booktitle = {Proceedings of the 21st International Conference on Availability,
               Reliability and Security (ARES 2026), Workshop on Agentic AI
               in Cybersecurity (Agentcy)},
  year      = {2026},
  publisher = {ACM},
  url       = {https://www.ares-conference.eu/agentcy}
}

License

See LICENSE.

About

No description, website, or topics provided.

Resources

License

Code of conduct

Contributing

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors