A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
-
Updated
Aug 4, 2021 - Rust
#
sast
Here are 73 public repositories matching this topic...
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
kubernetes
infrastructure
aws
security
devops
terraform
architecture
iac
infrastructure-as-code
scans
aws-security
security-tools
cloudsecurity
devsecops
cloud-security
sast
azure-security
gcp-security
terrascan
security-violations
-
Updated
Aug 11, 2021 - Go
nodejsscan is a static security code scanner for Node.js applications.
nodejs
javascript
lint
security
node
static-analysis
code-analysis
code-review
security-scanner
devsecops
sast
node-security
nodejsscan
-
Updated
Jul 28, 2021 - CSS
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
ruby
kotlin
python
java
cli
golang
security
analysis
ci
cd
terraform
scanner
static-analysis
netcore
vulnerabilities
hacktoberfest
sast
security-flaws
security-development
sast-analysis
-
Updated
Aug 11, 2021 - Go
基于pytorch的ocr算法库,包括 psenet, pan, dbnet, sast , crnn
-
Updated
May 19, 2021 - C++
Open
rush.js build errors
prabhu
commented
Apr 20, 2021
Seeing the below error while installing rush.js. Probably might need a package in the base image. Any help would be appreciated.
#21 516.9 > keytar@7.6.0 install /usr/local/lib/node_modules/@microsoft/rush/node_modules/keytar
#21 516.9 > prebuild-install || npm run build
#21 516.9
#21 521.6 prebuild-install WARN install No prebuilt binaries found (target=14.16.0 runtime=node arch=arm64
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
nodejs
javascript
android
kotlin
swift
cli
ios
csharp
maven
dotnet
static-analysis
owasp
static-analyzer
android-security
ios-security
security-scanner
security-automation
security-tools
sast
insider
-
Updated
Jun 28, 2021 - Go
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
-
Updated
May 6, 2021 - Python
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
nodejs
lint
python
security
semantic
linter
static-analysis
expressjs
jslint
static-analyzer
codereview
appsec
staticanalysis
security-tools
devsecops
sast
nodesecurity
nodejsscan
codescanner
njsscan
-
Updated
Jul 27, 2021 - JavaScript
r0hi7
commented
Jun 27, 2020
Scan the docker network for open ports and vulnerable services.
Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
-
Updated
Sep 4, 2020 - Python
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬 .
-
Updated
Aug 8, 2021 - JavaScript
Generic SAST Library
security
regex
static-analyzer
appsec
codeanalysis
staticanalysis
sast
semgrep
semanticgrep
patternmatch
genericsast
libsast
-
Updated
Jun 10, 2021 - Python
Django application that performs SAST and Malware Analysis for Android APKs
docker
django
malware
django-rest-framework
apk
malware-analysis
android-security
mobile-security
virustotal
androguard
apk-analysis
sast
code-security
defect-dojo
mobile-audit
-
Updated
Jul 3, 2021 - HTML
Semgrep CI is a specialized Docker image for running Semgrep in CI environments. It can either be used stand-alone or connected with Semgrep App for centralized rule and findings management.
-
Updated
Aug 9, 2021 - Python
ioggstream
commented
Jan 15, 2021
Ready to use docker image for CodeQL
-
Updated
Jul 5, 2021 - Dockerfile
Checkmarx Scan Github Action
security
scanning
appsec
sca
sast
osa
checkmarx-sast
github-actions
checkmarx
security-vulnerabilities
checkmarx-server
-
Updated
Jul 29, 2021 - JavaScript
Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans
-
Updated
Jul 19, 2021 - Java
Curated list of security tools
kubernetes
security
list
cloud
oss
tools
osc
scanner
security-tools
devsecops
sast
dast
oss-compliance
-
Updated
Dec 9, 2020
Exports vulnerability scan data from the Checkmarx SAST platform for use in analytical tools.
windows
linux
security
data-science
mongodb
csharp
analysis
rabbitmq
splunk
amqp
dotnet-core
vulnerabilities
rabbit-mq
sast
checkmarx
-
Updated
Aug 5, 2021 - C#
Clouddefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting and other exploitable vulnerabilities.
nodejs
ruby
kotlin
java
go
swift
php
hacking
xss
penetration-testing
vulnerability-scanner
sast
dast
-
Updated
Aug 10, 2021
GitHub Action to set up Fortify ScanCentral Client
github
setup
security
static-analysis
application-security
action
appsec
fortify
sast
github-action
fortify-ssc
fortify-on-demand
-
Updated
May 27, 2021 - TypeScript
nodejsscan Github Action
nodejs
code-review
action
staticanalysis
sast
githubactions
nodejsscan
njsscan
njsscan-action
code-anaysis
nodesast
-
Updated
Nov 16, 2020 - Dockerfile
It's a Horusec Action proof of concept
-
Updated
Mar 17, 2021 - Dockerfile
GitHub Action to set up the Fortify on Demand (FoD) upload utility
github
setup
security
static-analysis
uploader
application-security
action
appsec
fortify
sast
github-action
fortify-on-demand
-
Updated
Mar 10, 2021 - TypeScript
Improve this page
Add a description, image, and links to the sast topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the sast topic, visit your repo's landing page and select "manage topics."
I can’t use //nosemgrep because my autoformatter moves it to its own line, where it is ignored by semgrep.
To reproduce: https://semgrep.dev/s/340G
Desired behavior: I'd like all of the examples in the above snippet to be suppressed by the
nosemgrepannotation, including:nosemgrepis on its own line before the target linenosemgrepis inside the matched range.This