Alternatives and similar repositories for cli

Users that are interested in cli are comparing it to the libraries listed below

• ajinabraham / nodejsscan
  nodejsscan is a static security code scanner for Node.js applications.
  ☆2,467Updated 2 months ago
• anchore / grype
  A vulnerability scanner for container images and filesystems
  ☆9,821Updated this week
• RetireJS / retire.js
  scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
  ☆3,824Updated last month
• ossf / scorecard
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆4,884Updated this week
• gitleaks / gitleaks
  Find secrets with Gitleaks 🔑
  ☆19,776Updated this week
• goodwithtech / dockle
  Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
  ☆2,894Updated 4 months ago
• aquasecurity / tfsec
  Tfsec is now part of Trivy
  ☆6,816Updated last week
• thoughtworks / talisman
  Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and priva…
  ☆1,987Updated last week
• falcosecurity / falco
  Cloud Native Runtime Security
  ☆7,894Updated this week
• quay / clair
  Vulnerability Static Analysis for Containers
  ☆10,619Updated this week
• aquasecurity / trivy
  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  ☆26,235Updated last week
• anchore / syft
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆6,954Updated this week
• semgrep / semgrep
  Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
  ☆11,605Updated this week
• anchore / anchore-engine
  A service that analyzes docker images and scans for vulnerabilities
  ☆1,585Updated 2 years ago
• danger / danger-js
  ⚠️ Stop saying "you forgot to …" in code review
  ☆5,339Updated 3 weeks ago
• docker / docker-bench-security
  The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in productio…
  ☆9,371Updated 6 months ago
• Yelp / detect-secrets
  An enterprise friendly way of detecting and preventing secrets in code.
  ☆4,054Updated 2 months ago
• aquasecurity / kube-hunter
  Hunt for security weaknesses in Kubernetes clusters
  ☆4,855Updated last year
• Checkmarx / kics
  Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…
  ☆2,287Updated this week
• hadolint / hadolint
  Dockerfile linter, validate inline bash, written in Haskell
  ☆10,914Updated last month
• slsa-framework / slsa
  Supply-chain Levels for Software Artifacts
  ☆1,665Updated this week
• sigstore / cosign
  Code signing and transparency for containers and binaries
  ☆4,906Updated last week
• aquasecurity / kube-bench
  Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  ☆7,423Updated last week
• fossas / fossa-cli
  Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Langua…
  ☆1,377Updated this week
• google / osv.dev
  Open source vulnerability DB and triage service.
  ☆1,848Updated this week
• nodesecurity / nsp
  node security platform command-line tool
  ☆1,665Updated 7 years ago
• trufflesecurity / trufflehog
  Find, verify, and analyze leaked credentials
  ☆19,037Updated this week
• eslint-community / eslint-plugin-security
  ESLint rules for Node Security
  ☆2,275Updated this week
• clinicjs / node-clinic
  Clinic.js diagnoses your Node.js performance issues
  ☆5,794Updated 7 months ago
• DependencyTrack / dependency-track
  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
  ☆3,023Updated this week