Showing 20 open source projects for "source code static anala"

View related business solutions
  • Our Free Plans just got better! | Auth0 Icon
    Our Free Plans just got better! | Auth0

    With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

    You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
    Try free now
  • $300 Free Credits to Build on Google Cloud Icon
    $300 Free Credits to Build on Google Cloud

    New to Google Cloud? Get $300 in credits to explore Compute Engine, BigQuery, Cloud Run, Gemini Enterprise Agent Platform, and more.

    Start your next project with $300 in free Google Cloud credit. Spin up VMs, run containers, query petabytes in BigQuery, or build agents with Gemini Enterprise Agent Platform. Once your credits are used, keep building with 20+ always-free tier products including Compute Engine, Cloud Storage, GKE, and Cloud Run functions. No commitment required—just sign up and start building.
    Claim $300 Free
  • 1
    Claude Code Security Reviewer

    Claude Code Security Reviewer

    An AI-powered security review GitHub Action using Claude

    The claude-code-security-review repository implements a GitHub Action that uses Claude (via the Anthropic API) to perform semantic security audits of code changes in pull requests. Rather than relying purely on pattern matching or static analysis, this action feeds diffs and surrounding context to Claude to reason about potential vulnerabilities (e.g. injection, misconfigurations, secrets exposure, etc). When a PR is opened, the action analyzes only the changed files (diff-aware scanning),...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 2
    kube-score

    kube-score

    Kubernetes object analysis with recommendations

    Kubernetes object analysis with recommendations for improved reliability and security. kube-score is a tool that does static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resilient. kube-score is open-source and available under the MIT-license. Container limits (should be set) Pod is targeted by a NetworkPolicy, both egress and ingress rules are recommended. ...
    Downloads: 10 This Week
    Last Update:
    See Project
  • 3
    cargo-crev

    cargo-crev

    A cryptographically verifiable code review system for the cargo

    ...Increase the trustworthiness of your own code. Build a web of trust of other reputable users to help verify the code you use. Static binaries are available from the releases page. Crev is a system for verifying the security and reliability of dependencies based on collaborative code reviews. Crev users review the source code of packages/libraries/crates and share their findings with others.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 4
    Flipper Zero Unleashed Firmware

    Flipper Zero Unleashed Firmware

    Flipper Zero Unleashed Firmware

    Flipper Zero Unleashed Firmware. This software is for experimental purposes only and is not meant for any illegal activity/purposes. We do not condone illegal activity and strongly encourage keeping transmissions to legal/valid uses allowed by law. Also, this software is made without any support from Flipper Devices and is in no way related to the official devs.
    Downloads: 32 This Week
    Last Update:
    See Project
  • Your monitoring isn't a stack. It's a pile. Fix that. Icon
    Your monitoring isn't a stack. It's a pile. Fix that.

    Errors, performance, logs, uptime. One install, one invoice, one UI.

    Replace Datadog, New Relic, and Sentry without adding three more dashboards.
    Free 30 days.
  • 5
    SkillSpector

    SkillSpector

    Security scanner for AI agent skills

    SkillSpector is a security scanner built to evaluate AI agent skills before they are installed or trusted. It helps teams inspect skills used by tools such as Claude Code, Codex CLI, and Gemini CLI. The project focuses on detecting vulnerabilities, malicious behavior, and risky patterns that may be hidden inside skill files. It combines fast static checks with optional LLM-based semantic review for issues that require deeper intent analysis. It supports several input types, including Git...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 6
    Shannon

    Shannon

    Fully autonomous AI hacker to find actual exploits in your web apps

    Shannon is an autonomous AI penetration testing system built to find and prove real, exploitable vulnerabilities in web applications rather than stopping at static warnings or best-guess alerts. It focuses on “proof by exploitation,” meaning it actively hunts for attack vectors in your code and then attempts to execute end-to-end exploits to demonstrate impact. The project blends source-aware analysis with automated web interaction so it can validate issues like injection flaws, authentication bypasses, and other exploitable paths in a way that resembles an actual attacker’s workflow. ...
    Downloads: 28 This Week
    Last Update:
    See Project
  • 7
    FLARE VM

