Topic: sast Goto Github
Some thing interesting about sast
Some thing interesting about sast
sast,PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.
Organization: 0dayinc
Home Page: https://github.com/0dayinc/pwn
sast,Generic SAST Library
User: ajinabraham
Home Page: https://opensecurity.in
sast,njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
User: ajinabraham
Home Page: https://opensecurity.in
sast,nodejsscan is a static security code scanner for Node.js applications.
User: ajinabraham
Home Page: https://opensecurity.in
sast,⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
Organization: analysis-tools-dev
Home Page: https://analysis-tools.dev
sast,Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
Organization: appthreat
Home Page: https://appthreat.io
sast,《深入理解CodeQL》Finding vulnerabilities with CodeQL.
Organization: astteam
sast,基于pytorch的ocr算法库,包括 psenet, pan, dbnet, sast , crnn
User: badbadbadboy
sast,Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Organization: bearer
Home Page: https://docs.bearer.com
sast,A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
Organization: bytecodedl
sast,A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.
Organization: clj-holmes
sast,CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
Organization: clouddefenseai
Home Page: https://clouddefense.ai
sast,APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
User: cyber-buddy
sast,Corax for Java: A general static analysis framework for java code checking.
Organization: feysh-group
sast,GPT AiCSA(Code security audit),SAST(Static Application Security Testing,静态应用程序安全测试),JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes
Organization: ghosttroops
Home Page: https://AiCSA.51pwn.com
sast,A lightweight static security analysis tool for modern Perl Apps
User: htrgouvea
Home Page: https://heitorgouvea.me/2023/03/19/static-security-analysis-tool-perl
sast,Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Organization: insidersec
Home Page: https://insidersec.io
sast,An OpenAPI 3 checker based on spectral.
Organization: italia
Home Page: https://italia.github.io/api-oas-checker/
sast,Ready to use docker image for CodeQL
User: j3ssie
sast,This is an extension for Azure DevOps that is a wrapper arround gitleaks created by Zachary Rice for easy execution inside your pipeline. Gitleaks is a SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for finding secrets, past or present, in your code.
User: joostvoskuil
sast,Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
Organization: latiotech
Home Page: http://latio.tech/
sast,Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
User: marcinguy
Home Page: https://betterscan.io
sast,Port of "DR.CHECKER : A Soundy Vulnerability Detection Tool for Linux Kernel Drivers" to Clang/LLVM 10 and Linux Kernel
User: marcinguy
sast,SecHub provides a central API to test software with different security tools.
Organization: mercedes-benz
Home Page: https://mercedes-benz.github.io/sechub/
sast,Sharing software supply chain security open source projects
User: meta-fun
sast,IDEA静态代码安全审计及漏洞一键修复插件
Organization: momosecurity
sast,Django application that performs SAST and Malware Analysis for Android APKs
User: mpast
Home Page: https://owasp.org/www-project-mobile-audit/
sast,An implementation of infrastructure-as-code scanning using dynamic tooling.
User: ncc-erik-steringer
sast,JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Organization: nodesecure
sast,⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!
Organization: nodesecure
sast,A source code static analysis platform for AppSec enthusiasts.
Organization: orange-cyberdefense
sast,Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
Organization: oxsecurity
Home Page: https://codetotal.io
sast,Agentic AI Workflows for DevOps
Organization: patched-codes
Home Page: https://patched.codes
sast,Parse GitLab SAST reports into more human readable projects
User: pcfens
sast,🐚 GitHub Action for running ShellCheck differentially
Organization: redhat-plumbers-in-action
sast,The only open-source tool to analyze vulnerabilities and configuration issues with running docker container(s) and docker networks.
User: rosehgal
sast,Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Organization: semgrep
Home Page: https://semgrep.dev
sast,This project is deprecated. Use https://github.com/returntocorp/semgrep instead
Organization: semgrep
Home Page: https://semgrep.dev/docs/semgrep-ci/
sast,Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Organization: shiftleftsecurity
Home Page: https://discord.gg/DCNxzaeUpd
sast,Udemy Course on DevSecOps
User: sidd-harth
sast,Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Organization: tenable
Home Page: https://runterrascan.io
sast,AI-driven Static Analyzer. Supports Rust and Smart contracts: Solana based on Rust, Ethereum based on Solidity.
Organization: vulnplanet
Home Page: https://vulnplanet.com/
sast,A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Organization: we45
Home Page: https://threatplaybook.io
sast,INTERCEPT / Policy as Code Auditing / SAST for Code & APIs
User: xfhg
Home Page: https://intercept.cc
sast,Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.
Organization: zigrin-security
Home Page: https://zigrin.com/tools/cake-fuzzer/
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.