| bof-detector |
19.e08367d |
A simple detector of BOF vulnerabilities by source-code-level check. |
|
| brakeman |
v6.2.2.r7.g88994b8fe |
A static analysis security vulnerability scanner for Ruby on Rails applications. |
|
| cflow |
1.7 |
A C program flow analyzer. |
|
| checkov |
3.2.324.r1.g8a0250e5d |
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages. |
|
| cpptest |
2.0.0 |
A portable and powerful, yet simple, unit testing framework for handling automated tests in C++. |
|
| dependency-check |
10.0.2 |
A tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. |
|
| detect-secrets |
v1.5.0.r43.ga57ec40 |
An enterprise friendly way of detecting and preventing secrets in code. |
|
| devaudit |
803.ca0a68e |
An open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams. |
|
| githound |
v1.7.1.r15.g1d20536 |
Find secret information in git repositories. |
|
| graudit |
629.132db32 |
Grep rough source code auditing tool. |
|
| horusec |
v2.9.0.beta.2.r1.g873d4104 |
Static code analysis to identify security flaws for many languages. |
|
| local-php-security-checker |
v2.1.3.r1.g1d1fdac |
A command line tool that checks your PHP application packages with known security vulnerabilities. |
|
| mosca |
130.a7e725d |
Static analysis tool to find bugs like a grep unix command. |
|
| njsscan |
0.3.1 |
A static application testing (SAST) tool that can find insecure code patterns in your node.js applications. |
|
| phpstan |
11865.9bfe4a4ff |
PHP Static Analysis Tool - discover bugs in your code without running it. |
|
| pscan |
1.3 |
A limited problem scanner for C source files |
|
| rats |
6.4ba54ce |
A rough auditing tool for security in source code files. |
|
| semgrep |
1.97.0 |
Lightweight static analysis for many languages. |
|
| slither |
4572.3befc968b |
Solidity static analysis framework written in Python 3. |
|
| snyk |
1.1283.0 |
CLI and build-time tool to find and fix known vulnerabilities in open-source dependencies. |
|
| sonar-scanner |
6.2.1.4610 |
Generic CLI tool to launch project analysis on SonarQube servers. |
|
| spotbugs |
17554.06b18f7a0 |
A tool for static analysis to look for bugs in Java code. |
|
| stoq |
769.8bfc78b |
An open source framework for enterprise level automated analysis. |
|
| tell-me-your-secrets |
v2.4.2.r3.g5434b9d |
Find secrets on any machine from over 120 Different Signatures. |
|
| trufflehog |
v3.84.1.r12.g31b4dc2fb |
Searches through git repositories for high entropy strings, digging deep into commit history. |
|
| whispers |
2.4.0.r0.g24ee0f0 |
Identify hardcoded secrets in static structured text. |
|
| wpbullet |
34.6185112 |
A static code analysis for WordPress (and PHP). |
|
| wscript |
201.0410be2 |
Emulator/tracer of the Windows Script Host functionality. |
|
| yasca |
2.1 |
Multi-Language Static Analysis Toolset. |
|
| zarn |
0.0.9.r26.g5ec7323 |
A lightweight static security analysis tool for modern Perl Apps. |
|