Martin Vrachev is a Senior Python Developer with nine years of experience focused on open source, software supply chain security, and AI-driven tooling. He has driven backend development for AI assistant Clarity at Consensus and co-founded RSTUF to harden repository management for TUF-based ecosystems while engaging directly with PyPI, RubyGems, and Maven stakeholders. A long-time contributor and maintainer of python-tuf, he blends deep security engineering—fixing subtle protocol and server bugs—with practical tooling improvements in projects like gosec and Clair. Martin pairs academic grounding in AI (MSc) with hands-on prototyping of AI integrations and security automation, evident from his GitHub-backed work improving static analysis and reducing false positives. He regularly presents at international conferences and has a knack for translating security research into pragmatic, deployable code. Based in Sofia, Bulgaria, he favors contributions that make open source supply chains measurably more resilient.
9 years of coding experience
6 years of employment as a software developer
Master Artificial Intelligence, Master Artificial Intelligence at Sofia University St. Kliment Ohridski
Python reference implementation of The Update Framework (TUF)
Role in this project:
Back-end Developer & Security Engineer
Contributions:528 reviews, 242 commits, 128 PRs in 2 years 8 months
Contributions summary:Martin primarily contributed to the core functionality and security aspects of The Update Framework (TUF) implementation. They addressed and fixed bugs related to simple HTTP server issues, and to a Connection Refused error. Furthermore, they made modifications to the metadata classes by implementing a system with the key, roles, and delegations for easier validation and support for unrecognized fields. The user's work involved debugging, code enhancements, and adherence to security best practices within the TUF framework.
Contributions:6 commits, 8 PRs, 27 comments in 7 months
Contributions summary:Martin primarily contributed to improving the security aspects of the `gosec` tool. Their work included fixing issues related to reporting Golang errors, modifying the G204 rule to reduce false positives and enhance accuracy, clarifying and adding unit tests to G107 for SSRF vulnerabilities, and changing existing unit tests to ensure they check for single things at a time. This focused on enhancing the tool's ability to correctly identify potential security flaws and improve the quality of tests.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Martin Vrachev - Senior Python Developer at Consensus