| bof-detector |
19.e08367d |
A simple detector of BOF vulnerabilities by source-code-level check. |
|
| brakeman |
v7.0.2.r0.g835dc2825 |
A static analysis security vulnerability scanner for Ruby on Rails applications. |
|
| cflow |
1.7 |
A C program flow analyzer. |
|
| checkov |
3.2.397.r1.g08fd7e7c8 |
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages. |
|
| cpptest |
2.0.0 |
A portable and powerful, yet simple, unit testing framework for handling automated tests in C++. |
|
| dependency-check |
10.0.2 |
A tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. |
|
| detect-secrets |
v1.5.0.r49.g50119d6 |
An enterprise friendly way of detecting and preventing secrets in code. |
|
| devaudit |
803.ca0a68e |
An open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams. |
|
| githound |
v1.7.1.r15.g1d20536 |
Find secret information in git repositories. |
|
| graudit |
643.f7962eb |
Grep rough source code auditing tool. |
|
| horusec |
v2.9.0.beta.2.r1.g873d4104 |
Static code analysis to identify security flaws for many languages. |
|
| local-php-security-checker |
v2.1.3.r1.g1d1fdac |
A command line tool that checks your PHP application packages with known security vulnerabilities. |
|
| mosca |
130.a7e725d |
Static analysis tool to find bugs like a grep unix command. |
|
| njsscan |
0.3.1 |
A static application testing (SAST) tool that can find insecure code patterns in your node.js applications. |
|
| phpstan |
12314.adc504d1f |
PHP Static Analysis Tool - discover bugs in your code without running it. |
|
| pscan |
1.3 |
A limited problem scanner for C source files |
|
| rats |
6.4ba54ce |
A rough auditing tool for security in source code files. |
|
| semgrep |
1.110.0 |
Lightweight static analysis for many languages. |
|
| slither |
4773.7f54c8b94 |
Solidity static analysis framework written in Python 3. |
|
| snyk |
1.1283.0 |
CLI and build-time tool to find and fix known vulnerabilities in open-source dependencies. |
|
| sonar-scanner |
6.2.1.4610 |
Generic CLI tool to launch project analysis on SonarQube servers. |
|
| spotbugs |
17697.d20b3b39f |
A tool for static analysis to look for bugs in Java code. |
|
| stoq |
769.8bfc78b |
An open source framework for enterprise level automated analysis. |
|
| tell-me-your-secrets |
v2.4.2.r3.g5434b9d |
Find secrets on any machine from over 120 Different Signatures. |
|
| trufflehog |
v3.88.23.r2.g824eca7f8 |
Searches through git repositories for high entropy strings, digging deep into commit history. |
|
| whispers |
2.4.0.r0.g24ee0f0 |
Identify hardcoded secrets in static structured text. |
|
| wpbullet |
34.6185112 |
A static code analysis for WordPress (and PHP). |
|
| wscript |
201.0410be2 |
Emulator/tracer of the Windows Script Host functionality. |
|
| yasca |
2.1 |
Multi-Language Static Analysis Toolset. |
|
| zarn |
0.0.9.r76.ge8c757a |
A lightweight static security analysis tool for modern Perl Apps. |
|