56 results found Sort:

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
Created 2015-12-18
9,015 commits to master branch, last one 2 days ago
626
10.7k
lgpl-2.1
104
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Created 2019-12-13
8,076 commits to develop branch, last one a day ago
500
4.8k
apache-2.0
69
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Created 2017-09-11
1,661 commits to master branch, last one 2 months ago
327
2.4k
gpl-3.0
58
nodejsscan is a static security code scanner for Node.js applications.
Created 2015-02-27
515 commits to master branch, last one 16 days ago
105
2.0k
other
20
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Created 2022-09-27
1,296 commits to main branch, last one 14 days ago
163
1.5k
unknown
18
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
Created 2021-12-13
71 commits to main branch, last one about a year ago
188
1.1k
apache-2.0
50
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Created 2020-09-08
705 commits to main branch, last one about a year ago
IDEA静态代码安全审计及漏洞一键修复插件
Created 2020-10-09
64 commits to 2018.3 branch, last one 2 years ago
90
818
agpl-3.0
16
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
Created 2022-01-31
1,206 commits to main branch, last one a day ago
111
808
apache-2.0
32
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Created 2020-03-23
378 commits to master branch, last one about a year ago
74
759
gpl-3.0
13
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,...
Created 2023-01-10
100 commits to main branch, last one about a year ago
133
674
unknown
16
基于pytorch的ocr算法库,包括 psenet, pan, dbnet, sast , crnn
Created 2020-09-04
81 commits to version2 branch, last one 3 years ago
97
607
lgpl-3.0
8
mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis r...
Created 2021-01-30
184 commits to main branch, last one 5 days ago
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to im...
Created 2019-11-12
163 commits to master branch, last one 3 years ago
75
375
lgpl-3.0
13
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Created 2020-04-15
214 commits to master branch, last one 7 days ago
xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
Created 2022-12-26
189 commits to main branch, last one 9 days ago
18
327
gpl-3.0
7
A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
Created 2022-03-23
73 commits to main branch, last one 10 months ago
28
321
unknown
6
《深入理解SAST静态应用安全测试》Static Application Security Testing.
Created 2022-01-17
57 commits to main branch, last one 7 months ago
9
287
unknown
2
"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompilation, custom rule creation, and is compa...
Created 2024-06-10
18 commits to main branch, last one 9 days ago
55
274
unknown
26
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Created 2018-04-29
256 commits to master branch, last one 4 years ago
SecHub provides a central API to test software with different security tools.
Created 2019-07-22
4,703 commits to develop branch, last one 18 hours ago
Corax for Java: A general static analysis framework for java code checking.
Created 2023-08-29
62 commits to main branch, last one about a month ago
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Created 2020-03-26
386 commits to master branch, last one 20 days ago
43
205
gpl-3.0
9
Django application that performs SAST and Malware Analysis for Android APKs
Created 2020-11-21
165 commits to main branch, last one 5 months ago
A source code static analysis platform for AppSec enthusiasts.
Created 2023-01-06
411 commits to main branch, last one about a month ago
18
183
gpl-3.0
3
Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets
Created 2024-11-03
18 commits to main branch, last one 4 days ago
Complete Roadmap for Penetration Testing
Created 2024-01-16
149 commits to main branch, last one 2 months ago
15
149
gpl-3.0
1
Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
Created 2023-12-03
103 commits to main branch, last one 8 months ago
17
147
unknown
2
鹏 RocB - Java代码审计IDEA插件 SAST
Created 2021-08-28
27 commits to main branch, last one 3 years ago
The only open-source tool to analyze vulnerabilities and configuration issues with running docker container(s) and docker networks.
Created 2020-06-18
102 commits to master branch, last one 3 years ago