Commit list

Author: Analysis Tools Bot

README.md

@@ -566,6 +566,8 @@ By default, govulncheck makes requests to the Go vulnerability database at https
 
 - [nargs](https://github.com/alexkohler/nargs) — Finds unused arguments in function declarations.
 
+- [OSV-Scanner](https://osv.dev/) — Vulnerability scanner written in Go which uses the data provided by OSV.dev. Developed by Google to scan dependencies across multiple languages and package managers for known vulnerabilities. Supports container scanning, license scanning, and guided remediation. Works with lockfiles, SBOMs, and container images to identify security issues.
+
 - [prealloc](https://github.com/alexkohler/prealloc) — Finds slice declarations that could potentially be preallocated.
 
 - [Reviewdog](https://github.com/haya14busa/reviewdog) — A tool for posting review comments from any linter in any code hosting service.
@@ -994,6 +996,8 @@ It uses the pycodestyle utility to determine what parts of the code needs to be
 
 - [mypy](http://www.mypy-lang.org) — A static type checker that aims to combine the benefits of duck typing and static typing, frequently used with [MonkeyType](https://github.com/Instagram/MonkeyType).
 
+- [pip-audit](https://github.com/pypa/pip-audit) — Tool for scanning Python packages for known vulnerabilities. Developed by the Python Packaging Authority (PyPA) and supported by Trail of Bits and Google. Scans Python environments and requirements files to identify vulnerable packages and suggests remediation. Supports GitHub Actions, pre-commit hooks, and multiple vulnerability service integrations.
+
 - [prospector](https://github.com/PyCQA/prospector) — A wrapper around `pylint`, `pep8`, `mccabe` and others.
 
 - **py-find-injection** :warning: — Find SQL injection vulnerabilities in Python code.
@@ -1032,6 +1036,8 @@ It uses the pycodestyle utility to determine what parts of the code needs to be
 
 - [ruff](https://astral.sh/ruff) — Fast Python linter, written in Rust. 10-100x faster than existing linters. Compatible with Python 3.10. Supports file watcher.
 
+- [Safety](https://safetycli.com/) — Python dependency vulnerability scanner designed to enhance software supply chain security by detecting packages with known vulnerabilities. Checks Python dependencies against a database of known security vulnerabilities and provides detailed reports. Supports CI/CD integration and multiple output formats.
+
 - [unimport](https://unimport.hakancelik.dev) — A linter, formatter for finding and removing unused import statements.
 
 - [vulture](https://github.com/jendrikseipp/vulture) — Find unused classes, functions and variables in Python code.
@@ -1834,8 +1840,12 @@ Loading address: binbloom can parse a raw binary firmware and determine its load
 
 - **Docker Label Inspector** :warning: — Lint and validate Dockerfile labels.
 
+- [Dockle](https://github.com/goodwithtech/dockle) — Container Image Linter for Security helping build the Best-Practice Docker Image. Scans Docker images for security vulnerabilities and CIS Benchmark compliance. Checks for secrets, credential exposure, and security best practices. Provides multiple severity levels (FATAL, WARN, INFO) and supports various output formats for CI/CD integration.
+
 - [GitGuardian ggshield](https://www.gitguardian.com/ggshield) — ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase.
 
+- [Grype](https://github.com/anchore/grype) — Vulnerability scanner for container images and filesystems. Developed by Anchore, it scans container images, directories, and archives for known vulnerabilities. Supports multiple image formats, SBOM integration, and VEX (Vulnerability Exploitability eXchange) for accurate vulnerability assessment. Works with various vulnerability databases and provides detailed reporting.
+
 - [Haskell Dockerfile Linter](https://github.com/lukasmartinelli/hadolint) — A smarter Dockerfile linter that helps you build best practice Docker images.
 
 - [kics](https://kics.io/) — Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible
@@ -1914,6 +1924,8 @@ Its technology helps developers automate testing, find bugs, and reduce manual l
 
 - [Cloud (IaC) Security for JetBrains IDEs](https://plugins.jetbrains.com/plugin/25413-cloud-iac-security) — Cloud (IaC) Security plugin for JetBrains IDEs. Performs real-time inspections of Docker & Kubernetes IaC with 50+ rules based on Docker image/build security best practices, Kubernetes Pod Security Standards, and NSA/CISA Kubernetes Hardening Guidance.
 
+- [Dockle](https://github.com/goodwithtech/dockle) — Container Image Linter for Security helping build the Best-Practice Docker Image. Scans Docker images for security vulnerabilities and CIS Benchmark compliance. Checks for secrets, credential exposure, and security best practices. Provides multiple severity levels (FATAL, WARN, INFO) and supports various output formats for CI/CD integration.
+
 
 <a name="embedded" />
 <h2>Embedded</h2>
@@ -2197,6 +2209,8 @@ but with the following improvements:
 - [detect-secrets](https://github.com/Yelp/detect-secrets) — An enterprise friendly way of detecting and preventing secrets in code.
 It does this by running periodic diff outputs against heuristically crafted regex statements, to identify whether any new secret has been committed. This way, it avoids the overhead of digging through all git history, as well as the need to scan the entire repository every time.
 
