866 Open source projects that are alternatives of or similar to Nodejsscan

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana

Integrate SonarQube scanner to GitHub Actions

INTERCEPT / Policy as Code Static Analysis Auditing / SAST

🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

⚗️ Adds code analysis to Laravel improving developer productivity and code quality.

Analysing source code locally with SonarQube in a Docker environment.

Inline your lint messages

Improve your code security by running different security checks/validation in a simple way.

Lint all your JavaScript, CSS, HTML, Markdown and Dockerfiles with a single command

Kubernetes RBAC static Analysis & visualisation tool

Pluggable TypeScript and JavaScript linter

A plug-in for Google's Protocol Buffers (protobufs) compiler to lint .proto files for style violations.

Swiss-army knife for D source code

A static analysis and linter tool for Lua

Automated static analysis & linting bot for Mozilla repositories

Feram finds & fixes bugs in your commits

A Github Action for ShellCheck

GitHub Action to set up Fortify ScanCentral Client

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

The Exakat Engine : smart static analysis for PHP

Static code analysis for Kotlin

A static code analysis tool for the Elixir language with a focus on code consistency and teaching.

kube-scan: Octarine k8s cluster risk assessment tool

Security scanner coordinator

Code style checking for RSpec files

Command line tool to validate configuration files

Security scanner for your Terraform code

Policeman's Forbidden API Checker

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

A set of opinionated and useful lint checks

Duplicate code finder for Elixir

A library for detecting swapped arguments in function calls, and a Clang Static Analyzer plugin used to demonstrate the library.

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

PhpCodeAnalyzer scans codebase and analyzes which non-built-in php extensions used

`mllint` is a command-line utility to evaluate the technical quality of Python Machine Learning (ML) projects by means of static analysis of the project's repository.

FastLint finds & fixes bugs in your commits

A pair programming partner for writing better PHP. Pahout means PHP mahout 🐘

A plugin to simplify Static Code Analysis on Gradle. Not restricted to, but specially useful, in Android projects, by making sure all analysis can access the SDK classes.

⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.

Various code metrics for Python code

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

An extensible multilanguage static code analyzer.

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

coala provides a unified command-line interface for linting and fixing all your code, regardless of the programming languages you use.

a javascript static security analysis tool

SonarJS rules for ESLint

Spoon is a metaprogramming library to analyze and transform Java source code (up to Java 15). 🥄 is made with ❤️, 🍻 and ✨. It parses source files to build a well-designed AST with powerful analysis and transformation API.

PySonar2: an advanced semantic indexer for Python

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

PHP Implementation of the VS Code Language Server Protocol 🆚↔🖥

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

✊ Detect non-inclusive language in your source code.

💡 A hinting engine for the web

Linting tool for CloudFormation templates

🐞 Primitive Erlang Security Tool

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.