Awesome Open Source

Programming Languages

Search results for security static analysis

static-analysis x

122 search results found

Gosec ⭐ 7,099

Golang security checker

Brakeman ⭐ 6,741

A static analysis security vulnerability scanner for Ruby on Rails applications

Grype ⭐ 6,552

A vulnerability scanner for container images and filesystems

Pyre Check ⭐ 6,481

Performant type-checking for python.

Tfsec ⭐ 6,258

Security scanner for your Terraform code

Mobileapp Pentest Cheatsheet ⭐ 4,158

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Applicationinspector ⭐ 4,085

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Nodejsscan ⭐ 2,233

nodejsscan is a static security code scanner for Node.js applications.

Find Sec Bugs ⭐ 2,102

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Gokart ⭐ 2,101

A static analysis tool for securing Go code

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

Binary Analysis Platform

Awesome Golang Security ⭐ 1,768

Awesome Golang Security resources 🕶🔐

Anchore Engine ⭐ 1,528

A service that analyzes docker images and scans for vulnerabilities

Sobelow ⭐ 1,504

Security-focused static analysis for the Phoenix Framework

Bearer ⭐ 1,369

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Panopticon ⭐ 1,356

A libre cross-platform disassembler.

Cfn_nag ⭐ 1,105

Linting tool for CloudFormation templates

Dagda ⭐ 1,051

a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

Horusec ⭐ 953

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

Awesome Python Security ⭐ 867

Awesome Python Security resources 🕶🐍🔐

An easy-to-learn/use static analysis framework for Java

Security Code Scan ⭐ 801

Vulnerability Patterns Detector for C# and VB.NET

Enlightn ⭐ 799

Your performance & security consultant, an artisan command away.

Security scanner coordinator

Semgrep Rules ⭐ 615

Semgrep rules registry

Kubernetes RBAC static analysis & visualisation tool

Apkhunt ⭐ 580

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

Habomalhunter ⭐ 567

HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

Packj stops ⚡️ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

Huskyci ⭐ 530

Performing security tests inside your CI

Vehicle Security Toolkit ⭐ 472

汽车/安卓/固件/代码安全测试工具集

Go fearless SQL. Sqlvet performs static analysis on raw SQL queries in your Go code base.

Fuzzable ⭐ 459

Framework for Automating Fuzzable Target Discovery with Static Analysis. Featured at Black Hat Arsenal USA 2022.

Awesome Dotnet Security ⭐ 430

Awesome .NET Security Resources

Awesome Llvm Security ⭐ 423

awesome llvm security [Welcome to PR]

Droidefense: Advance Android Malware Analysis Framework

Cfripper ⭐ 376

Library and CLI tool for analysing CloudFormation templates and check them for security compliance.

WEB SERVICE SECURITY ASSESSMENT TOOL

Lightweight static analyzer for several programming languages

Njsscan ⭐ 318

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Pycharm Security ⭐ 316

Finds security holes in your Python projects from PyCharm and GitHub

Awesome Java Security ⭐ 291

Awesome Java Security Resources 🕶☕🔐

Libscout ⭐ 267

LibScout: Third-party library detector for Java/Android apps

Sbt Dependency Check ⭐ 252

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Gitleaks Action ⭐ 223

Protect your secrets using Gitleaks-Action

A scanner for end-of-life (EOL) software in container images, filesystems, and SBOMs

Securify2 ⭐ 208

Sys: A Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code

Checkov Action ⭐ 172

This GitHub Action runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.

Securify ⭐ 168

[DEPRECATED] Security Scanner for Ethereum Smart Contracts

Route Detect ⭐ 142

Find authentication (authn) and authorization (authz) security bugs in web application routes.

Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.

Swift Static Analysis Framework

Squealer ⭐ 133

Telling tales on you for leaking secrets!

Argus Saf ⭐ 130

Argus static analysis framework

Sonarqube Action ⭐ 127

Integrate SonarQube scanner to GitHub Actions

Cks Exercises Certified Kubernetes Security Specialist ⭐ 121

A set of curated exercises to help you prepare for the CKS exam

MATE is a suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++ code using Code Property Graphs.

