sast · GitHub Topics

#Awesome#⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

static-analysis static-analyzers linter Code quality Awesome Lists Static code analysis sast analysis Hacktoberfest

Rust 13.86 k

1 个月前

semgrep / semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

static-analysis Static code analysis Java Go sast semgrep r2c C Python Ruby JavaScript TypeScript

OCaml 11.84 k

3 天前

tenable / terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

安全 Infrastructure as code devsecops DevOps Terraform Amazon Web Services cloudsecurity cloud-security terrascan infrastructure architecture Kubernetes sast azure-security aws-security gcp-security scans

Go 4.96 k

1 个月前

ajinabraham / nodejsscan

nodejsscan is a static security code scanner for Node.js applications.

JavaScript Node.js static-analysis 安全 security-scanner sast devsecops code-analysis 代码审查 lint

CSS 2.47 k

1 个月前

Bearer / bearer

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

appsec compliance devsecops devsecops-tools 安全 dataflow gdpr 隐私 sast Static code analysis vulnerability security-scanner vulnerabilities Code quality static-analysis security-automation owasp

Go 2.31 k

1 个月前

ASTTeam / CodeQL

《深入理解CodeQL》Finding vulnerabilities with CodeQL.

0e0w codeql hackjava hackaspx hackgolang javasec ql learning-codeql codeql-queries semmle-ql devsecops sast

1.63 k

2 年前

ZupIT / horusec

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

sast Java Kotlin Go Python Ruby Terraform netcore 安全 security-development 持续集成 CD (Disambiguation)命令行界面 Hacktoberfest vulnerabilities analysis scanner static-analysis

Go 1.23 k

7 天前

momosecurity / momo-code-sec-inspector-java

IDEA静态代码安全审计及漏洞一键修复插件

sast Java idea

Java 1.03 k

3 年前

tcosolutions / betterscan

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan

sast Code quality code-quality-analyzer static-analysis Static code analysis static-analyzers devsecops sonarqube compliance DevOps devops-tools gdpr owasp 安全 security-automation security-scanner vulnerability vulnerability-scanner security-orchestration

Python 864

6 天前

ShiftLeftSecurity / sast-scan

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

sast devsecops appsec license-scan workflow scanners

Python 843

2 年前

Cyber-Buddy / APKHunt

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,...

android-security Cybersecurity owasp penetration-testing pentest pentesting pentesting-tools sast secure-coding 安全 static-analysis static-analyzer 代码审查 masvs mstg

Go 812

5 个月前

BADBADBADBOY / pytorchOCR

基于pytorch的ocr算法库，包括 psenet, pan, dbnet, sast , crnn

OCR textdetection dbnet psenet crnn textrecognition sast

C++ 684

4 年前

MobSF / mobsfscan

#安卓#mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis r...

Android static-analysis appsec codereview iOS Java Kotlin Objective-C sast 安全 Swift

Python 663

4 个月前

insidersec / insider

#安卓#Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to im...

sast 安全 security-scanner security-automation 命令行界面 android-security ios-security insider owasp Node.js JavaScript Android Kotlin Swift .NET C#Maven iOS static-analyzer static-analysis

Go 540

3 年前

DeepSourceCorp / globstar

Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter.

Code quality code-security sast static-analysis Tree-sitter

Go 439

19 天前

awslabs / automated-security-helper

ASH is an extensible, open source SAST, SCA, and IaC security scanner orchestration engine.

Amazon Web Services Infrastructure as code sast sca scanner 安全

Shell 426

5 天前

ajinabraham / njsscan

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Node.js Express sast devsecops linter 安全 semantic Python appsec static-analysis codereview static-analyzer lint

JavaScript 401

7 个月前

alipay / ant-application-security-testing-benchmark

xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

application benchmark evaluation 安全 Testing dast iast sast sca

Java 394

2 个月前

Chanzi-keji / chanzi

"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompile, custom rule, and is compatible with th...

sast Java javasec javasecurity 安全 java-security static-analysis static-analyzer static-analyzers

391

13 天前

ASTTeam / SAST

《深入理解SAST静态应用安全测试》Static Application Security Testing.

0e0w sast

344

1 年前