Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
☆150Sep 4, 2020Updated 5 years ago
Alternatives and similar repositories for sast-scan
Users that are interested in sast-scan are comparing it to the libraries listed below
Sorting:
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆869Sep 1, 2023Updated 2 years ago
- GitHub Action adding a comment with information about new npm dependencies detected in a pull request☆17Mar 30, 2024Updated last year
- A framework for understanding the capabilities of automated detection methods at identifying classes of application security vulnerabilit…☆33Updated this week
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,211Updated this week
- ☆19Feb 1, 2016Updated 10 years ago
- KiMi 漏洞感知机器人扫描框架 @KiMi-VulnBot @KiMiThreatPerception☆23Jul 25, 2017Updated 8 years ago
- njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.☆423Nov 14, 2024Updated last year
- A simple web app to get the latest EPSS data for a CVE ID☆12Dec 14, 2025Updated 2 months ago
- 安卓activity劫持演示demo,包含指定activity位于前台时的劫持和指定进程位于前台时的劫持☆15Dec 20, 2018Updated 7 years ago
- Snyk Node Runtime Agent☆16Apr 12, 2022Updated 3 years ago
- A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC☆32Feb 4, 2026Updated last month
- A Java library for parsing and programmatically using threat models☆82Feb 15, 2023Updated 3 years ago
- SARIF Microsoft Visual Studio Code extension☆131Feb 14, 2026Updated 3 weeks ago
- A companion repo to accompany detailed guides and YouTube content to allow users to follow along☆13Aug 29, 2020Updated 5 years ago
- Linux/Unix config Checking tools☆13Jun 6, 2014Updated 11 years ago
- Cloud Security Tools☆16Aug 17, 2020Updated 5 years ago
- automatically detect software supply chain smells and issues http://arxiv.org/pdf/2410.16049☆18Updated this week
- [CVE-2020-1948] Apache Dubbo Provider default deserialization cause RCE☆18Mar 17, 2025Updated 11 months ago
- Hunter作为中通DevSecOps闭环方案中的一环,扮演着很重要的角色,开源之后希望能帮助到更多企业。☆346Dec 14, 2022Updated 3 years ago
- Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilit…☆550Apr 10, 2022Updated 3 years ago
- The action integrates Electronegativity, a tool to identify misconfigurations and security anti-patterns in Electron applications, into G…☆15Apr 15, 2023Updated 2 years ago
- Terraform Provider for Microsoft Graph☆14Jul 29, 2020Updated 5 years ago
- OSCAL SSP content for technologies shipped by Red Hat☆16Mar 2, 2023Updated 3 years ago
- A Security Scanner for Go☆26Feb 11, 2019Updated 7 years ago
- ☆13Feb 17, 2016Updated 10 years ago
- AWS Clean Untagged Resources will notify you on Slack and terminate/stop untagged EC2/RDS resources!☆15Jan 16, 2023Updated 3 years ago
- ☆15Oct 1, 2020Updated 5 years ago
- The CodeQL extractor and libraries for Go.☆465Jan 5, 2023Updated 3 years ago
- Scans npmjs.org for npm packages that can be taken over☆19Jun 6, 2022Updated 3 years ago
- ☆18Nov 26, 2025Updated 3 months ago
- Simplify Kubernetes Secrets Management with Dockhand Secrets Operator☆19Nov 24, 2025Updated 3 months ago
- Jenkins Pipeline jobs for Terraform with remote state locking, pull request integration and chat notifications☆36Aug 22, 2016Updated 9 years ago
- Parser utility to generate ASTs from PHP source code suitable to be processed by Joern.☆37Apr 21, 2020Updated 5 years ago
- code reviews to practice☆18Jul 22, 2021Updated 4 years ago
- Cloud Posse Local Development Harness☆19Apr 29, 2022Updated 3 years ago
- 【Python】AWS ECS fargate stacks by CDK with fastAPI☆16Apr 25, 2024Updated last year
- Python tool for large scale git analysis. Inspired by gitrob.☆21Jun 12, 2020Updated 5 years ago
- This GitHub repository contains lessons for developing Microsoft Security CoPilot plugins☆20May 15, 2024Updated last year
- Paradigm is an open source tool that looks at your network landscape and determines what is actually accessible via the internet.☆19Jan 8, 2023Updated 3 years ago