sast

Star

Here are 374 public repositories matching this topic...

Language:All

Filter by language

All374 Python108 Java34 Go29 Shell28 JavaScript24 TypeScript18 HTML13 C#8 Dockerfile8 Rust8

Sort:Most stars

Sort options

Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated

analysis-tools-dev /static-analysis

Sponsor

Star14.3k

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

analysis static-code-analysis linter static-analysis awesome-list code-quality static-analyzers hacktoberfest sast

UpdatedDec 16, 2025
Rust

semgrep /semgrep

Star13.6k

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

javascript ruby python c java go typescript static-code-analysis static-analysis sast r2c semgrep

UpdatedDec 17, 2025
OCaml

tenable /terrascan

Star5.2k

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

kubernetes infrastructure aws security devops terraform architecture iac infrastructure-as-code scans aws-security security-tools cloudsecurity devsecops cloud-security sast azure-security gcp-security terrascan security-violations

UpdatedNov 20, 2025
Go

ajinabraham /nodejsscan

Sponsor

Star2.5k

nodejsscan is a static security code scanner for Node.js applications.

nodejs javascript lint security node static-analysis code-analysis code-review security-scanner devsecops sast node-security nodejsscan

UpdatedOct 10, 2025
CSS

Bearer /bearer

Star2.5k

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

security security-audit privacy static-code-analysis static-analysis owasp dataflow vulnerability code-quality compliance vulnerabilities appsec security-scanner gdpr security-automation security-tools devsecops sast devsecops-tools

UpdatedDec 16, 2025
Go

ASTTeam /CodeQL

Star1.7k

《深入理解CodeQL》Finding vulnerabilities with CodeQL.

ql devsecops sast semmle-ql codeql codeql-queries 0e0w learning-codeql hackjava hackaspx javasec hackgolang

UpdatedNov 21, 2023

controlplaneio /kubesec

Star1.4k

Security risk analysis for Kubernetes resources

kubernetes security static-analysis hacktoberfest sast

UpdatedDec 15, 2025
Go

lintsinghua /DeepAudit

Star1.4k

DeepAudit：人人拥有的 AI 黑客战队，让漏洞挖掘触手可及。国内首个开源代码漏洞挖掘多智能体系统。小白一键部署运行，自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署，一键生成报告。让安全不再昂贵，让审计不再复杂。

react typescript ai developer-tools code-review code-quality security-scanner devsecops vulnerability-scanner sast xai code-audit vite bug-detection supabase llm google-gemini

UpdatedDec 17, 2025
Python

ZupIT /horusec

Star1.3k

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

ruby kotlin python java cli golang security analysis ci cd terraform scanner static-analysis netcore vulnerabilities hacktoberfest sast security-flaws security-development sast-analysis

UpdatedDec 16, 2025
Go

momosecurity /momo-code-sec-inspector-java

Star1k

IDEA静态代码安全审计及漏洞一键修复插件

java idea sast

UpdatedMar 10, 2022
Java

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

security static-analysis owasp penetration-testing code-review infosec pentesting static-analyzer android-security pentest information-security secure-coding security-tools sast pentesting-tools owasp-mobile-top mstg masvs mobile-sec-android apkhunt

UpdatedJan 17, 2025
Go

ShiftLeftSecurity /sast-scan

Star860

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

workflow appsec scanners license-scan devsecops sast dependency-scan

UpdatedSep 1, 2023
Python

zinja-coder /jadx-ai-mcp

Sponsor

Star813

Plugin for JADX to integrate MCP server

java mobile ai mcp reverse-engineering pentesting sast vapt llm model-context-protocol mcp-servers mcp-server model-context-protocol-servers

UpdatedDec 16, 2025
Java

MobSF /mobsfscan

Star721

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

android kotlin java swift security ios objective-c static-analysis codereview appsec sast mobile-sast

UpdatedJan 31, 2025
Python

BADBADBADBOY /pytorchOCR

Star682

基于pytorch的ocr算法库，包括 psenet, pan, dbnet, sast , crnn

ocr textrecognition sast crnn dbnet textdetection psenet pannet

UpdatedMay 19, 2021
C++

FuzzingLabs /fuzzforge_ai

Star650

AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security. Automate vulnerability discovery with intelligent fuzzing, AI-driven analysis, and a marketplace of security tools.

agent security workflow automation ai fuzzing vulnerabilities appsec offensive-security workflow-automation security-tools devsecops sast dast

UpdatedNov 16, 2025
Python

insidersec /insider

Star553

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Ful…