Nodejsscannodejsscan is a static security code scanner for Node.js applications.
TerrascanDetect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Static Analysis⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
SemgrepLightweight static analysis for many languages. Find bug variants with patterns that look like source code.
clj-holmesA CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.
mobileAuditDjango application that performs SAST and Malware Analysis for Android APKs
dr checker 4 linuxPort of "DR.CHECKER : A Soundy Vulnerability Detection Tool for Linux Kernel Drivers" to Clang/LLVM 10 and Linux Kernel
interceptINTERCEPT / Policy as Code Static Analysis Auditing / SAST
DockerENTThe only open-source tool to analyze vulnerabilities and configuration issues with running docker container(s) and docker networks.
cdCloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
astam-correlatorVulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans