sast

There are 219 repositories under sast topic.

  • static-analysis

    analysis-tools-dev/static-analysis

    ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

    Language:Rust13.2k3225751.3k
  • semgrep

    semgrep/semgrep

    Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

    Language:OCaml10.4k1033k602
  • terrascan

    tenable/terrascan

    Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

    Language:Go4.7k68430496

  • ajinabraham/nodejsscan

    nodejsscan is a static security code scanner for Node.js applications.

    Language:CSS2.4k5887325
  • bearer

    Bearer/bearer

    Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

    Language:Go2k2032794

  • ASTTeam/CodeQL

    《深入理解CodeQL》Finding vulnerabilities with CodeQL.

    1.5k183160
  • horusec

    ZupIT/horusec

    Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

    Language:Go1.1k50274182

  • momosecurity/momo-code-sec-inspector-java

    IDEA静态代码安全审计及漏洞一键修复插件

    Language:Java1k2613146

  • ShiftLeftSecurity/sast-scan

    Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

    Language:Python79331125110
  • betterscan

    tcosolutions/betterscan

    Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan

    Language:Python787164189
  • APKHunt

    Cyber-Buddy/APKHunt

    APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

    Language:Go73313772

  • BADBADBADBOY/pytorchOCR

    基于pytorch的ocr算法库,包括 psenet, pan, dbnet, sast , crnn

    Language:C++6691680132

  • insidersec/insider

    Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

    Language:Go507173879

  • ajinabraham/njsscan

    njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

    Language:JavaScript371137975

  • BytecodeDL/ByteCodeDL

    A declarative static analysis tool for jvm bytecode based Datalog like CodeQL

    Language:Shell3257218

  • alipay/ant-application-security-testing-benchmark

    xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

    Language:Java32281839

  • ASTTeam/SAST

    《深入理解SAST静态应用安全测试》Static Application Security Testing.

    3076127

  • we45/ThreatPlaybook

    A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

    Language:Python271262653

  • mercedes-benz/sechub

    SecHub provides a central API to test software with different security tools.

    Language:Java259122k63

  • Feysh-Group/corax-community

    Corax for Java: A general static analysis framework for java code checking.

    Language:Kotlin2254619

  • NodeSecure/js-x-ray

    JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

    Language:JavaScript22455526

  • mpast/mobileAudit

    Django application that performs SAST and Malware Analysis for Android APKs

    Language:HTML20192643

  • Orange-Cyberdefense/grepmarx

    A source code static analysis platform for AppSec enthusiasts.

    Language:Python2005823

  • fengupupup/RocB

    鹏 RocB - Java代码审计IDEA插件 SAST

    1462217

  • AppThreat/sast-scan

    Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!

    Language:Python145122521

  • latiotech/LAST

    Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini

    Language:Python1431014
  • DockerENT

    rosehgal/DockerENT

    The only open-source tool to analyze vulnerabilities and configuration issues with running docker container(s) and docker networks.

    Language:Python12642617

  • ajinabraham/libsast

    Generic SAST Library

    Language:Python12372019

  • securitycipher/penetration-testing-roadmap

    Complete Roadmap for Penetration Testing

    11726

  • clj-holmes/clj-holmes

    A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.

    Language:Clojure10721611

  • Zigrin-Security/CakeFuzzer

    Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.

    Language:Python93418

  • j3ssie/codeql-docker

    Ready to use docker image for CodeQL

    Language:Python885111

  • cycodehq/cycode-cli

    Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning

    Language:Python8517043
  • intercept

    xfhg/intercept

    INTERCEPT / Policy as Code Auditing & Compliance

    Language:Go828199

  • sidd-harth/kubernetes-devops-security

    Udemy Course on DevSecOps

    Language:Java78631.5k

  • semgrep/semgrep-action

    This project is deprecated. Use https://github.com/returntocorp/semgrep instead

    Language:Python732715533