Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
nodejsscan is a static security code scanner for Node.js applications.
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
基于pytorch的ocr算法库,包括 psenet, pan, dbnet, sast , crnn
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Ful…
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan Community Edition (CE)
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
The simple way to detect heap memory pitfalls in C++ and C. Beta.
Django application that performs SAST and Malware Analysis for Android APKs
Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
SecHub - one central and easy way to use different security tools with one API/Client
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns
Add a description, image, and links to the sast topic page so that developers can more easily learn about it.
To associate your repository with the sast topic, visit your repo's landing page and select "manage topics."