4928 Open source projects that are alternatives of or similar to Find Sec Bugs

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

A plugin to simplify Static Code Analysis on Gradle. Not restricted to, but specially useful, in Android projects, by making sure all analysis can access the SDK classes.

⚗️ Adds code analysis to Laravel improving developer productivity and code quality.

Python source code auditing and static analysis on a large scale

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Github mirror of "mediawiki/tools/phan/SecurityCheckPlugin" - our actual code is hosted with Gerrit (please see https://www.mediawiki.org/wiki/Developer_access for contributing)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

Code Climate CLI

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Policeman's Forbidden API Checker

Go Taint CHeck Analyser

This is the official main repository for the Assimilation project

FindBugs static analysis plugin for sbt.

A personal app to store people that owe you money or you owe money to. "Mo Money Mo Problems" 🎵 - The Notorious B.I.G. 😎

Making CoreOS' Clair easily work in CI/CD pipelines

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

Bears for coala

A static code analysis tool for the Elixir language with a focus on code consistency and teaching.

Performing security tests inside your CI

SonarJS rules for ESLint

Performant type-checking for python.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

PHP_Depend is an adaptation of the established Java development tool JDepend. This tool shows you the quality of your design in terms of extensibility, reusability and maintainability.

PHP Implementation of the VS Code Language Server Protocol 🆚↔🖥

Analyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.

an advanced semantic indexer for Ruby

Security scanner for your Terraform code

Jenkins Warnings Plugin - Next Generation

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

PhpCodeAnalyzer scans codebase and analyzes which non-built-in php extensions used

Various code metrics for Python code

🐞 Primitive Erlang Security Tool

Find leaked secrets via github search

A library for detecting swapped arguments in function calls, and a Clang Static Analyzer plugin used to demonstrate the library.

Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation

Pluggable TypeScript and JavaScript linter

PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.

An extensible multilanguage static code analyzer.

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

A static analysis tool for finding errors in PHP applications

coala provides a unified command-line interface for linting and fixing all your code, regardless of the programming languages you use.

Vulnerability Patterns Detector for C# and VB.NET

OWASP ZAP Add-ons

A static analysis security vulnerability scanner for Ruby on Rails applications

🐺 Malware analysis platform

The OWASP ZAP core project

Run a security scan on your terraform with the very nice https://github.com/liamg/tfsec

Spoon is a metaprogramming library to analyze and transform Java source code (up to Java 15). 🥄 is made with ❤️, 🍻 and ✨. It parses source files to build a well-designed AST with powerful analysis and transformation API.

Standalone linter for ABAP

nodejsscan is a static security code scanner for Node.js applications.

Static code analysis for CFML (a linter)

secureCodeBox (SCB) - continuous secure delivery out of the box

PySonar2: an advanced semantic indexer for Python

Extension for PHPStan to allow analysis of Drupal code.

Command line tool to validate configuration files