#Awesome#⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
翻译 - 多种语言的轻量级静态分析。使用看起来像源代码的模式查找错误变体。
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
翻译 - 在配置云原生基础架构之前,将整个基础架构中的合规性和安全违规行为作为代码进行检测,以降低风险。
nodejsscan is a static security code scanner for Node.js applications.
翻译 - nodejsscan是用于Node.js应用程序的静态安全代码扫描程序。
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
翻译 - Horusec是一种开源工具,仅需一个命令即可改善对项目中漏洞的识别。
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers,...
基于pytorch的ocr算法库,包括 psenet, pan, dbnet, sast , crnn
#安卓#mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis r...
#安卓#Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to im...
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompile, custom rule, and is compatible with th...
A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
SecHub provides a central API to test software with different security tools.