Find Sec BugsThe SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Stars: ✭ 1,748 (+8223.81%)
auraPython source code auditing and static analysis on a large scale
Stars: ✭ 101 (+380.95%)
PytA Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
Stars: ✭ 2,061 (+9714.29%)
PhanPhan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
Stars: ✭ 5,194 (+24633.33%)
clair-cicdMaking CoreOS' Clair easily work in CI/CD pipelines
Stars: ✭ 27 (+28.57%)
BrakemanA static analysis security vulnerability scanner for Ruby on Rails applications
Stars: ✭ 6,281 (+29809.52%)
Pyre CheckPerformant type-checking for python.
Stars: ✭ 5,716 (+27119.05%)
PsalmA static analysis tool for finding errors in PHP applications
Stars: ✭ 4,523 (+21438.1%)
gotchaGo Taint CHeck Analyser
Stars: ✭ 40 (+90.48%)
Pest🐞 Primitive Erlang Security Tool
Stars: ✭ 79 (+276.19%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+790.48%)
mabStyle-preserving Lua parser in Rust
Stars: ✭ 14 (-33.33%)
twlyWanna get DRY? Static analysis tool for detecting repeat code.
Stars: ✭ 42 (+100%)
interceptINTERCEPT / Policy as Code Static Analysis Auditing / SAST
Stars: ✭ 54 (+157.14%)
PhpCodeAnalyzerPhpCodeAnalyzer scans codebase and analyzes which non-built-in php extensions used
Stars: ✭ 91 (+333.33%)
CI-Report-ConverterThe tool converts different error reporting standards for deep compatibility with popular CI systems (TeamCity, IntelliJ IDEA, GitHub Actions, etc).
Stars: ✭ 17 (-19.05%)
harosH(igh) A(ssurance) ROS - Static analysis of ROS application code.
Stars: ✭ 168 (+700%)
phpstan-dbaPHPStan based SQL static analysis and type inference for the database access layer
Stars: ✭ 163 (+676.19%)
unimportunimport is a Go static analysis tool to find unnecessary import aliases.
Stars: ✭ 64 (+204.76%)
humbleA humble, and fast, security-oriented HTTP headers analyzer
Stars: ✭ 17 (-19.05%)
libdft64libdft for Intel Pin 3.x and 64 bit platform. (Dynamic taint tracking, taint analysis)
Stars: ✭ 174 (+728.57%)
rstaticAn R package for static analysis of R code.
Stars: ✭ 32 (+52.38%)
cfsecStatic analysis for CloudFormation templates to identify common misconfiguration
Stars: ✭ 53 (+152.38%)
security-reviewsA community collection of security reviews of open source software components.
Stars: ✭ 67 (+219.05%)
constybleCSS complexity linter
Stars: ✭ 92 (+338.1%)
RFMapRFMap - Radio Frequency Mapper
Stars: ✭ 23 (+9.52%)
woocommerce-stubsWooCommerce function and class declaration stubs for static analysis.
Stars: ✭ 49 (+133.33%)
saveUniversal test framework for cli tools [mainly for code analyzers and compilers]
Stars: ✭ 33 (+57.14%)
awesome-rails-securityA curated list of security resources for a Ruby on Rails application
Stars: ✭ 36 (+71.43%)
FAROSFAROS: Illuminating In-Memory Injection Attacks via Provenance-based Whole System Dynamic Information Flow Tracking
Stars: ✭ 16 (-23.81%)
vscode-tenkawa-phpVisual Studio Code extension integrating Tenkawa PHP language server.
Stars: ✭ 28 (+33.33%)
phpstan.elInterface to PHPStan (PHP static analyzer)
Stars: ✭ 22 (+4.76%)
Cpp2ILWork-in-progress tool to reverse unity's IL2CPP toolchain.
Stars: ✭ 689 (+3180.95%)
go-mndMagic number detector for Go.
Stars: ✭ 153 (+628.57%)
deps-inferInfer mvn deps from sources
Stars: ✭ 36 (+71.43%)
firehoseInterchange format for results for static analysis tools
Stars: ✭ 62 (+195.24%)
OCCAMOCCAM: Object Culling and Concretization for Assurance Maximization
Stars: ✭ 20 (-4.76%)
magento-corediffQuickly find modifications in Magento 1 or Magento 2 core code
Stars: ✭ 23 (+9.52%)
PaperMacheteA project that uses Binary Ninja and GRAKN.AI to perform static analysis on binary files with the goal of identifying bugs in software.
Stars: ✭ 49 (+133.33%)
sonar-scalaA free and open-source SonarQube plugin for static code analysis of Scala projects.
Stars: ✭ 113 (+438.1%)
r2frida-bookThe radare2 + frida book for Mobile Application assessment
Stars: ✭ 38 (+80.95%)
jitanaA graph-based static-dynamic hybrid DEX code analysis tool
Stars: ✭ 35 (+66.67%)
mllint`mllint` is a command-line utility to evaluate the technical quality of Python Machine Learning (ML) projects by means of static analysis of the project's repository.
Stars: ✭ 67 (+219.05%)
tiroTIRO - A hybrid iterative deobfuscation framework for Android applications
Stars: ✭ 20 (-4.76%)
codecatCodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Beta version.
Stars: ✭ 265 (+1161.9%)
ebaEBA is a static bug finder for C.
Stars: ✭ 14 (-33.33%)
vscode-checkstyleHaxe Checkstyle extension for Visual Studio Code
Stars: ✭ 24 (+14.29%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (+100%)
phpstan-netteNette Framework class reflection extension for PHPStan & framework-specific rules
Stars: ✭ 87 (+314.29%)
klaraAutomatic test case generation for python and static analysis library
Stars: ✭ 250 (+1090.48%)
phpstanPHP Static Analysis in Github Actions.
Stars: ✭ 41 (+95.24%)
goreporterA Golang tool that does static analysis, unit testing, code review and generate code quality report.
Stars: ✭ 3,019 (+14276.19%)