Vanir: Missing Patch Scanner Vanir is a source code-based static analysis tool that automatically identifies the list of missing security patches in the target system. By default, Vanir pulls up-to-date CVEs from Open Source Vulnerabilities...
Masker Logger Have you ever been coding late at night, desperately trying to fix a bug before a deadline? In that mad scramble, did you accidentally log some sensitive data like a password or...
Makes A software supply chain framework powered by Nix. Ever needed to run applications locally to try out your code? Execute CI/CD pipelines locally to make sure jobs are being passed. Keep execution environments frozen...
Grepmarx – source code static analysis platform for security auditors Grepmarx is a web application providing a single platform to quickly understand, analyze and identify vulnerabilities in possibly large and unknown code bases. Features...
Overview Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file builds an AST from it and runs appropriate plugins against the AST nodes....
Slither, the Solidity source analyzer Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to...
Tabby Tabby has been recognized by the academic community and accepted for publication in The 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2023). Tabby is a Java Code Analysis Tool...
What is BinCAT? A static Binary Code Analysis Toolkit, designed to help reverse engineers, directly from IDA. It features: value analysis (registers and memory) taint analysis type reconstruction and propagation backward and forward analysis In action...
Brakeman Brakeman is an open-source static analysis tool that checks Ruby on Rails applications for security vulnerabilities. It can detect: Possibly unescaped model attributes or parameters in views (Cross-Site Scripting) Bad string interpolation in...
Android BugBazaar: Your mobile appsec playground to Explore, Exploit, Excel BugBazaar is a comprehensive mobile application intentionally designed to be vulnerable, featuring over 30 vulnerabilities. Developed to emulate real-world scenarios, it includes more than...
sechub It enables the operation and integration of various security tools with one central API in a development environment. SecHub server orchestrates different security tools by one API layer. Users call SecHub Server but...
Terrascan Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud-native infrastructure. Features 500+ Policies for security best practices Scanning of Terraform 12+ (HCL2) Scanning of Kubernetes YAML/JSON Support...
INTERCEPT Stupidly easy to use, small footprint Policy as Code subsecond command-line scanner that leverages the power of the fastest multi-line search tool to scan your codebase. It can be used as a linter, guard...
vulnhuntr Vulnhuntr leverages the power of LLMs to automatically create and analyze entire code call chains starting from remote user input and ending at server output for detection of complex, multi-step, security-bypassing vulnerabilities that...
gosec – Golang Security Checker Inspects source code for security problems by scanning the Go AST. Usage Gosec can be configured to only run a subset of rules, exclude certain file paths, and...
VulnerableCode VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the data current. It is made by the FOSS community to improve and secure...
