sast

#Awesome#  ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

  Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

翻译 - 多种语言的轻量级静态分析。使用看起来像源代码的模式查找错误变体。

  nodejsscan is a static security code scanner for Node.js applications.

翻译 - nodejsscan是用于Node.js应用程序的静态安全代码扫描程序。

  Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

  Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

翻译 - Horusec是一种开源工具，仅需一个命令即可改善对项目中漏洞的识别。

  IDEA静态代码安全审计及漏洞一键修复插件

  APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,...