bandit |
1.7.10 |
Python security linter from OpenStack Security |
|
bof-detector |
19.e08367d |
A simple detector of BOF vulnerabilities by source-code-level check. |
|
brakeman |
v6.2.1.1.r6.ge4f49f64d |
A static analysis security vulnerability scanner for Ruby on Rails applications. |
|
cflow |
1.7 |
A C program flow analyzer. |
|
checkov |
3.2.257.r0.g681707c13 |
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages. |
|
cppcheck |
2.15.0 |
A tool for static C/C++ code analysis |
|
cpptest |
2.0.0 |
A portable and powerful, yet simple, unit testing framework for handling automated tests in C++. |
|
dependency-check |
10.0.2 |
A tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. |
|
detect-secrets |
v1.5.0.r30.g6cdb79b |
An enterprise friendly way of detecting and preventing secrets in code. |
|
devaudit |
803.ca0a68e |
An open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams. |
|
dscanner |
0.15.2 |
Swiss-army knife for D source code |
|
flawfinder |
2.0.19 |
Searches through source code for potential security flaws |
|
githound |
v1.7.1.r15.g1d20536 |
Find secret information in git repositories. |
|
graudit |
629.132db32 |
Grep rough source code auditing tool. |
|
horusec |
v2.9.0.beta.2.r1.g873d4104 |
Static code analysis to identify security flaws for many languages. |
|
local-php-security-checker |
v2.1.3.r1.g1d1fdac |
A command line tool that checks your PHP application packages with known security vulnerabilities. |
|
mosca |
130.a7e725d |
Static analysis tool to find bugs like a grep unix command. |
|
njsscan |
0.3.1 |
A static application testing (SAST) tool that can find insecure code patterns in your node.js applications. |
|
phpstan |
11615.c77064a1c |
PHP Static Analysis Tool - discover bugs in your code without running it. |
|
pscan |
1.3 |
A limited problem scanner for C source files |
|
rats |
6.4ba54ce |
A rough auditing tool for security in source code files. |
|
semgrep |
1.75.0 |
Lightweight static analysis for many languages. |
|
shellcheck |
0.10.0 |
Shell script analysis tool |
|
slither |
4572.3befc968b |
Solidity static analysis framework written in Python 3. |
|
snyk |
1.1283.0 |
CLI and build-time tool to find and fix known vulnerabilities in open-source dependencies. |
|
sonar-scanner |
4.8.0.2856 |
Generic CLI tool to launch project analysis on SonarQube servers. |
|
splint |
3.1.2.git20180129 |
A tool for statically checking C programs for security vulnerabilities and coding mistakes |
|
spotbugs |
17509.b42b24a06 |
A tool for static analysis to look for bugs in Java code. |
|
stoq |
769.8bfc78b |
An open source framework for enterprise level automated analysis. |
|
tell-me-your-secrets |
v2.4.2.r3.g5434b9d |
Find secrets on any machine from over 120 Different Signatures. |
|
trufflehog |
v3.82.6.r23.g40fdf4407 |
Searches through git repositories for high entropy strings, digging deep into commit history. |
|
whispers |
2.4.0.r0.g24ee0f0 |
Identify hardcoded secrets in static structured text. |
|
wpbullet |
34.6185112 |
A static code analysis for WordPress (and PHP). |
|
wscript |
201.0410be2 |
Emulator/tracer of the Windows Script Host functionality. |
|
yasca |
2.1 |
Multi-Language Static Analysis Toolset. |
|