A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.

• UpdatedFeb 18, 2026
• JavaScript

Static Value-Flow Analysis Framework for Source Code

• UpdatedFeb 16, 2026
• C++

Lightweight, container-free sandbox for running commands with network and filesystem restrictions

• UpdatedFeb 20, 2026
• Go

Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter.

• UpdatedJul 3, 2025
• Go

Prevent merging of malicious code in pull requests

• UpdatedJan 8, 2026
• Python

Django application that performs SAST and Malware Analysis for Android APKs

• UpdatedFeb 14, 2026
• HTML

Focused malicious code detection ruleset, with a high protection-to-noise ratio

• UpdatedFeb 24, 2025
• Python

Deterministic verification layer for LLMs | AI hallucination detection | Model output validation | Formal verification for AI | Python 🐍

• UpdatedFeb 19, 2026
• Python

AI code generation and improvement

• UpdatedAug 29, 2025
• Python

The purpose of this document is to outline the security risks and vulnerabilities that may arise when implementing ai in web applications and to provide best practices for mitigating these risks.

• UpdatedJan 31, 2026

Codeaudit - Modern Python source code security analyzer based on distrust.

• UpdatedFeb 19, 2026
• Python

Monitor your code for exposed API keys, tokens, credentials, and high-risk security IaC misconfigurations

• UpdatedSep 12, 2023
• TypeScript

Dismiss GitHub Code Scanning alerts from SARIF suppression data

• UpdatedFeb 17, 2026
• Java

Official documentation for Gitsecure

• UpdatedOct 17, 2024
• MDX

Automatically monitors GitHub for code similarities and potential plagiarism using GitHub API. Includes Slack & Email alerts and an AI-based scanning skeleton for advanced code similarity detection.

• UpdatedDec 3, 2025
• Python

Contexi let you interact with entire codebase or data with context using a local LLM on your system.

• UpdatedOct 23, 2024
• Python

How to secure your development pipeline with static application security test (SAST) / Dynamic application security test (DAST), software composition analysis (SCA) using Sonarqube.

• UpdatedFeb 20, 2026

AI-powered browser-based vulnerability scanner using UniXcoder embeddings and RAG with LLM to detect security flaws across 9 languages.

• UpdatedOct 10, 2025
• TypeScript

• UpdatedFeb 15, 2026
• Rust

A fast and powerful CLI tool for finding secrets and other data in files, web pages, and other text sources. Supports multi-threading and advanced pattern matching.

• UpdatedDec 5, 2025
• Go