55 results found Sort:

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
Created 2015-12-18
9,002 commits to master branch, last one 15 hours ago
620
10.6k
lgpl-2.1
106
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Created 2019-12-13
8,017 commits to develop branch, last one 12 hours ago
499
4.8k
apache-2.0
69
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Created 2017-09-11
1,661 commits to master branch, last one about a month ago
327
2.4k
gpl-3.0
58
nodejsscan is a static security code scanner for Node.js applications.
Created 2015-02-27
515 commits to master branch, last one 2 days ago
101
2.0k
other
20
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Created 2022-09-27
1,296 commits to main branch, last one 21 hours ago
163
1.5k
unknown
18
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
Created 2021-12-13
71 commits to main branch, last one 11 months ago
185
1.1k
apache-2.0
50
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Created 2020-09-08
705 commits to main branch, last one about a year ago
IDEA静态代码安全审计及漏洞一键修复插件
Created 2020-10-09
64 commits to 2018.3 branch, last one 2 years ago
90
809
agpl-3.0
16
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
Created 2022-01-31
1,157 commits to main branch, last one 16 hours ago
111
805
apache-2.0
31
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Created 2020-03-23
378 commits to master branch, last one about a year ago
74
751
gpl-3.0
13
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,...
Created 2023-01-10
100 commits to main branch, last one about a year ago
133
673
unknown
16
基于pytorch的ocr算法库,包括 psenet, pan, dbnet, sast , crnn
Created 2020-09-04
81 commits to version2 branch, last one 3 years ago
96
604
lgpl-3.0
8
mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis r...
Created 2021-01-30
173 commits to main branch, last one 2 days ago
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to im...
Created 2019-11-12
163 commits to master branch, last one 3 years ago
74
375
lgpl-3.0
13
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Created 2020-04-15
210 commits to master branch, last one 2 days ago
xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
Created 2022-12-26
188 commits to main branch, last one 18 hours ago
18
327
gpl-3.0
7
A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
Created 2022-03-23
73 commits to main branch, last one 10 months ago
28
318
unknown
6
《深入理解SAST静态应用安全测试》Static Application Security Testing.
Created 2022-01-17
57 commits to main branch, last one 6 months ago
54
274
unknown
26
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Created 2018-04-29
256 commits to master branch, last one 4 years ago
SecHub provides a central API to test software with different security tools.
Created 2019-07-22
4,671 commits to develop branch, last one 16 hours ago
7
247
unknown
2
“铲子”是一款简单易用的JAVA SAST工具,旨在为安全工程师提供一款简单、好用、价格厚道的代码安全扫描产品,支持语言: java(Servlet、spring、dubbo、thirft、mybatis、jsp) ,采用轻量级污点分析,铲子会将java、xml(mybatis、dubbo)等统一构建数据流图,然后进行污点分析,无需编译,也可以反编译扫描jar或class,内置了 sql 注入、命...
Created 2024-06-10
16 commits to main branch, last one 8 days ago
Corax for Java: A general static analysis framework for java code checking.
Created 2023-08-29
62 commits to main branch, last one about a month ago
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Created 2020-03-26
386 commits to master branch, last one 5 days ago
43
204
gpl-3.0
9
Django application that performs SAST and Malware Analysis for Android APKs
Created 2020-11-21
165 commits to main branch, last one 4 months ago
A source code static analysis platform for AppSec enthusiasts.
Created 2023-01-06
411 commits to main branch, last one about a month ago
Complete Roadmap for Penetration Testing
Created 2024-01-16
149 commits to main branch, last one about a month ago
15
149
gpl-3.0
1
Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
Created 2023-12-03
103 commits to main branch, last one 7 months ago
17
147
unknown
2
鹏 RocB - Java代码审计IDEA插件 SAST
Created 2021-08-28
27 commits to main branch, last one 3 years ago
The only open-source tool to analyze vulnerabilities and configuration issues with running docker container(s) and docker networks.
Created 2020-06-18
102 commits to master branch, last one 3 years ago
20
124
lgpl-3.0
7
Generic SAST Library
Created 2020-04-09
242 commits to master branch, last one 2 days ago