Alternatives and similar repositories for DevSkim

Users that are interested in DevSkim are comparing it to the libraries listed below

• microsoft / binskim
  A binary static analysis tool that provides security and correctness results for Windows Portable Executable and *nix ELF binary formats
  ☆808Updated this week
• pumasecurity / puma-scan
  Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams wr…
  ☆450Updated 2 years ago
• microsoft / ApplicationInspector
  A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' qu…
  ☆4,329Updated this week
• security-code-scan / security-code-scan
  Vulnerability Patterns Detector for C# and VB.NET
  ☆954Updated 10 months ago
• sonatype-nexus-community / DevAudit
  Open-source, cross-platform, multi-purpose security auditing tool
  ☆361Updated 2 years ago
• OWASP / samm
  SAMM stands for Software Assurance Maturity Model.
  ☆397Updated 3 years ago
• microsoft / OSSGadget
  Collection of tools for analyzing open source packages.
  ☆339Updated last week
• microsoft / rest-api-fuzz-testing
  REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and defau…
  ☆263Updated 3 years ago
• Autodesk / continuous-threat-modeling
  A Continuous Threat Modeling methodology
  ☆319Updated 2 years ago
• threatspec / threatspec
  threatspec - continuous threat modeling, through code
  ☆357Updated 4 years ago
• microsoft / sarif-sdk
  .NET code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oasis-tcs…
  ☆202Updated 3 weeks ago
• microsoft / sbom-tool
  The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
  ☆1,803Updated this week
• ossf / wg-security-tooling
  OpenSSF Security Tooling Working Group
  ☆310Updated last year
• auth0 / repo-supervisor
  Scan your code for security misconfiguration, search for passwords and secrets.
  ☆647Updated last year
• microsoft / component-detection
  Scans your project to determine what components you use
  ☆484Updated this week
• mike-goodwin / owasp-threat-dragon
  An open source, online threat modelling tool from OWASP
  ☆484Updated 11 months ago
• CycloneDX / cyclonedx-dotnet
  Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
  ☆217Updated last month
• slackhq / goSDL
  goSDL
  ☆523Updated 2 years ago
• jerryhoff / WebGoat.NET
  OWASP WebGoat.NET
  ☆233Updated last year
• mike-goodwin / owasp-threat-dragon-desktop
  An installable desktop variant of OWASP Threat Dragon
  ☆594Updated 6 months ago
• ShiftLeftSecurity / sast-scan
  Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…
  ☆841Updated last year
• anchore / anchore-engine
  A service that analyzes docker images and scans for vulnerabilities
  ☆1,587Updated 2 years ago
• OWASP / glue
  Application Security Automation
  ☆529Updated last year
• ossf / package-analysis
  Open Source Package Analysis
  ☆834Updated last month
• ossf / allstar
  GitHub App to set and enforce security policies
  ☆1,326Updated last week
• CycloneDX / specification
  OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…
  ☆398Updated 2 weeks ago
• google / clusterfuzzlite
  ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
  ☆488Updated 6 months ago
• CycloneDX / cyclonedx-cli
  CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
  ☆365Updated 6 months ago
• OWASP / Maturity-Models
  Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM
  ☆194Updated 6 years ago
• Threagile / threagile
  Agile Threat Modeling Toolkit
  ☆667Updated last month