+- [Dockle](https://github.com/goodwithtech/dockle) — Container Image Linter for Security helping build the Best-Practice Docker Image. Scans Docker images for security vulnerabilities and CIS Benchmark compliance. Checks for secrets, credential exposure, and security best practices. Provides multiple severity levels (FATAL, WARN, INFO) and supports various output formats for CI/CD integration.
+
 - **Enlightn** :warning: — A static and dynamic analysis tool for Laravel applications that provides recommendations to improve the performance, security and code reliability of Laravel apps. Contains 120 automated checks.
 
 - [GitGuardian ggshield](https://www.gitguardian.com/ggshield) — ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase.
@@ -2205,6 +2219,8 @@ It does this by running periodic diff outputs against heuristically crafted rege
 
 - [gokart](https://github.com/praetorian-inc/gokart) — Golang security analysis with a focus on minimizing false positives. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe.
 
+- [Grype](https://github.com/anchore/grype) — Vulnerability scanner for container images and filesystems. Developed by Anchore, it scans container images, directories, and archives for known vulnerabilities. Supports multiple image formats, SBOM integration, and VEX (Vulnerability Exploitability eXchange) for accurate vulnerability assessment. Works with various vulnerability databases and provides detailed reporting.
+
 - [HasMySecretLeaked](https://gitguardian.com/hasmysecretleaked) :copyright: — HasMySecretLeaked is a project from GitGuardian that aims to help individual users and organizations search across 20 million exposed secrets to verify if their developer secrets have leaked on public repositories, gists, and issues on GitHub projects.
 
 - **iblessing** :warning: — iblessing is an iOS security exploiting toolkit. It can be used for reverse engineering, binary analysis and vulnerability mining.
@@ -2236,10 +2252,14 @@ Kani verifies:
 
 - [NodeJSScan](https://opensecurity.in) — A static security code scanner for Node.js applications powered by libsast and semgrep that builds on the njsscan cli tool. It features a UI with various dashboards about an application's security status.
 
+- [OSV-Scanner](https://osv.dev/) — Vulnerability scanner written in Go which uses the data provided by OSV.dev. Developed by Google to scan dependencies across multiple languages and package managers for known vulnerabilities. Supports container scanning, license scanning, and guided remediation. Works with lockfiles, SBOMs, and container images to identify security issues.
+
 - [Oversecured](https://oversecured.com) :copyright: — Enterprise vulnerability scanner for Android and iOS apps. It allows app owners and developers to secure each new version of a mobile app by integrating Oversecured into the development process.
 
 - [OWASP Noir](https://owasp-noir.github.io/noir/) — Attack surface detector that identifies endpoints by static analysis.
 
+- [pip-audit](https://github.com/pypa/pip-audit) — Tool for scanning Python packages for known vulnerabilities. Developed by the Python Packaging Authority (PyPA) and supported by Trail of Bits and Google. Scans Python environments and requirements files to identify vulnerable packages and suggests remediation. Supports GitHub Actions, pre-commit hooks, and multiple vulnerability service integrations.
+
 - [PT Application Inspector](https://www.ptsecurity.com) :copyright: — Identifies code flaws and detects vulnerabilities to prevent web attacks. Demonstrates remote code execution by presenting possible exploits.
 
 - [Qualys Container Security](https://www.qualys.com/apps/container-security) :copyright: — Container native application protection to provide visibility and control of containerized applications.
@@ -2248,6 +2268,8 @@ Kani verifies:
 
 - [Rezilion](https://www.rezilion.com/) :copyright: — Discovers vulnerabilities for all components in your environment, filters out 85% non-exploitable vulnerabilities and creates a remediation plan and open tickets to upgrade components that violate your security policy and/or patch automatically in CI.
 
+- [Safety](https://safetycli.com/) — Python dependency vulnerability scanner designed to enhance software supply chain security by detecting packages with known vulnerabilities. Checks Python dependencies against a database of known security vulnerabilities and provides detailed reports. Supports CI/CD integration and multiple output formats.
+
 - [scorecard](https://github.com/ossf/scorecard) — Security Scorecards - Security health metrics for Open Source
 
 - [SearchDiggity](https://resources.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/) :copyright: — Identifies vulnerabilities in open source code projects hosted on Github, Google Code, MS CodePlex, SourceForge, and more. The tool comes with over 130 default searches that identify SQL injection, cross-site scripting (XSS), insecure remote and local file includes, hard-coded passwords, etc. 

