956 Open source projects that are alternatives of or similar to Bandit

Kubernetes object analysis with recommendations for improved reliability and security

⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.

It's not just a linter that annoys you!

ESLint Shareable Config for JSX support in JavaScript Standard Style

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

A GitHub app to automatically review Python code style over Pull Requests

🌟 JavaScript Style Guide, with linter & automatic code fixer

Lint JavaScript code blocks in Markdown documents

ESLint Config for JavaScript Standard Style

Web Scan Lazy Tools - Python Package

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

A static analysis tool for security

Kubernetes RBAC static Analysis & visualisation tool

ESLint Shareable Config for React/JSX support in JavaScript Standard Style

The official GitHub mirror of https://gitlab.com/pycqa/flake8

An extensible multilanguage static code analyzer.

A Ruby static code analyzer and formatter, based on the community Ruby style guide.

[DEPRECATED] Find Python web-app bugs delightfully fast, without changing your workflow. 🍱

🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

👆 Website for JavaScript Standard Style (@standard)

Rubocop extension for enforcing graphql-ruby best practices

Analyzes Elm projects, to help find mistakes before your users find them.

A collection of security related Python and Bash shell scripts. Analyze hosts on generic security vulnerabilities. Wrapper around popular tools like nmap (portscanner), nikto (webscanner) and testssl.sh (SSL/TLS scanner)

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Official Black Hat Arsenal Security Tools Repository

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Documenting the explosion of packages in the standard ecosystem!

Source Code Security Audit (源代码安全审计)

A static type analyzer for Python code

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Find and fix problems in your JavaScript code.

Solhint is an open source project created by https://protofire.io. Its goal is to provide a linting utility for Solidity code.

A RuboCop extension focused on enforcing Rails best practices and coding conventions.

An extension of RuboCop focused on code performance checks.

A linter that replay your developing style

A RuboCop extension focused on enforcing upstream best practices and coding conventions.

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

A plugin to simplify Static Code Analysis on Gradle. Not restricted to, but specially useful, in Android projects, by making sure all analysis can access the SDK classes.

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Static code analysis for CFML (a linter)

Standalone linter for ABAP

A linter, formatter for finding and removing unused import statements.

Identify hardcoded secrets and dangerous behaviours

A linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).

A linter, formatter for finding and removing unused import statements.

This repo demonstrates how to work on CI/CD for Mobile Apps 📱 using Github Actions 💊 + Firebase Distribution 🎉

Lint all your JavaScript, CSS, HTML, Markdown and Dockerfiles with a single command

Complexity of Code - JavaScript/TypeScript

ApexMetrics - Code Climate engine for Salesforce [DISCONTINUED use CC PMD instead)

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

Every programmer needs a rubberduck. COM add-in for the VBA & VB6 IDE (VBE).

🧘‍♀️ Healthier is an opinionated style agnostic code linter – a friendly companion to Prettier

Code Climate Engine for ESLint

List of packages that use `standard`