Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
☆149Sep 4, 2020Updated 5 years ago
Alternatives and similar repositories for sast-scan
Users that are interested in sast-scan are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆882Sep 1, 2023Updated 2 years ago
- Static code auditing system☆468Jan 8, 2021Updated 5 years ago
- ☆15Jul 11, 2018Updated 7 years ago
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,260May 27, 2026Updated last month
- GitHub Action adding a comment with information about new npm dependencies detected in a pull request☆17Jun 22, 2026Updated last week
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- ☆246Jun 23, 2026Updated last week
- A simple web app to get the latest EPSS data for a CVE ID☆13Dec 14, 2025Updated 6 months ago
- Generic server for collaborative code analysis☆13Dec 19, 2016Updated 9 years ago
- njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.☆434Nov 14, 2024Updated last year
- A framework for understanding the capabilities of automated detection methods at identifying classes of application security vulnerabilit…☆33Jun 16, 2026Updated 2 weeks ago
- Provides an easy way to collect and send Slack access & integration logs.☆13Oct 19, 2021Updated 4 years ago
- Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilit…☆553Apr 10, 2022Updated 4 years ago
- ☆107Apr 2, 2026Updated 2 months ago
- A Java library for parsing and programmatically using threat models☆83Feb 15, 2023Updated 3 years ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- MyOpenVDP is a free web application to install a vulnerability disclosure policy or a vulnerability disclosure program on your assets. (V…☆36Aug 8, 2024Updated last year
- Linux/Unix config Checking tools☆13Jun 6, 2014Updated 12 years ago
- SARIF Microsoft Visual Studio Code extension☆136Feb 14, 2026Updated 4 months ago
- Threat hunting repo for my independent study on threat hunting with OSQuery☆27Jan 16, 2018Updated 8 years ago
- ☆19Feb 1, 2016Updated 10 years ago
- Codyze is a static analyzer for Java, C, C++ based on code property graphs☆91Jan 22, 2025Updated last year
- Terraform module which provides easy to configure AWS environment for running automated security scanning solutions at scheduled interval…☆47Jan 29, 2019Updated 7 years ago
- Kubernetes tools in a "distroless" container☆13Oct 30, 2023Updated 2 years ago
- 🚰 Static taint analysis for Go programs.☆85May 21, 2026Updated last month
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Collection of enterprise application patterns☆18Jun 14, 2026Updated 2 weeks ago
- Snyk Node Runtime Agent☆16Apr 12, 2022Updated 4 years ago
- ICSE 2018 paper implement☆18Jan 8, 2019Updated 7 years ago
- Docker + CVE-2015-2925 = escaping from --volume☆11Jun 30, 2015Updated 11 years ago
- A Security Scanner for Go☆26Feb 11, 2019Updated 7 years ago
- ☆13Feb 17, 2016Updated 10 years ago
- 基于JVM-Sandbox实现RASP安全监控防护☆51Aug 8, 2023Updated 2 years ago
- Build a phishing server (Gophish) together with SMTP-redirector (Postfix) automatically in Digital Ocean with terraform and ansible..☆20Jul 7, 2021Updated 4 years ago
- ☆32May 22, 2023Updated 3 years ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- A companion repo to accompany detailed guides and YouTube content to allow users to follow along☆13Aug 29, 2020Updated 5 years ago
- Ready to use images of Zap and Glue, especially for CI integration.☆35Mar 12, 2019Updated 7 years ago
- Pin designs for security related items☆37Feb 16, 2026Updated 4 months ago
- Plume is a code representation benchmarking library with options to extract the AST from Java bytecode and store the result in various gr…☆79Oct 14, 2024Updated last year
- ☆10May 12, 2017Updated 9 years ago
- An AWS Lambda Port Scanner and SSL expiry checker☆12Dec 4, 2016Updated 9 years ago
- A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC☆32Apr 30, 2026Updated 2 months ago