Cppcheck Cppcheck is a static analysis tool for C/C++ code. It provides a unique code analysis to detect bugs and focuses on detecting undefined behavior and dangerous coding constructs. The goal is to detect only real errors...
PHPStan – PHP Static Analysis Tool PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It moves...
Semgrep Semgrep is a command-line tool for offline static analysis. Use pre-built or custom rules to enforce code and security standards in your codebase. You can try it now with our interactive live editor. Semgrep combines the...
What is TCA Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a code comprehensive analysis platform, which includes three components: server, web, and client. It supports the integration...
tfsec tfsec uses static analysis of your terraforms templates to spot potential security issues. Features ☁️ Checks for misconfigurations across all major (and some minor) cloud providers ⛔ Hundreds of built-in rules 🪆 Scans...
js-x-ray JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and allow better access to developers and researchers. The goal is to quickly identify dangerous code...
RedFlag RedFlag leverages AI to determine high-risk code changes. Run it in batch mode to scope manual security testing of release candidates, or run it in your CI pipelines to flag PRs and add...
Secretlint Secretlint is that Pluggable linting tool to prevent committing credentials. Feature Scanner: Found credentials in a project and report these Project Friendly: Easy to set up your project and integrate CI services Pre-Commit Hook:...
AegiScan Aegi(s)Scan(er) is a static dataflow analysis framework for iOS application binaries, which can be used to facilitate vulnerability scanning. Design AegiScan utilizes top-down type propagation to resolve Objective-C MsgSend calls, thereby reconstructing the call...
Hardening Meter HardeningMeter is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems. Its robust capabilities include thorough checks of various binary exploitation protection mechanisms, including Stack...
Betterscan Community Edition (CE) Betterscan is based on QuantifedCode. QuantifiedCode is a code analysis & automation platform. It helps you to keep track of issues and metrics in your software projects, and can be...
Truffle Hog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed. How it works This module will go through the entire commit...
poutine Created by BoostSecurity.io, poutine is a security scanner that detects misconfigurations and vulnerabilities in the build pipelines of a repository. It supports parsing CI workflows from GitHub Actions and Gitlab CI/CD. When given an...
Surfactant A modular framework to gather file information for SBOM generation and dependency analysis. Surfactant can be used to gather information from a set of files to generate an SBOM, along with manipulating SBOMs...
