Sast

Open-source projects categorized as Sast
Edit details
Language: + Python + JavaScript + Go + Rust + OCaml + Java + Clojure + Shell + PowerShell
Topics: Security security-tools Devsecops static-code-analysis Static Analysis
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

Top 14 Sast Open-Source Projects

  • static-analysis

    ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

    • Project mention: Static Analysis Tools for C | news.ycombinator.com | 2023-10-26

    Readers should also peruse the 'Multiple languages' section, many of the big names, Coverity, Klocwork et al. are listed there.

    see https://github.com/analysis-tools-dev/static-analysis#multip...

  • semgrep

    Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

    • Project mention: Semgrep: Semantic Grep for Code | news.ycombinator.com | 2024-04-30

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • terrascan

    Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

    • Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

    2. Terrascan: https://github.com/tenable/terrascan Terrascan detects security vulnerabilities and compliance violations across your IaC. Supports multiple cloud providers, ensuring that your infrastructure complies with security best practices.

  • bearer

    Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

    • Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26

  • betterscan-ce

    Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

  • njsscan

    njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

  • ThreatPlaybook

    A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo

  • sechub

    SecHub provides a central API to test software with different security tools.

  • js-x-ray

    JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

  • LAST

    Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini (by latiotech)

    • Project mention: Easy and Open Source Code Scanning with OpenAI | news.ycombinator.com | 2024-01-24

  • clj-holmes

    A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.

    • Project mention: SAST tools for Clojure? | /r/Clojure | 2023-09-29

    I found this plug-in for SonarQube: https://github.com/fsantiag/sonar-clojure And this: https://github.com/clj-holmes/clj-holmes

  • cd

    CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

  • scanner

    ⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine! (by NodeSecure)

  • Veracode

    Exemplos de código e tutoriais para implementações Veracode

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Sast related posts

  • Semgrep: Semantic Grep for Code

    1 project | news.ycombinator.com | 30 Apr 2024

  • Semgrep – Find bugs and enforce code standards

    1 project | news.ycombinator.com | 9 Apr 2024

  • Application Security - Bridging Frontend and Cybersecurity: What is Application Security?

    1 project | dev.to | 2 Apr 2024

  • SAST tools for Clojure?

    2 projects | /r/Clojure | 29 Sep 2023

  • Semgrep: Semantic Grep for Code

    1 project | news.ycombinator.com | 4 Aug 2023

  • semgrep VS bearer - a user suggested alternative

    2 projects | 10 Jul 2023

  • Cloud and Code Security - betterscan.io

    1 project | /r/roastmystartup | 12 Mar 2023
  • A note from our sponsor - SaaSHub
    www.saashub.com | 7 May 2024
    SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source Sast projects? This list will help you:

Project Stars
1 static-analysis 12,881
2 semgrep 9,742
3 terrascan 4,518
4 bearer 1,753
5 betterscan-ce 686
6 njsscan 346
7 ThreatPlaybook 267
8 sechub 245
9 js-x-ray 197
10 LAST 130
11 clj-holmes 102
12 cd 49
13 scanner 27
14 Veracode 2

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com