SaaSHub helps you find the best software and product alternatives Learn more →
Top 14 Sast Open-Source Projects
-
static-analysis
⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
-
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
-
bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
-
betterscan-ce
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
-
njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
-
ThreatPlaybook
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
js-x-ray
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
-
LAST
Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini (by latiotech)
-
clj-holmes
A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.
-
cd
CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
-
scanner
⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine! (by NodeSecure)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Readers should also peruse the 'Multiple languages' section, many of the big names, Coverity, Klocwork et al. are listed there.
see https://github.com/analysis-tools-dev/static-analysis#multip...
2. Terrascan: https://github.com/tenable/terrascan Terrascan detects security vulnerabilities and compliance violations across your IaC. Supports multiple cloud providers, ensuring that your infrastructure complies with security best practices.
Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26
I found this plug-in for SonarQube: https://github.com/fsantiag/sonar-clojure And this: https://github.com/clj-holmes/clj-holmes
Sast related posts
-
Semgrep: Semantic Grep for Code
-
Semgrep – Find bugs and enforce code standards
-
Application Security - Bridging Frontend and Cybersecurity: What is Application Security?
-
SAST tools for Clojure?
-
Semgrep: Semantic Grep for Code
-
semgrep VS bearer - a user suggested alternative
2 projects | 10 Jul 2023 -
Cloud and Code Security - betterscan.io
-
A note from our sponsor - SaaSHub
www.saashub.com | 7 May 2024
Index
What are some of the best open-source Sast projects? This list will help you:
Project | Stars | |
---|---|---|
1 | static-analysis | 12,881 |
2 | semgrep | 9,742 |
3 | terrascan | 4,518 |
4 | bearer | 1,753 |
5 | betterscan-ce | 686 |
6 | njsscan | 346 |
7 | ThreatPlaybook | 267 |
8 | sechub | 245 |
9 | js-x-ray | 197 |
10 | LAST | 130 |
11 | clj-holmes | 102 |
12 | cd | 49 |
13 | scanner | 27 |
14 | Veracode | 2 |
Sponsored