Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for sast
sast
x
69 search results found
Static Analysis
⭐
12,955
⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
Semgrep
⭐
10,009
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Terrascan
⭐
4,571
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Nodejsscan
⭐
2,275
nodejsscan is a static security code scanner for Node.js applications.
Bearer
⭐
1,554
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Codeql
⭐
1,152
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
Horusec
⭐
1,000
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Sast Scan
⭐
697
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Momo Code Sec Inspector Java
⭐
695
IDEA静态代码安全审计及漏洞一键修复插件
Betterscan Ce
⭐
673
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
Apkhunt
⭐
580
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
Njsscan
⭐
318
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Bytecodedl
⭐
289
A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
Threatplaybook
⭐
266
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Pytorchocr
⭐
262
基于pytorch的ocr算法库,包括 psenet, pan, dbnet, sast , crnn
Insider
⭐
255
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Sechub
⭐
228
SecHub provides a central API to test software with different security tools.
Js X Ray
⭐
196
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Mobileaudit
⭐
189
Django application that performs SAST and Malware Analysis for Android APKs
Heap_detective
⭐
179
The simple way to detect heap memory pitfalls in C++ and C. Beta.
Sast
⭐
168
《深入理解SAST静态应用安全测试》Static Application Security Testing.
Dockerent
⭐
124
The only open-source tool to analyze vulnerabilities and configuration issues with running docker container(s) and docker networks.
Libsast
⭐
106
Generic SAST Library
Clj Holmes
⭐
85
A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.
Cakefuzzer
⭐
85
Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.
Codeql Docker
⭐
82
Ready to use docker image for CodeQL
Sast Scan
⭐
81
Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
Last
⭐
77
Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys.
Intercept
⭐
74
INTERCEPT / Policy as Code Auditing / SAST for Code & APIs
Grepmarx
⭐
66
A source code static analysis platform for AppSec enthusiasts.
Api Oas Checker
⭐
56
An OpenAPI 3 checker based on spectral.
Aicsa
⭐
45
GPT AiCSA(Code security audit),SAST(Static Application Security Testing,静态应用程序安全测试),JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes
Cd
⭐
42
CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
Tools
⭐
36
Curated list of security tools
Differential Shellcheck
⭐
36
🐚 GitHub Action for running ShellCheck differentially
Zarn
⭐
28
A lightweight static security analysis tool for modern Perl Apps
Pwn
⭐
28
PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.
Codetotal
⭐
27
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
Scanner
⭐
24
⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!
Sast Parser
⭐
22
Parse GitLab SAST reports into more human readable projects
Azure Devops Gitleaks
⭐
21
This is an extension for Azure DevOps that is a wrapper arround gitleaks created by Zachary Rice for easy execution inside your pipeline. Gitleaks is a SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for finding secrets, past or present, in your code.
Njsscan Action
⭐
20
nodejsscan Github Action
Awesome Software Supply Chain Security
⭐
20
Sharing software supply chain security open source projects
Pypi Auto Scanner
⭐
20
Automatically scan new pypi packages for potentially malicious code
Contrastscan Action
⭐
19
Contrast Scan GitHub action
Github Action Gitleaks
⭐
18
This GitHub Action allows you to run Gitleaks in your GitHub workflow.
Dr_checker_4_linux
⭐
18
Port of "DR.CHECKER : A Soundy Vulnerability Detection Tool for Linux Kernel Drivers" to Clang/LLVM 10 and Linux Kernel
Cxanalytix
⭐
18
Exports vulnerability scan data from the Checkmarx SAST platform for use in analytical tools.
Horusec Engine
⭐
17
Horusec analysis engine
Appscan Codesweep Action
⭐
17
Integrate static security testing with HCL AppScan CodeSweep with Github.
Codeql Agent Extension
⭐
17
⛏️ An extension for Visual Studio Code that simplifies CodeQL usage and executes code scanning automatically.
Checkmarx Github Action
⭐
16
Checkmarx Scan Github Action
Astam Correlator
⭐
16
Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans
Veracode Python
⭐
13
Openscanhub
⭐
13
OpenScanHub is a service for static and dynamic analysis.
Scan Action
⭐
11
Github Action for security scanning utilizing Salus by Coinbase
Contrast
⭐
11
CodeSec by Contrast - The fastest and most accurate SAST scanner. Scan code and serverless environments
Horusec Action
⭐
11
It's a Horusec Action proof of concept
Devsecops
⭐
8
♾️ Collection of DevSecOps Notes + Resources + Tools
Insider Action
⭐
8
:octocat: Official Github Action for Insider
Horusec Examples Vulnerabilities
⭐
7
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Devsecops Vault
⭐
7
Collection of roadmaps, tools, best practice, resources about DevSecOps
Ilsatools
⭐
7
Simple static analysis(SA) tool to analyze .Net assemblies at the IL-code level.
Codict
⭐
7
A framework to learn and assess source code
Fucking Static Analysis
⭐
7
⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more. With repository stars⭐ and forks🍴
Iameter_php
⭐
6
Aws Codeguru Reviewer Cicd Cdk Sample
⭐
6
CDK stack to enable CodeGuru Reviewer for selected GitHub repositories
Spotter Action
⭐
5
GitHub Action for Steampunk Spotter
Iam Sarif Report
⭐
5
Validate your IAM Policies and SCPs with AWS Policy Validator, and convert those results into SARIF documents for reporting.
1-69 of 69 search results
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.