sast

There are 16 repositories under sast topic.

• static-analysis

  analysis-tools-dev / static-analysis

  ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

  analysisawesome-listcode-qualitylintersaststatic-analysisstatic-analyzersstatic-code-analysis
  Language:Rust 12812
• semgrep

  semgrep / semgrep

  Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

  static-analysisstatic-code-analysisjavagosastsemgrepr2ccpythonrubyjavascripttypescript
  Language:OCaml 9690
• terrascan

  tenable / terrascan

  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

  security-toolsinfrastructure-as-codedevsecopsdevopssecurityterraformawscloudsecuritycloud-securityterrascaninfrastructuresecurity-violationsarchitecturekubernetesiacsastazure-securityaws-securitygcp-securityscans
  Language:Go 4492

• ajinabraham / nodejsscan

  nodejsscan is a static security code scanner for Node.js applications.

  javascriptnodejsstatic-analysissecuritysecurity-scannersastdevsecopscode-analysiscode-reviewnodenode-securitynodejsscanlint
  Language:CSS 2316
• bearer

  Bearer / bearer

  Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

  appseccompliancedevsecopsdevsecops-toolssecuritysecurity-toolsdataflowgdprprivacysaststatic-code-analysisvulnerabilitysecurity-auditsecurity-scannervulnerabilitiescode-qualitystatic-analysissecurity-automationowasp
  Language:Go 1726

• ASTTeam / CodeQL

  《深入理解CodeQL》Finding vulnerabilities with CodeQL.

  0e0wcodeqlhackjavahackaspxhackgolangjavasecqllearning-codeqlcodeql-queriessemmle-qldevsecopssast
  1324
• horusec

  ZupIT / horusec

  Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

  sastjavakotlingolangpythonrubyterraformnetcoresecuritysecurity-developmentcicdclihacktoberfestvulnerabilitiesanalysissecurity-flawssast-analysisscannerstatic-analysis
  Language:Go 1068

• momosecurity / momo-code-sec-inspector-java

  IDEA静态代码安全审计及漏洞一键修复插件

  sastjavaidea
  Language:Java 917

• ShiftLeftSecurity / sast-scan

  Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

  sastdevsecopsappseclicense-scandependency-scanworkflowscanners
  Language:Python 771
• APKHunt

  Cyber-Buddy / APKHunt

  APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

  android-securityinformation-securityinfosecowasppenetration-testingpentestpentestingpentesting-toolssastsecure-codingsecurity-toolsstatic-analysisstatic-analyzercode-reviewmasvsmobile-sec-androidmstgowasp-mobile-topsecurityapkhunt
  Language:Go 683

• marcinguy / betterscan-ce

  Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

  sastcode-qualitycode-quality-analyzerstatic-analysisstatic-code-analysisstatic-analyzersdevsecopssonarqubecompliancedevopsdevops-toolsgdprowaspsecurity-auditsecurity-automationsecurity-scannersecurity-toolsvulnerabilityvulnerability-scannersecurity-orchestration
  Language:Python 678

• BADBADBADBOY / pytorchOCR

  基于pytorch的ocr算法库，包括 psenet, pan, dbnet, sast , crnn

  ocrtextdetectiondbnetpsenetcrnntextrecognitionsastpannet
  Language:C++ 648

• insidersec / insider

  Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

  androidandroid-securityclicsharpdotnetinsideriosios-securityjavascriptkotlinmavennodejsowaspsastsecurity-automationsecurity-scannersecurity-toolsstatic-analysisstatic-analyzerswift
  Language:Go 483

• ajinabraham / njsscan

  njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

  nodejsexpressjssaststaticanalysisdevsecopscodescannerlintersecuritysecurity-toolssemanticpythonappsecstatic-analysiscodereviewstatic-analyzernodesecuritynjsscannodejsscanjslintlint
  Language:JavaScript 343

• BytecodeDL / ByteCodeDL

  A declarative static analysis tool for jvm bytecode based Datalog like CodeQL

  static-analysissecurity-toolssastpoints-to-analysistaint-analysis
  Language:Shell 306

• we45 / ThreatPlaybook

  A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

  devsecopsthreat-modelapplication-securitysastdastpython
  Language:Python 268

• ASTTeam / SAST

  《深入理解SAST静态应用安全测试》Static Application Security Testing.

