sast
There are 219 repositories under sast topic.
analysis-tools-dev/static-analysis
⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
semgrep/semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
tenable/terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
ajinabraham/nodejsscan
nodejsscan is a static security code scanner for Node.js applications.
Bearer/bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
ASTTeam/CodeQL
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
ZupIT/horusec
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
momosecurity/momo-code-sec-inspector-java
IDEA静态代码安全审计及漏洞一键修复插件
ShiftLeftSecurity/sast-scan
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
tcosolutions/betterscan
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
Cyber-Buddy/APKHunt
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
BADBADBADBOY/pytorchOCR
基于pytorch的ocr算法库,包括 psenet, pan, dbnet, sast , crnn
insidersec/insider
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
ajinabraham/njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
BytecodeDL/ByteCodeDL
A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
alipay/ant-application-security-testing-benchmark
xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
ASTTeam/SAST
《深入理解SAST静态应用安全测试》Static Application Security Testing.
we45/ThreatPlaybook
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
mercedes-benz/sechub
SecHub provides a central API to test software with different security tools.
Feysh-Group/corax-community
Corax for Java: A general static analysis framework for java code checking.
NodeSecure/js-x-ray
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
mpast/mobileAudit
Django application that performs SAST and Malware Analysis for Android APKs
Orange-Cyberdefense/grepmarx
A source code static analysis platform for AppSec enthusiasts.
fengupupup/RocB
鹏 RocB - Java代码审计IDEA插件 SAST
AppThreat/sast-scan
Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
latiotech/LAST
Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
rosehgal/DockerENT
The only open-source tool to analyze vulnerabilities and configuration issues with running docker container(s) and docker networks.
ajinabraham/libsast
Generic SAST Library
securitycipher/penetration-testing-roadmap
Complete Roadmap for Penetration Testing
clj-holmes/clj-holmes
A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.
Zigrin-Security/CakeFuzzer
Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.
j3ssie/codeql-docker
Ready to use docker image for CodeQL
cycodehq/cycode-cli
Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning
xfhg/intercept
INTERCEPT / Policy as Code Auditing & Compliance
sidd-harth/kubernetes-devops-security
Udemy Course on DevSecOps
semgrep/semgrep-action
This project is deprecated. Use https://github.com/returntocorp/semgrep instead