sast
There are 222 repositories under sast topic.
codetotal
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
l3x
AI-driven Static Analyzer. Supports Rust and Smart contracts: Solana based on Rust, Ethereum based on Solidity.
sast-parser
Parse GitLab SAST reports into more human readable projects
api-oas-checker
An OpenAPI 3 checker based on spectral.
tools
Curated list of security tools
Aerides
An implementation of infrastructure-as-code scanning using dynamic tooling.
AiCSA
GPT AiCSA(Code security audit),SAST(Static Application Security Testing,静态应用程序安全测试),JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes
DevSecOps
♾️ Collection of DevSecOps Notes + Resources + Courses + Tools
differential-shellcheck
🐚 GitHub Action for running ShellCheck differentially
cd
CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
zarn
A lightweight static security analysis tool for modern Perl Apps
awesome-software-supply-chain-security
Sharing software supply chain security open source projects
pwn
PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.
code-pathfinder
Code Pathfinder, the open-source alternative to GitHub CodeQL. Built for advanced structural search, derive insights, find vulnerabilities in code.
scanner
⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!
checkmarx-github-action
Checkmarx Scan Github Action
pypi-auto-scanner
Automatically scan new pypi packages for potentially malicious code
azure-devops-gitleaks
This is an extension for Azure DevOps that is a wrapper arround gitleaks created by Zachary Rice for easy execution inside your pipeline. Gitleaks is a SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for finding secrets, past or present, in your code.
vulnerabilities
Examples of different vulnerabilities, in a variety of languages, shapes and sizes.
njsscan-action
nodejsscan Github Action
codeql-agent-extension
:pick: An extension for Visual Studio Code that simplifies CodeQL usage and executes code scanning automatically.
astam-correlator
Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans
horusec-engine
Horusec analysis engine
CxAnalytix
Exports vulnerability scan data from the Checkmarx SAST platform for use in analytical tools.
DevSecOps-Vault
Collection of roadmaps, tools, best practice, resources about DevSecOps
contrast
CodeSec by Contrast - The fastest and most accurate SAST scanner. Scan code and serverless environments
contrastscan-action
Contrast Scan GitHub action
github-action-gitleaks
This GitHub Action allows you to run Gitleaks in your GitHub workflow.
appscan-codesweep-action
Integrate static security testing with HCL AppScan CodeSweep with Github.
PHP-Parsers
Parsing PHP source code using Python and generating ASTs
openscanhub
OpenScanHub is a service for static and dynamic analysis.
precli
Precaution CLI - command line static application security testing tool
fucking-static-analysis
⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more. With repository stars⭐ and forks🍴
Damn-vulnerable-sca
Damn Vulnerable SCA Application
joern-lib
Python library for code analysis with CPG and Joern
horusec-action
It's a Horusec Action proof of concept