Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (-93.17%)
qodana-action⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana
Stars: ✭ 112 (-94.02%)
sonarqube-actionIntegrate SonarQube scanner to GitHub Actions
Stars: ✭ 90 (-95.2%)
interceptINTERCEPT / Policy as Code Static Analysis Auditing / SAST
Stars: ✭ 54 (-97.12%)
Reviewdog🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
Stars: ✭ 4,541 (+142.32%)
Larastan⚗️ Adds code analysis to Laravel improving developer productivity and code quality.
Stars: ✭ 3,554 (+89.65%)
localhost-sonarqubeAnalysing source code locally with SonarQube in a Docker environment.
Stars: ✭ 17 (-99.09%)
inline-plzInline your lint messages
Stars: ✭ 32 (-98.29%)
secure-pipeline-advisorImprove your code security by running different security checks/validation in a simple way.
Stars: ✭ 25 (-98.67%)
lintsLint all your JavaScript, CSS, HTML, Markdown and Dockerfiles with a single command
Stars: ✭ 14 (-99.25%)
KraneKubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (-86.45%)
WotanPluggable TypeScript and JavaScript linter
Stars: ✭ 271 (-85.54%)
Protoc Gen LintA plug-in for Google's Protocol Buffers (protobufs) compiler to lint .proto files for style violations.
Stars: ✭ 221 (-88.21%)
D ScannerSwiss-army knife for D source code
Stars: ✭ 221 (-88.21%)
luliA static analysis and linter tool for Lua
Stars: ✭ 45 (-97.6%)
code-reviewAutomated static analysis & linting bot for Mozilla repositories
Stars: ✭ 51 (-97.28%)
FeramFeram finds & fixes bugs in your commits
Stars: ✭ 122 (-93.49%)
shell-linterA Github Action for ShellCheck
Stars: ✭ 58 (-96.91%)
CheckovPrevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+90.61%)
ExakatThe Exakat Engine : smart static analysis for PHP
Stars: ✭ 346 (-81.54%)
DetektStatic code analysis for Kotlin
Stars: ✭ 4,169 (+122.47%)
CredoA static code analysis tool for the Elixir language with a focus on code consistency and teaching.
Stars: ✭ 4,144 (+121.13%)
Kube Scankube-scan: Octarine k8s cluster risk assessment tool
Stars: ✭ 566 (-69.8%)
SalusSecurity scanner coordinator
Stars: ✭ 441 (-76.47%)
Rubocop RspecCode style checking for RSpec files
Stars: ✭ 603 (-67.82%)
Config LintCommand line tool to validate configuration files
Stars: ✭ 118 (-93.7%)
TfsecSecurity scanner for your Terraform code
Stars: ✭ 3,622 (+93.28%)
Forbidden ApisPoliceman's Forbidden API Checker
Stars: ✭ 216 (-88.47%)
InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (-88.47%)
Vulny Code Static AnalysisPython script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: ✭ 207 (-88.95%)
lint-checksA set of opinionated and useful lint checks
Stars: ✭ 61 (-96.74%)
duplexDuplicate code finder for Elixir
Stars: ✭ 20 (-98.93%)
swap-detectorA library for detecting swapped arguments in function calls, and a Clang Static Analyzer plugin used to demonstrate the library.
Stars: ✭ 19 (-98.99%)
SpotbugsSpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
Stars: ✭ 2,569 (+37.09%)
PhpCodeAnalyzerPhpCodeAnalyzer scans codebase and analyzes which non-built-in php extensions used
Stars: ✭ 91 (-95.14%)
mllint`mllint` is a command-line utility to evaluate the technical quality of Python Machine Learning (ML) projects by means of static analysis of the project's repository.
Stars: ✭ 67 (-96.42%)
FastLint-IssuesFastLint finds & fixes bugs in your commits
Stars: ✭ 123 (-93.44%)
pahoutA pair programming partner for writing better PHP. Pahout means PHP mahout 🐘
Stars: ✭ 43 (-97.71%)
static-code-analysis-pluginA plugin to simplify Static Code Analysis on Gradle. Not restricted to, but specially useful, in Android projects, by making sure all analysis can access the SDK classes.
Stars: ✭ 36 (-98.08%)
Static Analysis⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
Stars: ✭ 9,310 (+396.8%)
RadonVarious code metrics for Python code
Stars: ✭ 1,193 (-36.34%)
Find Sec BugsThe SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Stars: ✭ 1,748 (-6.72%)
SemgrepLightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Stars: ✭ 5,668 (+202.45%)
PmdAn extensible multilanguage static code analyzer.
Stars: ✭ 3,667 (+95.68%)
ApplicationinspectorA source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+106.67%)
Coalacoala provides a unified command-line interface for linting and fixing all your code, regardless of the programming languages you use.
Stars: ✭ 3,280 (+75.03%)
Jsprimea javascript static security analysis tool
Stars: ✭ 556 (-70.33%)
SpoonSpoon is a metaprogramming library to analyze and transform Java source code (up to Java 15). 🥄 is made with ❤️, 🍻 and ✨. It parses source files to build a well-designed AST with powerful analysis and transformation API.
Stars: ✭ 1,078 (-42.48%)
Pysonar2PySonar2: an advanced semantic indexer for Python
Stars: ✭ 1,074 (-42.69%)
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+444.93%)
Php Language ServerPHP Implementation of the VS Code Language Server Protocol 🆚↔🖥
Stars: ✭ 1,019 (-45.62%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (-90.02%)
Woke✊ Detect non-inclusive language in your source code.
Stars: ✭ 190 (-89.86%)
Hint💡 A hinting engine for the web
Stars: ✭ 3,280 (+75.03%)
Cfn nagLinting tool for CloudFormation templates
Stars: ✭ 808 (-56.88%)
Pest🐞 Primitive Erlang Security Tool
Stars: ✭ 79 (-95.78%)
TerrascanDetect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Stars: ✭ 2,687 (+43.38%)