InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (-96.21%)
HuskyciPerforming security tests inside your CI
Stars: ✭ 398 (-93.01%)
Fwanalyzera tool to analyze filesystem images for security
Stars: ✭ 382 (-93.29%)
KraneKubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (-95.54%)
duplexDuplicate code finder for Elixir
Stars: ✭ 20 (-99.65%)
static-code-analysis-pluginA plugin to simplify Static Code Analysis on Gradle. Not restricted to, but specially useful, in Android projects, by making sure all analysis can access the SDK classes.
Stars: ✭ 36 (-99.37%)
Reviewdog🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
Stars: ✭ 4,541 (-20.25%)
PmdAn extensible multilanguage static code analyzer.
Stars: ✭ 3,667 (-35.6%)
Preallocprealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated.
Stars: ✭ 419 (-92.64%)
Phpstan PhpunitPHPUnit extensions and rules for PHPStan
Stars: ✭ 247 (-95.66%)
tryceratopsA linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).
Stars: ✭ 381 (-93.31%)
lintsLint all your JavaScript, CSS, HTML, Markdown and Dockerfiles with a single command
Stars: ✭ 14 (-99.75%)
analysis-modelA library to read static analysis reports into a Java object model
Stars: ✭ 74 (-98.7%)
OpenStaticAnalyzerOpenStaticAnalyzer is a source code analyzer tool, which can perform deep static analysis of the source code of complex systems.
Stars: ✭ 19 (-99.67%)
unimportA linter, formatter for finding and removing unused import statements.
Stars: ✭ 119 (-97.91%)
gotchaGo Taint CHeck Analyser
Stars: ✭ 40 (-99.3%)
WsltoolsWeb Scan Lazy Tools - Python Package
Stars: ✭ 288 (-94.94%)
PytypeA static type analyzer for Python code
Stars: ✭ 3,545 (-37.74%)
WssatWEB SERVICE SECURITY ASSESSMENT TOOL
Stars: ✭ 360 (-93.68%)
SuperSecure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (-94.03%)
WalaT.J. Watson Libraries for Analysis
Stars: ✭ 395 (-93.06%)
Dg[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.
Stars: ✭ 242 (-95.75%)
EngineDroidefense: Advance Android Malware Analysis Framework
Stars: ✭ 386 (-93.22%)
Revive🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
Stars: ✭ 3,139 (-44.87%)
phpstan-netteNette Framework class reflection extension for PHPStan & framework-specific rules
Stars: ✭ 87 (-98.47%)
klaraAutomatic test case generation for python and static analysis library
Stars: ✭ 250 (-95.61%)
unimportunimport is a Go static analysis tool to find unnecessary import aliases.
Stars: ✭ 64 (-98.88%)
Larastan⚗️ Adds code analysis to Laravel improving developer productivity and code quality.
Stars: ✭ 3,554 (-37.58%)
ebaEBA is a static bug finder for C.
Stars: ✭ 14 (-99.75%)
nakedretnakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.
Stars: ✭ 82 (-98.56%)
identypoidentypo is a Go static analysis tool to find typos in identifiers (functions, function calls, variables, constants, type declarations, packages, labels).
Stars: ✭ 26 (-99.54%)
qodana-action⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana
Stars: ✭ 112 (-98.03%)
analysis-netStatic analysis framework for .NET programs.
Stars: ✭ 19 (-99.67%)
SoteriaPlugin to block compilation when unapproved dependencies are used or code styling does not comply.
Stars: ✭ 36 (-99.37%)
Sonar Php 🐘 SonarPHP: PHP static analyzer for SonarQube & SonarLint
Stars: ✭ 288 (-94.94%)
SecurecodeboxsecureCodeBox (SCB) - continuous secure delivery out of the box
Stars: ✭ 279 (-95.1%)
BanditBandit is a tool designed to find common security issues in Python code.
Stars: ✭ 3,763 (-33.91%)
NullawayA tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
Stars: ✭ 3,035 (-46.7%)
W5Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
Stars: ✭ 367 (-93.55%)
PylintIt's not just a linter that annoys you!
Stars: ✭ 3,733 (-34.44%)
PatrowlmanagerPatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-93.62%)
ChronosChronos - A static race detector for the go language
Stars: ✭ 272 (-95.22%)
TaipanWeb application vulnerability scanner
Stars: ✭ 359 (-93.7%)
Forbidden ApisPoliceman's Forbidden API Checker
Stars: ✭ 216 (-96.21%)
MqueryYARA malware query accelerator (web frontend)
Stars: ✭ 264 (-95.36%)
SemgrepLightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Stars: ✭ 5,668 (-0.46%)
BurpaBurp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (-92.5%)
ApplicationinspectorA source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (-31.98%)