Making a GitHub repo code vulnerability/security health checker.

This page summarizes the projects mentioned and recommended in the original post on /r/cybersecurity
Static Analysis static-code-analysis Java Go Sast

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • semgrep

    Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

    • There are tools that you can use on repos like https://semgrep.dev/ that will scan repos. You could configure it differently depending on the languages contained in the repo you are scanning and automate that process.

  • git-secrets

    Prevents you from committing secrets and credentials into git repositories

    • 2) Clone the actual repo including history to look for committed secrets, running something like https://github.com/awslabs/git-secrets.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts