sast
Here are 302 public repositories matching this topic...
Language:All
Sort:Most stars
⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
- Updated
May 12, 2025 - Rust
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
- Updated
Jul 18, 2025 - OCaml
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
- Updated
Jul 14, 2025 - Go
nodejsscan is a static security code scanner for Node.js applications.
- Updated
May 13, 2025 - CSS
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
- Updated
Jun 20, 2025 - Go
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
- Updated
Nov 21, 2023
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
- Updated
Jul 17, 2025 - Go
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
- Updated
Sep 1, 2023 - Python
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
- Updated
Jan 17, 2025 - Go
基于pytorch的ocr算法库,包括 psenet, pan, dbnet, sast , crnn
- Updated
May 19, 2021 - C++
mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.
- Updated
Jan 31, 2025 - Python
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Ful…
- Updated
Apr 10, 2022 - Go
Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter.
- Updated
Jul 3, 2025 - Go
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
- Updated
Nov 14, 2024 - JavaScript
"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompile, custom rule, and is compatible with the technology stacks of Servlet&filter, Spring,struts,Dubbo,Thrift, jax-rs,jax-ws,JFinal,Netty,MyBatis,and JSP.
- Updated
Jun 29, 2025
xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
- Updated
Jul 17, 2025 - Java
Plugin for JADX to integrate MCP server
- Updated
Jun 19, 2025 - Java
Improve this page
Add a description, image, and links to thesast topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with thesast topic, visit your repo's landing page and select "manage topics."