Alternatives and similar repositories for cli

Users that are interested in cli are comparing it to the libraries listed below

• RetireJS / retire.js
  scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
  ☆4,052Updated last week
• ajinabraham / nodejsscan
  nodejsscan is a static security code scanner for Node.js applications.
  ☆2,544Updated 3 months ago
• semgrep / semgrep
  Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
  ☆13,943Updated this week
• ossf / scorecard
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆5,242Updated this week
• quay / clair
  Vulnerability Static Analysis for Containers
  ☆10,906Updated this week
• Yelp / detect-secrets
  An enterprise friendly way of detecting and preventing secrets in code.
  ☆4,387Updated 10 months ago
• anchore / grype
  A vulnerability scanner for container images and filesystems
  ☆11,391Updated last week
• anchore / syft
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆8,253Updated last week
• DependencyTrack / dependency-track
  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
  ☆3,537Updated this week
• github / codeql
  CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
  ☆9,169Updated this week
• aquasecurity / trivy
  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  ☆31,101Updated this week
• tenable / terrascan
  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  ☆5,200Updated 2 months ago
• danger / danger-js
  ⚠️ Stop saying "you forgot to …" in code review
  ☆5,435Updated last month
• eth0izzle / shhgit
  Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
  ☆3,937Updated 10 months ago
• dependency-check / DependencyCheck
  OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependen…
  ☆7,405Updated this week
• Checkmarx / kics
  Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…
  ☆2,559Updated this week
• anchore / anchore-engine
  A service that analyzes docker images and scans for vulnerabilities
  ☆1,592Updated 3 years ago
• aquasecurity / tfsec
  Tfsec is now part of Trivy
  ☆6,939Updated 2 months ago
• SonarSource / sonarqube
  Continuous Inspection
  ☆10,175Updated this week
• gitleaks / gitleaks
  Find secrets with Gitleaks 🔑
  ☆24,657Updated 2 weeks ago
• inspec / inspec
  InSpec: Auditing and Testing Framework
  ☆3,034Updated this week
• google / osv-scanner
  Vulnerability scanner written in Go which uses the data provided by https://osv.dev
  ☆8,366Updated this week
• graphql / graphiql
  GraphiQL & the GraphQL LSP Reference Ecosystem for building browser & IDE tools.
  ☆16,773Updated this week
• slsa-framework / slsa
  Supply-chain Levels for Software Artifacts
  ☆1,795Updated 3 weeks ago
• aquasecurity / kube-hunter
  Hunt for security weaknesses in Kubernetes clusters
  ☆4,989Updated last year
• eslint-community / eslint-plugin-security
  ESLint rules for Node Security
  ☆2,318Updated last week
• google / osv.dev
  Open source vulnerability DB and triage service.
  ☆2,462Updated this week
• qltysh / qlty
  💎 Code quality CLI for universal linting, auto-formatting, security scanning, and maintainability
  ☆2,927Updated last week
• falcosecurity / falco
  Cloud Native Runtime Security
  ☆8,589Updated this week
• hadolint / hadolint
  Dockerfile linter, validate inline bash, written in Haskell
  ☆11,873Updated last month