Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

JAVA 安全靶场，IAST 测试用例，JAVA漏洞复现，代码审计，SAST测试用例，安全扫描（主动和被动），JAVA漏洞靶场，RASP测试用例 ； Java Security Testbed, IAST Test Cases, Java Vulnerability Reproduction, Code Auditing, SAST Test Cases, Security Scanning (Active and Passive), Java Vulnerability Testbed, RASP Test Cases

PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. It leverages a powerful Rust core to deliver high-speed, accurate vulnerability scanning, wrapped in a developer-friendly Python CLI.

SAST and DAST Scan Supported with 400 plus rules available for secrets and allow you add your own wordlist as well. lightweight source code scanner and for URL that detects hardcoded secrets like API keys, credentials, and sensitive information across files and folders.

Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning

🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.

Exports vulnerability scan data from the Checkmarx SAST platform for use in analytical tools.

CodeSec by Contrast - The fastest and most accurate SAST scanner. Scan code and serverless environments

The doc-sentinel-ai project is a security-focused tool utilizing AI to perform SAST scans, detect dead code, and intelligently triage vulnerabilities. It provides a modular, local-first framework for automated code analysis, allowing for policy-driven security checks.

An ongoing & curated collection of awesome vulnerability scanning software, libraries and frameworks, best guidelines, technical resources and most important static application security testing (SAST)

Focus SAST scans (with CodeQL) on just the changed parts of your monorepo, split up as you define

Benchmark collection for analysis. The idea is to have a collection of projects in several languages as well as various sast applications to do scans and comparisons. At the end of the day the intention is to reduce the number of false positives in benchmarks projects.

A GitHub action aggregating SAST tools to scan code for vulnerabilities

A collection of reusable GitHub Actions that standardise DevSecOps security scanning i.e. SCA, SAST, DAST, secrets, IaC, and container security.

GitHub action for performing SAST scanning using various oss tools such as gitleaks, bandit, findsecbugs etc

A repo full of secrets. This is designed to test SAST secret scanning tools.

🔒 Security Scanning for Github Actions; SAST, DAST, Secrets, and Dependencies

🔐 A curated list of open-source security tools organized by CI/CD pipeline stage. Covers secrets detection, SBOM, SAST, SCA, IaC security, container scanning, Kubernetes security & more. Actively maintained with weekly status updates

Opinionated CLI to bootstrap a DevSecOps pipeline in minutes, SAST, secrets scanning, SCA, SBOM, IaC, and AI fix suggestions for Node.js, Go, Python, and Java projects.

The CxAST Azure DevOps plugin enables you to trigger SAST, SCA, and KICS scans directly from an Azure DevOps pipeline.

A GitLab pipeline demo with DevSecOps best practices (SAST, DAST and Container scan) using open source tools.

Exemplo de workflow de segurança que realiza testes SAST, SCA, Secrets Scan e IaC Scan via GitHub Actions utilizando ferramentas open source.

A comprehensive **Model Context Protocol (MCP)** server that integrates multiple SAST (Static Application Security Testing) tools with Claude Code AI, enabling automated security analysis and vulnerability scanning directly from your AI assistant.

Socket's tool for running SAST, Secrets, and Container Scaning

Perform an Opengrep SAST scan on your repository and upload the results to AccuKnox.

This repository is an advanced DevSecOps reference project that combines: - Shift-left securtureity: SAST, linting, and secrets scanning integrated into developer and CI workflows - Infrastruc-as-Code security: Terraform and Kubernetes with automated misconfiguration scanning and policy-as-code.

一款整合型漏洞扫描工具，将 Web DAST、代码 SAST 和 SCA 能力集成于统一界面中。An integrated vulnerability scanning tool that combines Web DAST, Code SAST, and SCA capabilities into a single unified interface.

Static Analysis Tooling at Splunk (Semgrep.dev)

This is a step to run snyk SAST and dependencies scanning for mobile apps

The CxAST TeamCity plugin enables you to trigger SAST, SCA, and KICS scans directly from a TeamCity project.