  0e0wsast
  266

• mercedes-benz / sechub

  SecHub provides a central API to test software with different security tools.

  securityorchestrationapiclientserversecdevopssecurity-toolsvulnerability-scannerssecurity-scannerdastsastappseccontinuous-integrationrestbuildk8ssechubsdlcsecurity-automationsecurity-testing
  Language:Java 240

• Feysh-Group / corax-community

  Corax for Java: A general static analysis framework for java code checking.

  abstract-interpretationcode-analysiscweflowdroidjavaowaspprogram-analysissarifsastsecuritysecurity-auditsoftware-analysissootstatic-analysisstatic-code-analysistaint-analysisvulnerability
  Language:Kotlin 198

• NodeSecure / js-x-ray

  JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

  securitysecurity-toolssecurity-auditast-analysisastjavascriptnodejssastsupply-chain-security
  Language:JavaScript 196

• mpast / mobileAudit

  Django application that performs SAST and Malware Analysis for Android APKs

  android-securitysastmalware-analysiscode-securitydefect-dojovirustotalapk-analysisdockerdjangodjango-rest-frameworkmobile-auditandroguardmobile-securitymalwareapk
  Language:HTML 190

• Orange-Cyberdefense / grepmarx

  A source code static analysis platform for AppSec enthusiasts.

  appsecsastscasecurity
  Language:Python 182

• AppThreat / sast-scan

  Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!

  dockerstatic-analysissarifazure-devopssast
  Language:Python 143

• fengupupup / RocB

  鹏 RocB - Java代码审计IDEA插件 SAST

  sastjavaideadevsecops
  140

• latiotech / LAST

  Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini

  aiopen-sourcepythonsecurity-toolssastvulnerability-scanners
  Language:Python 130
• DockerENT

  rosehgal / DockerENT

  The only open-source tool to analyze vulnerabilities and configuration issues with running docker container(s) and docker networks.

  dockerdocker-sastsastruntime-security-testinghacktoberfesthacktoberfest2020
  Language:Python 124

• ajinabraham / libsast

  Generic SAST Library

  appsecsastsemanticgrepsemgreppatternmatchregexcodeanalysisstaticanalysissecuritystatic-analyzergenericsastlibsast
  Language:Python 117

• clj-holmes / clj-holmes

  A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.

  clojuresecuritysast
  Language:Clojure 102

• j3ssie / codeql-docker

  Ready to use docker image for CodeQL

  codeqlcodeql-dockersastcodql-clidockerstatic-analysiscodeql-cli
  Language:Python 87

• Zigrin-Security / CakeFuzzer

  Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.

  cybersecurityhackingiastdastsast
  Language:Python 86

• cycodehq / cycode-cli

  Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning

  codesastscasecretssecuresecuritycycode
  Language:Python 83
• intercept

  xfhg / intercept

  INTERCEPT / Policy as Code Auditing / SAST for Code & APIs

  scannerpolicy-as-codepolicy-evaluationpolicy-monitoringpolicy-enginestatic-analysisenforcementauditauditingsecuritypolicysastdevsecopscompliancesecurity-auditsecurity-automationsecurity-tools
  Language:Go 80

• semgrep / semgrep-action

  This project is deprecated. Use https://github.com/returntocorp/semgrep instead

  semgrepgithub-actionsstatic-analysissastcici-cd
  Language:Python 72
• codetotal

  oxsecurity / codetotal

  Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.

  code-quality-analyzeriacmegalintersastsecrets-detectionsecuritysupply-chainsbomsbom-generatorvulnerability-scannerssupply-chain-security
  Language:TypeScript 67

• sidd-harth / kubernetes-devops-security

  Udemy Course on DevSecOps

  dastdevopsdevsecopsdockeristiojenkinskuberneteskubesealnodejssastsonarqubespringboottrivy
  Language:Java 63

• italia / api-oas-checker

  An OpenAPI 3 checker based on spectral.

  apiqualitysecurityopenapi3openapi3-validationrestsastlinterhacktoberfestd3f-staticanalysistool
  Language:JavaScript 57