A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
-
Updated
May 17, 2021 - Rust
#
sast
Here are 69 public repositories matching this topic...
nodejsscan is a static security code scanner for Node.js applications.
nodejs
javascript
lint
security
node
static-analysis
code-analysis
code-review
security-scanner
devsecops
sast
node-security
nodejsscan
-
Updated
May 18, 2021 - CSS
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
kubernetes
infrastructure
aws
security
devops
terraform
architecture
iac
infrastructure-as-code
scans
aws-security
security-tools
cloudsecurity
devsecops
cloud-security
sast
azure-security
gcp-security
terrascan
security-violations
-
Updated
May 18, 2021 - Go
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
ruby
kotlin
python
java
cli
golang
security
analysis
ci
cd
terraform
scanner
static-analysis
netcore
vulnerabilities
hacktoberfest
sast
security-flaws
security-development
sast-analysis
-
Updated
May 17, 2021 - Go
Open
rush.js build errors
prabhu
commented
Apr 20, 2021
Seeing the below error while installing rush.js. Probably might need a package in the base image. Any help would be appreciated.
#21 516.9 > [email protected] install /usr/local/lib/node_modules/@microsoft/rush/node_modules/keytar
#21 516.9 > prebuild-install || npm run build
#21 516.9
#21 521.6 prebuild-install WARN install No prebuilt binaries found (target=14.16.0 runtime=node arch=arm64
基于pytorch的ocr算法库,包括 psenet, pan, dbnet, sast , crnn
-
Updated
May 2, 2021 - C++
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
nodejs
javascript
android
kotlin
swift
cli
ios
csharp
maven
dotnet
static-analysis
owasp
static-analyzer
android-security
ios-security
security-scanner
security-automation
security-tools
sast
insider
-
Updated
Jan 26, 2021 - Go
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
-
Updated
May 6, 2021 - Python
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
nodejs
lint
python
security
semantic
linter
static-analysis
expressjs
jslint
static-analyzer
codereview
appsec
staticanalysis
security-tools
devsecops
sast
nodesecurity
nodejsscan
codescanner
njsscan
-
Updated
May 17, 2021 - JavaScript
r0hi7
commented
Jun 27, 2020
Scan the docker network for open ports and vulnerable services.
Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
-
Updated
Sep 4, 2020 - Python
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns.
-
Updated
May 11, 2021 - JavaScript
Generic SAST Library
security
regex
static-analyzer
appsec
codeanalysis
staticanalysis
sast
semgrep
semanticgrep
patternmatch
genericsast
libsast
-
Updated
May 15, 2021 - Python
Django application that performs SAST and Malware Analysis for Android APKs
docker
django
malware
django-rest-framework
apk
malware-analysis
android-security
mobile-security
virustotal
androguard
apk-analysis
sast
code-security
defect-dojo
mobile-audit
-
Updated
May 16, 2021 - HTML
A wrapper around Semgrep that supports running as a Github Action, in Gitlab, and other CI providers and interfacing with https://semgrep.dev
-
Updated
May 18, 2021 - Python
ioggstream
commented
Jan 15, 2021
Checkmarx Scan Github Action
security
scanning
appsec
sca
sast
osa
checkmarx-sast
github-actions
checkmarx
security-vulnerabilities
checkmarx-server
-
Updated
May 17, 2021 - JavaScript
Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans
-
Updated
Apr 13, 2019 - Java
Clouddefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting and other exploitable vulnerabilities.
nodejs
ruby
kotlin
java
go
swift
php
hacking
xss
penetration-testing
vulnerability-scanner
sast
dast
-
Updated
Apr 16, 2021
Exports vulnerability scan data from the Checkmarx SAST platform for use in analytical tools.
windows
linux
security
data-science
mongodb
csharp
analysis
rabbitmq
splunk
amqp
dotnet-core
vulnerabilities
rabbit-mq
sast
checkmarx
-
Updated
May 14, 2021 - C#
GitHub Action to set up Fortify ScanCentral Client
github
setup
security
static-analysis
application-security
action
appsec
fortify
sast
github-action
fortify-ssc
fortify-on-demand
-
Updated
Mar 10, 2021 - TypeScript
GitHub Action to set up the Fortify on Demand (FoD) upload utility
github
setup
security
static-analysis
uploader
application-security
action
appsec
fortify
sast
github-action
fortify-on-demand
-
Updated
Mar 10, 2021 - TypeScript
It's a Horusec Action proof of concept
-
Updated
Mar 17, 2021 - Dockerfile
nodejsscan Github Action
nodejs
code-review
action
staticanalysis
sast
githubactions
nodejsscan
njsscan
njsscan-action
code-anaysis
nodesast
-
Updated
Nov 16, 2020 - Dockerfile
Curated list of security tools
kubernetes
security
list
cloud
oss
tools
osc
scanner
security-tools
devsecops
sast
dast
oss-compliance
-
Updated
Dec 9, 2020
Improve this page
Add a description, image, and links to the sast topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the sast topic, visit your repo's landing page and select "manage topics."
Describe the bug
If a user inputs an autofix that is multiple lines, all lines after the first are indented on an absolute basis rather than relative to the first line.
To Reproduce
semgrep --config https://semgrep.dev/s/chmccreery:autofix-multiline --autofix --disable-nosem --skip-unknown-extensions --dryrun^ Run the above command in /semgrep repository (or create a test repo