sast

Here are 128 public repositories matching this topic...

analysis-tools-dev / static-analysis

Sponsor

⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

analysis static-code-analysis linter static-analysis awesome-list code-quality static-analyzers sast

Updated Nov 28, 2022
Rust

returntocorp / semgrep

Star

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

javascript ruby python c java go typescript static-code-analysis static-analysis sast r2c semgrep

Updated Nov 28, 2022
OCaml

tenable / terrascan

Star

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Updated Nov 28, 2022
Go

ajinabraham / nodejsscan

Sponsor

Star

nodejsscan is a static security code scanner for Node.js applications.

nodejs javascript lint security node static-analysis code-analysis code-review security-scanner devsecops sast node-security nodejsscan

Updated Nov 8, 2022
CSS

ZupIT / horusec

Star

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

Updated Nov 20, 2022
Go

ASTTeam / CodeQL

Star

《深入理解CodeQL》Finding vulnerabilities with CodeQL.

ql devsecops sast semmle-ql codeql codeql-queries 0e0w learning-codeql hackjava hackaspx javasec hackgolang

Updated Oct 24, 2022

momosecurity / momo-code-sec-inspector-java

Star

IDEA静态代码安全审计及漏洞一键修复插件

java idea sast

Updated Mar 10, 2022
Java

ShiftLeftSecurity / sast-scan

Star

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

workflow appsec scanners license-scan devsecops sast dependency-scan

Updated Nov 15, 2022
Python

BADBADBADBOY / pytorchOCR

Star

基于pytorch的ocr算法库，包括 psenet, pan, dbnet, sast , crnn

ocr textrecognition sast crnn dbnet textdetection psenet pannet

Updated May 19, 2021
C++

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Updated Apr 10, 2022
Go

marcinguy / betterscan-ce

Sponsor

Star

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan Community Edition (CE)

static-code-analysis static-analysis sonarqube code-quality static-analyzers devsecops sast code-quality-analyzer

Updated Nov 23, 2022
Python

ajinabraham / njsscan

Sponsor

Star

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Updated Nov 11, 2022
JavaScript

we45 / ThreatPlaybook

Star

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

python application-security threat-model devsecops sast dast

Updated Nov 15, 2022
Python

BytecodeDL / ByteCodeDL

Star

A declarative static analysis tool for jvm bytecode based Datalog like CodeQL

static-analysis taint-analysis points-to-analysis security-tools sast

Updated Aug 28, 2022
Shell

mpast / mobileAudit

Star

Django application that performs SAST and Malware Analysis for Android APKs

docker django malware django-rest-framework apk malware-analysis android-security mobile-security virustotal androguard apk-analysis sast code-security defect-dojo mobile-audit

Updated Nov 18, 2022
HTML

AppThreat / sast-scan

Star

Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!

docker static-analysis sarif sast azure-devops