There are 16 repositories under sast topic.
⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
nodejsscan is a static security code scanner for Node.js applications.
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
基于pytorch的ocr算法库,包括 psenet, pan, dbnet, sast , crnn
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
SecHub provides a central API to test software with different security tools.
Corax for Java: A general static analysis framework for java code checking.
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Django application that performs SAST and Malware Analysis for Android APKs
A source code static analysis platform for AppSec enthusiasts.
Generic SAST Library
A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.
Ready to use docker image for CodeQL
Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.
Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning
This project is deprecated. Use https://github.com/returntocorp/semgrep instead
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
Udemy Course on DevSecOps
An OpenAPI 3 checker based on spectral.