sast
There are 17 repositories under sast topic.
- static-analysis
analysis-tools-dev / static-analysis
⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
Language:Rust 12926 - semgrep
semgrep / semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Language:OCaml 9815 - terrascan
tenable / terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Language:Go 4529 ajinabraham / nodejsscan
nodejsscan is a static security code scanner for Node.js applications.
Language:CSS 2329- bearer
Bearer / bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Language:Go 1772 - horusec
ZupIT / horusec
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Language:Go 1079 - Language:Java 920
ShiftLeftSecurity / sast-scan
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Language:Python 776- APKHunt
Cyber-Buddy / APKHunt
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
Language:Go 698 marcinguy / betterscan-ce
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
Language:Python 697BADBADBADBOY / pytorchOCR
基于pytorch的ocr算法库,包括 psenet, pan, dbnet, sast , crnn
Language:C++ 652insidersec / insider
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Language:Go 489njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Language:JavaScript 351BytecodeDL / ByteCodeDL
A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
Language:Shell 307we45 / ThreatPlaybook
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Language:Python 268mercedes-benz / sechub
SecHub provides a central API to test software with different security tools.
Language:Java 248Feysh-Group / corax-community
Corax for Java: A general static analysis framework for java code checking.
Language:Kotlin 199NodeSecure / js-x-ray
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Language:JavaScript 198mpast / mobileAudit
Django application that performs SAST and Malware Analysis for Android APKs
Language:HTML 193Orange-Cyberdefense / grepmarx
A source code static analysis platform for AppSec enthusiasts.
Language:Python 185AppThreat / sast-scan
Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
Language:Python 143latiotech / LAST
Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
Language:Python 131- DockerENT
rosehgal / DockerENT
The only open-source tool to analyze vulnerabilities and configuration issues with running docker container(s) and docker networks.
Language:Python 124 Generic SAST Library
Language:Python 119clj-holmes / clj-holmes
A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.
Language:Clojure 102j3ssie / codeql-docker
Ready to use docker image for CodeQL
Language:Python 87Zigrin-Security / CakeFuzzer
Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.
Language:Python 87cycodehq / cycode-cli
Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning
Language:Python 84- interceptLanguage:Go 81
This project is deprecated. Use https://github.com/returntocorp/semgrep instead
Language:Python 72- codetotal
oxsecurity / codetotal
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
Language:TypeScript 68 sidd-harth / kubernetes-devops-security
Udemy Course on DevSecOps
Language:Java 64italia / api-oas-checker
An OpenAPI 3 checker based on spectral.
Language:JavaScript 57
