Alternatives and similar repositories for sast-scan

Users that are interested in sast-scan are comparing it to the libraries listed below

• ShiftLeftSecurity / sast-scan

  View on GitHub
  Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…
  ☆865Sep 1, 2023Updated 2 years ago
• tommiu / ccdetection

  View on GitHub
  ☆19Feb 1, 2016Updated 10 years ago
• bedirhan / wivet

  View on GitHub
  Web Input Vector Extractor Teaser
  ☆133Jan 6, 2022Updated 4 years ago
• lcatro / KiMi-VulnBot_Framework

  View on GitHub
  KiMi 漏洞感知机器人扫描框架 @KiMi-VulnBot @KiMiThreatPerception
  ☆23Jul 25, 2017Updated 8 years ago
• Kagami / docker_cve-2015-2925

  View on GitHub
  Docker + CVE-2015-2925 = escaping from --volume
  ☆11Jun 30, 2015Updated 10 years ago
• ajinabraham / njsscan

  View on GitHub
  njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
  ☆423Nov 14, 2024Updated last year
• elttam / semgrep-rules

  View on GitHub
  ☆226Dec 18, 2025Updated last month
• zsdlove / Hades

  View on GitHub
  Static code auditing system
  ☆468Jan 8, 2021Updated 5 years ago
• snyk / nodejs-runtime-agent

  View on GitHub
  Snyk Node Runtime Agent
  ☆16Apr 12, 2022Updated 3 years ago
• shelmangroup / distroless-k8s

  View on GitHub
  Kubernetes tools in a "distroless" container
  ☆13Oct 30, 2023Updated 2 years ago
• brandon-t-elliott / cve2epss

  View on GitHub
  A simple web app to get the latest EPSS data for a CVE ID
  ☆12Dec 14, 2025Updated 2 months ago
• MoYunSec / osfp-smb

  View on GitHub
  os fingerprint probe through smb
  ☆10Jun 24, 2021Updated 4 years ago
• Cukuyo / HijackAPP

  View on GitHub
  安卓activity劫持演示demo，包含指定activity位于前台时的劫持和指定进程位于前台时的劫持
  ☆15Dec 20, 2018Updated 7 years ago
• OWASP / cwe-sdk-javascript

  View on GitHub
  A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC
  ☆32Feb 4, 2026Updated last week
• stevespringett / threatmodel-sdk

  View on GitHub
  A Java library for parsing and programmatically using threat models
  ☆82Feb 15, 2023Updated 3 years ago
• cxai / Checkmarx-PowerTools

  View on GitHub
  A collection of various scripts and automations to simplify Checkmarx SAST and IAST setup and use
  ☆14Aug 30, 2018Updated 7 years ago
• codingo / guides

  View on GitHub
  A companion repo to accompany detailed guides and YouTube content to allow users to follow along
  ☆13Aug 29, 2020Updated 5 years ago
• microsoft / sarif-vscode-extension

  View on GitHub
  SARIF Microsoft Visual Studio Code extension
  ☆132Feb 7, 2026Updated last week
• ModusCreateOrg / devops-infra-demo

  View on GitHub
  Growing repository of Infrastructure as Code demos (initially created for DevOps Wall Street)
  ☆34Oct 31, 2023Updated 2 years ago
• LPhD / Jess

  View on GitHub
  Jess is short for Joern extended by Semantic Slicing. This tool allows you to import C code into a Code Property Graph, and then compute …
  ☆17May 22, 2024Updated last year
• NSC42 / CloudSec-Tools

  View on GitHub
  Cloud Security Tools
  ☆16Aug 17, 2020Updated 5 years ago
• chains-project / dirty-waters

  View on GitHub
  automatically detect software supply chain smells and issues http://arxiv.org/pdf/2410.16049
  ☆18Feb 8, 2026Updated last week
• richardzhangcmplx / Dubbo-deserialization

  View on GitHub
  [CVE-2020-1948] Apache Dubbo Provider default deserialization cause RCE
  ☆18Mar 17, 2025Updated 10 months ago
• ztosec / hunter

  View on GitHub
  Hunter作为中通DevSecOps闭环方案中的一环，扮演着很重要的角色，开源之后希望能帮助到更多企业。
  ☆346Dec 14, 2022Updated 3 years ago
• h0mbre / phpscan

  View on GitHub
  ☆15Oct 1, 2020Updated 5 years ago
• yaegashi / terraform-provider-msgraph

  View on GitHub
  Terraform Provider for Microsoft Graph
  ☆14Jul 29, 2020Updated 5 years ago
• OWASP-Foundation / Project-Handbook

  View on GitHub
  This is a working copy of the OWASP Project Handbook and is the draft where changes are made before publishing a final version on the OWA…
  ☆18Feb 22, 2017Updated 8 years ago
• retanoj / BurpMultiProxy

  View on GitHub
  ☆13Feb 17, 2016Updated 9 years ago
• trackit / aws-clean-untagged-resources

  View on GitHub
  AWS Clean Untagged Resources will notify you on Slack and terminate/stop untagged EC2/RDS resources!
  ☆15Jan 16, 2023Updated 3 years ago
• ttarvis / glasgo

  View on GitHub
  A Security Scanner for Go
  ☆26Feb 11, 2019Updated 7 years ago
• github / codeql-go

  View on GitHub
  The CodeQL extractor and libraries for Go.
  ☆465Jan 5, 2023Updated 3 years ago
• boxboat / dockhand-secrets-operator

  View on GitHub
  Simplify Kubernetes Secrets Management with Dockhand Secrets Operator
  ☆18Nov 24, 2025Updated 2 months ago
• ShiftLeftSecurity / js2cpg

  View on GitHub
  ☆18Nov 26, 2025Updated 2 months ago
• postmodern / npm_scan

  View on GitHub
  Scans npmjs.org for npm packages that can be taken over
  ☆19Jun 6, 2022Updated 3 years ago
• malteskoruppa / phpjoern

  View on GitHub
  Parser utility to generate ASTs from PHP source code suitable to be processed by Joern.
  ☆37Apr 21, 2020Updated 5 years ago
• benwtr / tf_pipeline

  View on GitHub
  Jenkins Pipeline jobs for Terraform with remote state locking, pull request integration and chat notifications
  ☆36Aug 22, 2016Updated 9 years ago
• mgreiler / code-reviews

  View on GitHub
  code reviews to practice
  ☆18Jul 22, 2021Updated 4 years ago
• cloudposse-archives / dev-harness

  View on GitHub
  Cloud Posse Local Development Harness
  ☆19Apr 29, 2022Updated 3 years ago
• nitinrameshuf / PyCes-Linux

  View on GitHub
  PyCes (Python Code Scanner) - Enhanced Security Static Analysis Tool for Python
  ☆11Apr 18, 2019Updated 6 years ago