SpotbugsSpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
Stars: ✭ 2,569 (+46.97%)
static-code-analysis-pluginA plugin to simplify Static Code Analysis on Gradle. Not restricted to, but specially useful, in Android projects, by making sure all analysis can access the SDK classes.
Stars: ✭ 36 (-97.94%)
Larastan⚗️ Adds code analysis to Laravel improving developer productivity and code quality.
Stars: ✭ 3,554 (+103.32%)
auraPython source code auditing and static analysis on a large scale
Stars: ✭ 101 (-94.22%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (-89.3%)
phan-taint-check-pluginGithub mirror of "mediawiki/tools/phan/SecurityCheckPlugin" - our actual code is hosted with Gerrit (please see https://www.mediawiki.org/wiki/Developer_access for contributing)
Stars: ✭ 21 (-98.8%)
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+484.21%)
Vulny Code Static AnalysisPython script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: ✭ 207 (-88.16%)
Revive🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
Stars: ✭ 3,139 (+79.58%)
cwe-toolA command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
Stars: ✭ 40 (-97.71%)
cwe-sdk-javascriptA Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC
Stars: ✭ 18 (-98.97%)
CheckovPrevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+104.35%)
InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (-87.64%)
Forbidden ApisPoliceman's Forbidden API Checker
Stars: ✭ 216 (-87.64%)
gotchaGo Taint CHeck Analyser
Stars: ✭ 40 (-97.71%)
assimilation-officialThis is the official main repository for the Assimilation project
Stars: ✭ 47 (-97.31%)
sbt-findbugsFindBugs static analysis plugin for sbt.
Stars: ✭ 47 (-97.31%)
Debt-ManagerA personal app to store people that owe you money or you owe money to. "Mo Money Mo Problems" 🎵 - The Notorious B.I.G. 😎
Stars: ✭ 22 (-98.74%)
clair-cicdMaking CoreOS' Clair easily work in CI/CD pipelines
Stars: ✭ 27 (-98.46%)
dependency-check-py🔐 Shim to easily install OWASP dependency-check-cli into Python projects
Stars: ✭ 44 (-97.48%)
CredoA static code analysis tool for the Elixir language with a focus on code consistency and teaching.
Stars: ✭ 4,144 (+137.07%)
HuskyciPerforming security tests inside your CI
Stars: ✭ 398 (-77.23%)
Pyre CheckPerformant type-checking for python.
Stars: ✭ 5,716 (+227%)
Juice ShopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+258.7%)
PdependPHP_Depend is an adaptation of the established Java development tool JDepend. This tool shows you the quality of your design in terms of extensibility, reusability and maintainability.
Stars: ✭ 727 (-58.41%)
Php Language ServerPHP Implementation of the VS Code Language Server Protocol 🆚↔🖥
Stars: ✭ 1,019 (-41.7%)
BodycloseAnalyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.
Stars: ✭ 181 (-89.65%)
Rubysonaran advanced semantic indexer for Ruby
Stars: ✭ 175 (-89.99%)
TfsecSecurity scanner for your Terraform code
Stars: ✭ 3,622 (+107.21%)
PytA Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
Stars: ✭ 2,061 (+17.91%)
PhpCodeAnalyzerPhpCodeAnalyzer scans codebase and analyzes which non-built-in php extensions used
Stars: ✭ 91 (-94.79%)
RadonVarious code metrics for Python code
Stars: ✭ 1,193 (-31.75%)
Pest🐞 Primitive Erlang Security Tool
Stars: ✭ 79 (-95.48%)
Github DorksFind leaked secrets via github search
Stars: ✭ 1,332 (-23.8%)
swap-detectorA library for detecting swapped arguments in function calls, and a Clang Static Analyzer plugin used to demonstrate the library.
Stars: ✭ 19 (-98.91%)
CIS-Ubuntu-20.04-AnsibleAnsible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
Stars: ✭ 150 (-91.42%)
WotanPluggable TypeScript and JavaScript linter
Stars: ✭ 271 (-84.5%)
PhpmdPHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.
Stars: ✭ 1,992 (+13.96%)
PmdAn extensible multilanguage static code analyzer.
Stars: ✭ 3,667 (+109.78%)
HorusecHorusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Stars: ✭ 311 (-82.21%)
PsalmA static analysis tool for finding errors in PHP applications
Stars: ✭ 4,523 (+158.75%)
Coalacoala provides a unified command-line interface for linting and fixing all your code, regardless of the programming languages you use.
Stars: ✭ 3,280 (+87.64%)
Security Code ScanVulnerability Patterns Detector for C# and VB.NET
Stars: ✭ 550 (-68.54%)
BrakemanA static analysis security vulnerability scanner for Ruby on Rails applications
Stars: ✭ 6,281 (+259.32%)
Freki🐺 Malware analysis platform
Stars: ✭ 285 (-83.7%)
ZaproxyThe OWASP ZAP core project
Stars: ✭ 9,078 (+419.34%)
Terraform Security ScanRun a security scan on your terraform with the very nice https://github.com/liamg/tfsec
Stars: ✭ 64 (-96.34%)
SpoonSpoon is a metaprogramming library to analyze and transform Java source code (up to Java 15). 🥄 is made with ❤️, 🍻 and ✨. It parses source files to build a well-designed AST with powerful analysis and transformation API.
Stars: ✭ 1,078 (-38.33%)
AbaplintStandalone linter for ABAP
Stars: ✭ 111 (-93.65%)
Nodejsscannodejsscan is a static security code scanner for Node.js applications.
Stars: ✭ 1,874 (+7.21%)
CflintStatic code analysis for CFML (a linter)
Stars: ✭ 156 (-91.08%)
SecurecodeboxsecureCodeBox (SCB) - continuous secure delivery out of the box
Stars: ✭ 279 (-84.04%)
Pysonar2PySonar2: an advanced semantic indexer for Python
Stars: ✭ 1,074 (-38.56%)
Phpstan DrupalExtension for PHPStan to allow analysis of Drupal code.
Stars: ✭ 97 (-94.45%)
Config LintCommand line tool to validate configuration files
Stars: ✭ 118 (-93.25%)