Awesome Open Source

Programming Languages

Search results for sast

69 search results found

Static Analysis ⭐ 12,955

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

Semgrep ⭐ 10,009

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Terrascan ⭐ 4,571

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Nodejsscan ⭐ 2,275

nodejsscan is a static security code scanner for Node.js applications.

Bearer ⭐ 1,554

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Codeql ⭐ 1,152

《深入理解CodeQL》Finding vulnerabilities with CodeQL.

Horusec ⭐ 1,000

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

Sast Scan ⭐ 697

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

Momo Code Sec Inspector Java ⭐ 695

IDEA静态代码安全审计及漏洞一键修复插件

Betterscan Ce ⭐ 673

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

Apkhunt ⭐ 580

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

Njsscan ⭐ 318

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Bytecodedl ⭐ 289

A declarative static analysis tool for jvm bytecode based Datalog like CodeQL

Threatplaybook ⭐ 266

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

Pytorchocr ⭐ 262

基于pytorch的ocr算法库，包括 psenet, pan, dbnet, sast , crnn

Insider ⭐ 255

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

SecHub provides a central API to test software with different security tools.

Js X Ray ⭐ 196

JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

Mobileaudit ⭐ 189

Django application that performs SAST and Malware Analysis for Android APKs

Heap_detective ⭐ 179

The simple way to detect heap memory pitfalls in C++ and C. Beta.

《深入理解SAST静态应用安全测试》Static Application Security Testing.

Dockerent ⭐ 124

The only open-source tool to analyze vulnerabilities and configuration issues with running docker container(s) and docker networks.

Libsast ⭐ 106

Generic SAST Library

Clj Holmes ⭐ 85

A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.

Cakefuzzer ⭐ 85

Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.

Codeql Docker ⭐ 82

Ready to use docker image for CodeQL

Sast Scan ⭐ 81

Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!

Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys.

Intercept ⭐ 74

INTERCEPT / Policy as Code Auditing / SAST for Code & APIs

Grepmarx ⭐ 66

A source code static analysis platform for AppSec enthusiasts.

Api Oas Checker ⭐ 56

An OpenAPI 3 checker based on spectral.

GPT AiCSA(Code security audit)，SAST（Static Application Security Testing，静态应用程序安全测试），JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

Curated list of security tools

Differential Shellcheck ⭐ 36

🐚 GitHub Action for running ShellCheck differentially

A lightweight static security analysis tool for modern Perl Apps

PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.

Codetotal ⭐ 27

Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.

⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!

Sast Parser ⭐ 22

Parse GitLab SAST reports into more human readable projects

Azure Devops Gitleaks ⭐ 21

This is an extension for Azure DevOps that is a wrapper arround gitleaks created by Zachary Rice for easy execution inside your pipeline. Gitleaks is a SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for finding secrets, past or present, in your code.

Njsscan Action ⭐ 20

nodejsscan Github Action

Awesome Software Supply Chain Security ⭐ 20

Sharing software supply chain security open source projects

Pypi Auto Scanner ⭐ 20

Automatically scan new pypi packages for potentially malicious code

Contrastscan Action ⭐ 19

Contrast Scan GitHub action

Github Action Gitleaks ⭐ 18

This GitHub Action allows you to run Gitleaks in your GitHub workflow.

Dr_checker_4_linux ⭐ 18

Port of "DR.CHECKER : A Soundy Vulnerability Detection Tool for Linux Kernel Drivers" to Clang/LLVM 10 and Linux Kernel

Cxanalytix ⭐ 18

Exports vulnerability scan data from the Checkmarx SAST platform for use in analytical tools.

Horusec Engine ⭐ 17

Horusec analysis engine

Appscan Codesweep Action ⭐ 17

Integrate static security testing with HCL AppScan CodeSweep with Github.

Codeql Agent Extension ⭐ 17

⛏️ An extension for Visual Studio Code that simplifies CodeQL usage and executes code scanning automatically.

Checkmarx Github Action ⭐ 16

Checkmarx Scan Github Action

Astam Correlator ⭐ 16

Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans

Veracode Python ⭐ 13

Openscanhub ⭐ 13

OpenScanHub is a service for static and dynamic analysis.

Scan Action ⭐ 11

Github Action for security scanning utilizing Salus by Coinbase

Contrast ⭐ 11

CodeSec by Contrast - The fastest and most accurate SAST scanner. Scan code and serverless environments

Horusec Action ⭐ 11

It's a Horusec Action proof of concept

Devsecops ⭐ 8

♾️ Collection of DevSecOps Notes + Resources + Tools

Insider Action ⭐ 8

:octocat: Official Github Action for Insider

Horusec Examples Vulnerabilities ⭐ 7

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

Devsecops Vault ⭐ 7

Collection of roadmaps, tools, best practice, resources about DevSecOps

Ilsatools ⭐ 7

Simple static analysis(SA) tool to analyze .Net assemblies at the IL-code level.

A framework to learn and assess source code

Fucking Static Analysis ⭐ 7

⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more. With repository stars⭐ and forks🍴

Iameter_php ⭐ 6

Aws Codeguru Reviewer Cicd Cdk Sample ⭐ 6

CDK stack to enable CodeGuru Reviewer for selected GitHub repositories

Spotter Action ⭐ 5

GitHub Action for Steampunk Spotter

Iam Sarif Report ⭐ 5

Validate your IAM Policies and SCPs with AWS Policy Validator, and convert those results into SARIF documents for reporting.

1-69 of 69 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.