55 results found Sort:
- Filter by Primary Language:
- Python (15)
- Go (9)
- JavaScript (4)
- Shell (4)
- Java (4)
- Rust (2)
- OCaml (1)
- Perl (1)
- Ruby (1)
- C++ (1)
- TypeScript (1)
- Clojure (1)
- CSS (1)
- HCL (1)
- HTML (1)
- Kotlin (1)
- +
⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
Created
2015-12-18
9,002 commits to master branch, last one 15 hours ago
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Created
2019-12-13
8,017 commits to develop branch, last one 12 hours ago
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Created
2017-09-11
1,661 commits to master branch, last one about a month ago
nodejsscan is a static security code scanner for Node.js applications.
Created
2015-02-27
515 commits to master branch, last one 2 days ago
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Created
2022-09-27
1,296 commits to main branch, last one 21 hours ago
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
Created
2021-12-13
71 commits to main branch, last one 11 months ago
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Created
2020-09-08
705 commits to main branch, last one about a year ago
IDEA静态代码安全审计及漏洞一键修复插件
Created
2020-10-09
64 commits to 2018.3 branch, last one 2 years ago
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
Created
2022-01-31
1,157 commits to main branch, last one 16 hours ago
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Created
2020-03-23
378 commits to master branch, last one about a year ago
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,...
Created
2023-01-10
100 commits to main branch, last one about a year ago
基于pytorch的ocr算法库,包括 psenet, pan, dbnet, sast , crnn
Created
2020-09-04
81 commits to version2 branch, last one 3 years ago
mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis r...
Created
2021-01-30
173 commits to main branch, last one 2 days ago
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to im...
Created
2019-11-12
163 commits to master branch, last one 3 years ago
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Created
2020-04-15
210 commits to master branch, last one 2 days ago
xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
Created
2022-12-26
188 commits to main branch, last one 18 hours ago
A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
Created
2022-03-23
73 commits to main branch, last one 10 months ago
《深入理解SAST静态应用安全测试》Static Application Security Testing.
Created
2022-01-17
57 commits to main branch, last one 6 months ago
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Created
2018-04-29
256 commits to master branch, last one 4 years ago
SecHub provides a central API to test software with different security tools.
Created
2019-07-22
4,671 commits to develop branch, last one 16 hours ago
“铲子”是一款简单易用的JAVA SAST工具,旨在为安全工程师提供一款简单、好用、价格厚道的代码安全扫描产品,支持语言: java(Servlet、spring、dubbo、thirft、mybatis、jsp) ,采用轻量级污点分析,铲子会将java、xml(mybatis、dubbo)等统一构建数据流图,然后进行污点分析,无需编译,也可以反编译扫描jar或class,内置了 sql 注入、命...
Created
2024-06-10
16 commits to main branch, last one 8 days ago
Corax for Java: A general static analysis framework for java code checking.
Created
2023-08-29
62 commits to main branch, last one about a month ago
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Created
2020-03-26
386 commits to master branch, last one 5 days ago
Django application that performs SAST and Malware Analysis for Android APKs
Created
2020-11-21
165 commits to main branch, last one 4 months ago
A source code static analysis platform for AppSec enthusiasts.
Created
2023-01-06
411 commits to main branch, last one about a month ago
Complete Roadmap for Penetration Testing
Created
2024-01-16
149 commits to main branch, last one about a month ago
Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
Created
2023-12-03
103 commits to main branch, last one 7 months ago
鹏 RocB - Java代码审计IDEA插件 SAST
Created
2021-08-28
27 commits to main branch, last one 3 years ago
The only open-source tool to analyze vulnerabilities and configuration issues with running docker container(s) and docker networks.
Created
2020-06-18
102 commits to master branch, last one 3 years ago
Generic SAST Library
Created
2020-04-09
242 commits to master branch, last one 2 days ago