data/api/tools.json

@@ -6012,6 +6012,35 @@
  "demos": null,
  "wrapper": null
  },
+ "dockle": {
+ "name": "Dockle",
+ "categories": [
+ "linter"
+ ],
+ "languages": [],
+ "other": [
+ "container",
+ "dockerfile",
+ "security"
+ ],
+ "licenses": [
+ "Apache License 2.0"
+ ],
+ "types": [
+ "cli"
+ ],
+ "homepage": "https://github.com/goodwithtech/dockle",
+ "source": "https://github.com/goodwithtech/dockle",
+ "pricing": null,
+ "plans": null,
+ "description": "Container Image Linter for Security helping build the Best-Practice Docker Image. Scans Docker images for security vulnerabilities and CIS Benchmark compliance. Checks for secrets, credential exposure, and security best practices. Provides multiple severity levels (FATAL, WARN, INFO) and supports various output formats for CI/CD integration.",
+ "discussion": null,
+ "deprecated": null,
+ "resources": null,
+ "reviews": null,
+ "demos": null,
+ "wrapper": null
+ },
  "dodgy": {
  "name": "Dodgy",
  "categories": [
@@ -8980,6 +9009,34 @@
  "demos": null,
  "wrapper": null
  },
+ "grype": {
+ "name": "Grype",
+ "categories": [
+ "linter"
+ ],
+ "languages": [],
+ "other": [
+ "container",
+ "security"
+ ],
+ "licenses": [
+ "Apache License 2.0"
+ ],
+ "types": [
+ "cli"
+ ],
+ "homepage": "https://github.com/anchore/grype",
+ "source": "https://github.com/anchore/grype",
+ "pricing": null,
+ "plans": null,
+ "description": "Vulnerability scanner for container images and filesystems. Developed by Anchore, it scans container images, directories, and archives for known vulnerabilities. Supports multiple image formats, SBOM integration, and VEX (Vulnerability Exploitability eXchange) for accurate vulnerability assessment. Works with various vulnerability databases and provides detailed reporting.",
+ "discussion": null,
+ "deprecated": null,
+ "resources": null,
+ "reviews": null,
+ "demos": null,
+ "wrapper": null
+ },
  "gulp-bootlint": {
  "name": "gulp-bootlint",
  "categories": [
@@ -12885,6 +12942,35 @@
  "demos": null,
  "wrapper": null
  },
+ "osv-scanner": {
+ "name": "OSV-Scanner",
+ "categories": [
+ "linter"
+ ],
+ "languages": [
+ "go"
+ ],
+ "other": [
+ "security"
+ ],
+ "licenses": [
+ "Apache License 2.0"
+ ],
+ "types": [
+ "cli"
+ ],
+ "homepage": "https://osv.dev/",
+ "source": "https://github.com/google/osv-scanner",
+ "pricing": null,
+ "plans": null,
+ "description": "Vulnerability scanner written in Go which uses the data provided by OSV.dev. Developed by Google to scan dependencies across multiple languages and package managers for known vulnerabilities. Supports container scanning, license scanning, and guided remediation. Works with lockfiles, SBOMs, and container images to identify security issues.",
+ "discussion": null,
+ "deprecated": null,
+ "resources": null,
+ "reviews": null,
+ "demos": null,
+ "wrapper": null
+ },
  "oversecured": {
  "name": "Oversecured",
  "categories": [
@@ -14333,6 +14419,35 @@
  ],
  "wrapper": null
  },
+ "pip-audit": {
+ "name": "pip-audit",
+ "categories": [
+ "linter"
+ ],
+ "languages": [
+ "python"
+ ],
+ "other": [
+ "security"
+ ],
+ "licenses": [
+ "Apache License 2.0"
+ ],
+ "types": [
+ "cli"
+ ],
+ "homepage": "https://github.com/pypa/pip-audit",
+ "source": "https://github.com/pypa/pip-audit",
+ "pricing": null,
+ "plans": null,
+ "description": "Tool for scanning Python packages for known vulnerabilities. Developed by the Python Packaging Authority (PyPA) and supported by Trail of Bits and Google. Scans Python environments and requirements files to identify vulnerable packages and suggests remediation. Supports GitHub Actions, pre-commit hooks, and multiple vulnerability service integrations.",
+ "discussion": null,
+ "deprecated": null,
+ "resources": null,
+ "reviews": null,
+ "demos": null,
+ "wrapper": null
+ },
  "pixee": {
  "name": "Pixee",
  "categories": [],
@@ -17194,6 +17309,35 @@
  "demos": null,
  "wrapper": null
  },
+ "safety": {
+ "name": "Safety",
+ "categories": [
+ "linter"
+ ],
+ "languages": [
+ "python"
+ ],
+ "other": [
+ "security"
+ ],
+ "licenses": [
+ "MIT License"
+ ],
+ "types": [
+ "cli"
+ ],
+ "homepage": "https://safetycli.com/",
+ "source": "https://github.com/pyupio/safety",
+ "pricing": null,
+ "plans": null,
+ "description": "Python dependency vulnerability scanner designed to enhance software supply chain security by detecting packages with known vulnerabilities. Checks Python dependencies against a database of known security vulnerabilities and provides detailed reports. Supports CI/CD integration and multiple output formats.",
+ "discussion": null,
+ "deprecated": null,
+ "resources": null,
+ "reviews": null,
+ "demos": null,
+ "wrapper": null
+ },
  "saikuro": {
  "name": "Saikuro",
  "categories": [