Packages that audit existing source code for vulnerability analysis.


Tool count: 35

BlackArch code-audit
Name Version Description Homepage
bandit 1.7.10 Python security linter from OpenStack Security
bof-detector 19.e08367d A simple detector of BOF vulnerabilities by source-code-level check.
brakeman v6.2.1.1.r6.ge4f49f64d A static analysis security vulnerability scanner for Ruby on Rails applications.
cflow 1.7 A C program flow analyzer.
checkov 3.2.257.r0.g681707c13 Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages.
cppcheck 2.15.0 A tool for static C/C++ code analysis
cpptest 2.0.0 A portable and powerful, yet simple, unit testing framework for handling automated tests in C++.
dependency-check 10.0.2 A tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies.
detect-secrets v1.5.0.r30.g6cdb79b An enterprise friendly way of detecting and preventing secrets in code.
devaudit 803.ca0a68e An open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams.
dscanner 0.15.2 Swiss-army knife for D source code
flawfinder 2.0.19 Searches through source code for potential security flaws
githound v1.7.1.r15.g1d20536 Find secret information in git repositories.
graudit 629.132db32 Grep rough source code auditing tool.
horusec v2.9.0.beta.2.r1.g873d4104 Static code analysis to identify security flaws for many languages.
local-php-security-checker v2.1.3.r1.g1d1fdac A command line tool that checks your PHP application packages with known security vulnerabilities.
mosca 130.a7e725d Static analysis tool to find bugs like a grep unix command.
njsscan 0.3.1 A static application testing (SAST) tool that can find insecure code patterns in your node.js applications.
phpstan 11615.c77064a1c PHP Static Analysis Tool - discover bugs in your code without running it.
pscan 1.3 A limited problem scanner for C source files
rats 6.4ba54ce A rough auditing tool for security in source code files.
semgrep 1.75.0 Lightweight static analysis for many languages.
shellcheck 0.10.0 Shell script analysis tool
slither 4572.3befc968b Solidity static analysis framework written in Python 3.
snyk 1.1283.0 CLI and build-time tool to find and fix known vulnerabilities in open-source dependencies.
sonar-scanner 4.8.0.2856 Generic CLI tool to launch project analysis on SonarQube servers.
splint 3.1.2.git20180129 A tool for statically checking C programs for security vulnerabilities and coding mistakes
spotbugs 17509.b42b24a06 A tool for static analysis to look for bugs in Java code.
stoq 769.8bfc78b An open source framework for enterprise level automated analysis.
tell-me-your-secrets v2.4.2.r3.g5434b9d Find secrets on any machine from over 120 Different Signatures.
trufflehog v3.82.6.r23.g40fdf4407 Searches through git repositories for high entropy strings, digging deep into commit history.
whispers 2.4.0.r0.g24ee0f0 Identify hardcoded secrets in static structured text.
wpbullet 34.6185112 A static code analysis for WordPress (and PHP).
wscript 201.0410be2 Emulator/tracer of the Windows Script Host functionality.
yasca 2.1 Multi-Language Static Analysis Toolset.