Terraform Security Scan ⭐ 107

Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec

Libsast ⭐ 106

Generic SAST Library

🐞 Primitive Erlang Security Tool

Malwareanalysis In Pdf ⭐ 83

Malicious PDF files recently considered one of the most dangerous threats to the system security. The flexible code-bearing vector of the PDF format enables to attacker to carry out malicious code on the computer system for user exploitation.

Bridgecrew Action ⭐ 71

This GitHub Action runs Bridgecrew against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.

Panoptisch ⭐ 68

A recursive dependency scanner for Python projects

Intercept ⭐ 64

INTERCEPT / Policy as Code Static Analysis Auditing / SAST for Code & APIs

Codeclimate Rubocop ⭐ 59

Code Climate Engine for Rubocop

sbomnix is a utility that generates SBOMs from nix packages

Static and dynamic Android application security analysis

Go Sarif ⭐ 54

Go library for sarif - Static Analysis Results Interchange Format

Custom Bytecode Analyzer ⭐ 51

Java bytecode analyzer customizable via JSON rules

Static_file_analysis ⭐ 41

Analysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules

Security ⭐ 38

A set of classes to handle common security-related tasks

Deobshell ⭐ 37

Powershell script deobfuscation using AST in Python

Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages

SCRUB is a platform for orchestration and aggregation of static code analysis tools.

Because Clair needs a friend

Eslint Security Scanner Configs ⭐ 32

eslintrc.js config files for running static analysis on JavaScript to identify security issues.

Auraborealisapp ⭐ 20

Do You Know What's In Your Python Packages? A Tool for Visualizing Python Package Registry Security Audit Data

StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications

A lightweight static security analysis tool for modern Perl Apps

Contrastscan Action ⭐ 19

Contrast Scan GitHub action

Codemodder Java ⭐ 18

a framework for building java codemods

All in one Ruby static code analyzer

Gha Setup Scancentral Client ⭐ 17

GitHub Action to set up Fortify ScanCentral Client

Kube Linter Action ⭐ 16

GitHub action for automating KubeLinter.

The Swiss Army Knife for Binary (In)security

Devskim Sublime Plugin ⭐ 15

DEPRECATED -- DevSkim plugin for Sublime Text 3.

Gha Setup Fod Uploader ⭐ 12

GitHub Action to set up the Fortify on Demand (FoD) upload utility

Codeclimate Bundler Audit ⭐ 12

Code Climate Engine for bundler-audit

Scan Action ⭐ 11

Github Action for security scanning utilizing Salus by Coinbase

Actions Log4j ⭐ 11

A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.

Easy_sast ⭐ 10

A docker container that integrates static analysis tools into your project

Simplesecurity ⭐ 10

Combine multiple popular python security tools and generate reports or output into different formats

Bridgecrew Orb ⭐ 10

This CircleCI Orb Action runs Bridgecrew analysis of Infrastructure-as-Code repository. Bridgecrerw performs static security analysis of Terraform, CloudFormation and Kubernetes Infrastructure code security

Gokart Action ⭐ 9

Integrate GoKart security static analysis to GitHub Actions

Secure Devex22 ⭐ 7

Demo repository for my talk at the Heise Developer Experience 2022 conference.

Horusec Examples Vulnerabilities ⭐ 7

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

A place to submit issues/bugs and feature requests for Scantist's tools and services.

4depcheck ⭐ 6

a tool to analyze and detect vulnerable dependencies/libraries from different programming languages

Related Searches

Security Vulnerability (12,346)

Laravel Security (11,580)

Php Security (10,611)

Python Security (3,208)

Javascript Security (2,977)

Java Security (2,469)

Html Security (2,245)

Golang Security (1,385)

Security Authentication (906)

Security Pentest (848)

1-100 of 122 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2023 Awesome Open Source. All rights reserved.