AppThreat / sast-scan
Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
☆147Updated 4 years ago
Related projects ⓘ
Alternatives and complementary repositories for sast-scan
- threatspec - continuous threat modeling, through code☆332Updated 3 years ago
- A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestrat…☆274Updated this week
- OWASP Cloud Security - Enabling conversations through threat and control stories☆177Updated 5 years ago
- Container Security Verification Standard☆57Updated 5 years ago
- Scan your code for security misconfiguration, search for passwords and secrets.☆638Updated last year
- Open Cloud Security Posture Management Engine☆334Updated 2 years ago
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆808Updated last year
- Project intended to make Attack Maps part of software development by reducing the time it takes to complete them.☆46Updated 7 years ago
- Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project…☆107Updated 8 months ago
- Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM☆188Updated 6 years ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆169Updated 9 months ago
- DevSecOps Toolchain☆109Updated 6 years ago
- OWASP ServerlessGoat: a serverless application demonstrating common serverless security flaws☆320Updated 3 months ago
- Lightspin AWS IAM Vulnerability Scanner☆96Updated 3 years ago
- This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.☆137Updated 2 years ago
- A Continuous Threat Modeling methodology☆313Updated 2 years ago
- Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.☆591Updated 5 years ago
- ☆61Updated last year
- Software Component Verification Standard (SCVS)☆135Updated 7 months ago
- All-in-one tool for managing vulnerability reports from AppSec pipelines☆105Updated last year
- ☆121Updated last year
- The clever vulnerability dependency finder☆96Updated 2 years ago
- Awesome resources about Security in Kubernetes☆40Updated last year
- Python API library for DefectDojo☆40Updated last year
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆515Updated this week
- A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.☆98Updated 5 months ago
- Security scanning & static analysis tool☆93Updated last month
- Scan your EC2 instance to find its vulnerabilities using Vuls (https://vuls.io/en/)☆87Updated 2 years ago
- Documenting your Threat Models with HCL☆401Updated 2 months ago
- ☆400Updated last year