Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
- Updated
Sep 1, 2023 - Python
#
sast
Here are 103 public repositories matching this topic...
mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.
android kotlin java swift security ios objective-c static-analysis codereview appsec sast mobile-sast
- Updated
Jan 31, 2025 - Python
AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security. Automate vulnerability discovery with intelligent fuzzing, AI-driven analysis, and a marketplace of security tools.
agent security workflow automation ai fuzzing vulnerabilities appsec offensive-security workflow-automation security-tools devsecops sast dast
- Updated
Nov 16, 2025 - Python
Antidote to VibeCoding
javascript python security typescript ai code-analysis ast opus taint-analysis vulnerability-scanners security-tools security-analysis sast anthropic-claude claude-code
- Updated
Dec 3, 2025 - Python
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
- Updated
Oct 2, 2025 - Python
Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
- Updated
Apr 23, 2025 - Python
Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
- Updated
Sep 4, 2020 - Python
A flexible framework for security teams to build and deploy AI-powered workflows that complement their existing security operations.
- Updated
Dec 1, 2025 - Python
Generic SAST Library
security regex static-analyzer appsec codeanalysis staticanalysis sast semgrep semanticgrep patternmatch genericsast libsast
- Updated
Jun 17, 2025 - Python
The only open-source tool to analyze vulnerabilities and configuration issues with running docker container(s) and docker networks.
- Updated
Dec 8, 2022 - Python
PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. It leverages a powerful Rust core to deliver high-speed, accurate vulnerability scanning, wrapped in a developer-friendly Python CLI.
- Updated
Dec 4, 2025 - Python
Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.
- Updated
Jul 22, 2025 - Python
SAST and DAST Scan Supported with 400 plus rules available for secrets and allow you add your own wordlist as well. lightweight source code scanner and for URL that detects hardcoded secrets like API keys, credentials, and sensitive information across files and folders.
- Updated
Aug 21, 2025 - Python
Ready to use docker image for CodeQL
- Updated
Jan 10, 2024 - Python
This project is deprecated. Use https://github.com/returntocorp/semgrep instead
- Updated
Apr 9, 2024 - Python
♾️ Collection of DevSecOps Notes + Resources + Courses + Tools
secret-management threat-modeling threat-model secure-coding sdlc secure-development iast devsecops software-composition-analysis sast sbom dependency-track defectdojo devsecops-best-practices software-bill-of-material devsecops-resources devsecops-notes static-analysis-security-testing
- Updated
Jan 20, 2025 - Python
Parse GitLab SAST reports into more human readable projects
- Updated
Feb 19, 2025 - Python
Improve this page
Add a description, image, and links to the sast topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the sast topic, visit your repo's landing page and select "manage topics."