Sucosh Scanny “Sucosh” is an automated Source Code vulnerability scanner(SAST) and assessment framework for Python(Flask-Django) & NodeJs capable of performing code review in Web Application Developing or Source Code Analysis processes. It can detect...
What is Minder? Minder by Stacklok is an open-source platform that helps development teams and open-source communities build more secure software, and prove to others that what they’ve built is secure. Minder helps project owners...
Bugsy Bugsy is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code. It is the community edition version of Mobb, the first vendor-agnostic automated security vulnerability remediation tool. Bugsy is...
Vanir: Missing Patch Scanner Vanir is a source code-based static analysis tool that automatically identifies the list of missing security patches in the target system. By default, Vanir pulls up-to-date CVEs from Open Source Vulnerabilities...
Masker Logger Have you ever been coding late at night, desperately trying to fix a bug before a deadline? In that mad scramble, did you accidentally log some sensitive data like a password or...
Makes A software supply chain framework powered by Nix. Ever needed to run applications locally to try out your code? Execute CI/CD pipelines locally to make sure jobs are being passed. Keep execution environments frozen...
Grepmarx – source code static analysis platform for security auditors Grepmarx is a web application providing a single platform to quickly understand, analyze and identify vulnerabilities in possibly large and unknown code bases. Features...
Overview Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file builds an AST from it and runs appropriate plugins against the AST nodes....
Slither, the Solidity source analyzer Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to...
Tabby Tabby has been recognized by the academic community and accepted for publication in The 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2023). Tabby is a Java Code Analysis Tool...
What is BinCAT? A static Binary Code Analysis Toolkit, designed to help reverse engineers, directly from IDA. It features: value analysis (registers and memory) taint analysis type reconstruction and propagation backward and forward analysis In action...
Brakeman Brakeman is an open-source static analysis tool that checks Ruby on Rails applications for security vulnerabilities. It can detect: Possibly unescaped model attributes or parameters in views (Cross-Site Scripting) Bad string interpolation in...
Android BugBazaar: Your mobile appsec playground to Explore, Exploit, Excel BugBazaar is a comprehensive mobile application intentionally designed to be vulnerable, featuring over 30 vulnerabilities. Developed to emulate real-world scenarios, it includes more than...
sechub It enables the operation and integration of various security tools with one central API in a development environment. SecHub server orchestrates different security tools by one API layer. Users call SecHub Server but...
Terrascan Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud-native infrastructure. Features 500+ Policies for security best practices Scanning of Terraform 12+ (HCL2) Scanning of Kubernetes YAML/JSON Support...
INTERCEPT Stupidly easy to use, small footprint Policy as Code subsecond command-line scanner that leverages the power of the fastest multi-line search tool to scan your codebase. It can be used as a linter, guard...
