sast

There are 241 repositories under sast topic.

  • static-analysis

    analysis-tools-dev/static-analysis

    ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

    Language:Rust13.5k3205771.4k
  • semgrep

    semgrep/semgrep

    Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

    Language:OCaml10.8k1043k638
  • terrascan

    tenable/terrascan

    Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

    Language:Go4.8k69435507
  • ajinabraham/nodejsscan

    nodejsscan is a static security code scanner for Node.js applications.

    Language:CSS2.4k5887329
  • bearer

    Bearer/bearer

    Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

    Language:Go2.1k21333113
  • ASTTeam/CodeQL

    《深入理解CodeQL》Finding vulnerabilities with CodeQL.

  • horusec

    ZupIT/horusec

    Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

    Language:Go1.2k50274190
  • momosecurity/momo-code-sec-inspector-java

    IDEA静态代码安全审计及漏洞一键修复插件

    Language:Java1k2514150
  • betterscan

    tcosolutions/betterscan

    Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan

    Language:Python832154896
  • ShiftLeftSecurity/sast-scan

    Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

    Language:Python81532125113
  • APKHunt

    Cyber-Buddy/APKHunt

    APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

    Language:Go76113774
  • BADBADBADBOY/pytorchOCR

    基于pytorch的ocr算法库,包括 psenet, pan, dbnet, sast , crnn

    Language:C++6781680133
  • MobSF/mobsfscan

    mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

    Language:Python620857101
  • insidersec/insider

    Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

    Language:Go518183881
  • ajinabraham/njsscan

    njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

    Language:JavaScript379138077
  • alipay/ant-application-security-testing-benchmark

    xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

    Language:Java35782046
  • BytecodeDL/ByteCodeDL

    A declarative static analysis tool for jvm bytecode based Datalog like CodeQL

    Language:Shell3297219
  • ASTTeam/SAST

    《深入理解SAST静态应用安全测试》Static Application Security Testing.

  • Chanzi-keji/chanzi

    "chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompilation, custom rule creation, and is compatible with the technology stacks of Servlet & filter, Spring, Dubbo, Thrift, JAX-RS, JFinal, Netty, MyBatis, and JSP.

  • mercedes-benz/sechub

    SecHub provides a central API to test software with different security tools.

    Language:Java292132.2k67
  • we45/ThreatPlaybook

    A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

    Language:Python274262655
  • Feysh-Group/corax-community

    Corax for Java: A general static analysis framework for java code checking.

    Language:Kotlin2344620
  • NodeSecure/js-x-ray

    JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

    Language:JavaScript22955526
  • Orange-Cyberdefense/grepmarx

    A source code static analysis platform for AppSec enthusiasts.

    Language:Python2245825
  • mpast/mobileAudit

    Django application that performs SAST and Malware Analysis for Android APKs

    Language:HTML20692643
  • chebuya/sastsweep

    Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets

    Language:Go1974119
  • securitycipher/penetration-testing-roadmap

    Complete Roadmap for Penetration Testing

  • latiotech/LAST

    Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini

    Language:Python1521015
  • fengupupup/RocB

    鹏 RocB - Java代码审计IDEA插件 SAST

  • AppThreat/sast-scan

    Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!

    Language:Python147122521
  • DockerENT

    rosehgal/DockerENT

    The only open-source tool to analyze vulnerabilities and configuration issues with running docker container(s) and docker networks.

    Language:Python12742617
  • ajinabraham/libsast

    Generic SAST Library

    Language:Python12672120
  • Night-Master/sdlc_golang

    sdlc 是一个基于 Go 语言构建的安全漏洞示范平台,旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识,除了可以用于devsecops以外,还可以用于安全行业从事者学习漏洞知识或者渗透知识,代码审计,提供了一个实践和学习的环境。本项目采用了前后端分离的设计模式,其中后端利用了轻量级框架 Gin,而前端则使用了 Vue 3。

    Language:Go1157317
  • clj-holmes/clj-holmes

    A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.

    Language:Clojure10921612
  • Zigrin-Security/CakeFuzzer

    Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.

    Language:Python98416
  • j3ssie/codeql-docker

    Ready to use docker image for CodeQL

    Language:Python875111