    FLARE VM

    A collection of software installations scripts for Windows systems

    FLARE VM is a security-focused Windows workstation distribution designed for malware analysis, reverse engineering, penetration testing, and threat hunting. It bundles a curated set of tools—disassemblers, debuggers, decompilers, virtualization, forensics utilities, packet capture tools, exploit frameworks, and hex editors—preconfigured to work together. The environment configures paths, dependencies, environment variables, and common tool integrations so analysts can focus on tasks rather...
    Downloads: 90 This Week
    Last Update:
    See Project
  • 8
    Brakeman

    Brakeman

    A static analysis security vulnerability scanner for Ruby on Rails app

    Brakeman is a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development. Brakeman now uses the parallel gem to read and parse files in parallel. By default, parallel will split the reading/parsing into a number of separate processes based on number of CPUs. In testing, this has dramatically improved speed for large code bases, around 35% reduction in overall scan time....
    Downloads: 1 This Week
    Last Update:
    See Project
  • 9
    pH7 Social Dating CMS (pH7Builder)❤️

    pH7 Social Dating CMS (pH7Builder)❤️

    🚀 Professional Social Dating Web App Builder (formerly pH7CMS)

    pH7Builder is a Professional, Free & Open Source PHP Social Dating Builder Software (primarily designed for developers ...). This Social Dating Web App is fully coded in object-oriented PHP (OOP) with the MVC pattern (Model-View-Controller). It is low resource-intensive, extremely powerful and highly secure. pH7Builder is included with over 42 native modules and is based on its homemade pH7 Framework which includes more than 52 packages To summarize, pH7Builder Social Dating Script...
    Downloads: 35 This Week
    Last Update:
    See Project
  • Ship Agents Faster Icon
    Ship Agents Faster

    Transform your applications and workflows into powerful agentic systems at global scale.

    Gemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
    Get Started Free
  • 10
    nodejsscan

    nodejsscan

    nodejsscan is a static security code scanner for Node.js applications

    Static security code scanner (SAST) for Node.js applications powered by libsast and semgrep. nodejsscan is a static security code scanner for Node.js applications.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 11
    Horusec

    Horusec

    Open source tool that improves identification of vulnerabilities

    Horusec is an open source tool that performs a static code analysis to identify security flaws during the development process. Currently, the languages for analysis are C#, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart, Elixir, Shell, Nginx. The tool has options to search for key leaks and security flaws in all your project's files, as well as in Git history.
    Downloads: 6 This Week
    Last Update:
    See Project
  • 12
    Insider

    Insider

    Static Application Security Testing (SAST) engine

    Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on agile and easy-to-implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET.
    Downloads: 14 This Week
    Last Update:
    See Project
  • 13
    ThinkTs

    ThinkTs

    Based on koa and typeorm,asynchronous non blocking reactive coding

    Based on koa and Typeform, asynchronous nonblocking reactive coding, and a real MVC web framework, inspired by [ThinkPHP + Nestjs + FastAPI], it is also the fastest development speed and fastest performance.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 14
    goflyway

    goflyway

    An encrypted HTTP server

    master is the active development branch and contains v2 code, for the stable v1 release (though it was once called v2.0), please refer to v1.0 branch. goflyway v2 is a special tool to forward local ports to a remote server securely, just like ssh -L. goflyway uses pure HTTP POST requests to relay TCP connections. There is no CONNECT involved nor needed because goflyway is designed mainly for those people who are behind a CONNECT-less HTTP proxy or want to accelerate connections through...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 15
    ansvif

    ansvif

    An advanced cross platform fuzzing framework suited to find code bugs.

    ansvif, or A Not So Very Intelligent Fuzzer, suited to find bugs in code by throwing garbage arguments, files, and environment variables at the target program, that you may or may not have the source code to. It supports many features, such as buffer size, randomization of the buffer size, random data injection, templates, and much more. The purpose of this project is to identify bugs in software, specifically bugs that can induce a segmentation fault under various conditions. This aids...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 16

    RIPS - PHP Security Analysis

    Free Static Code Analysis Tool for PHP Applications

    RIPS is a static code analysis tool for the automated detection of security vulnerabilities in PHP applications. It was released 2010 during the Month of PHP Security (www.php-security.org). NOTE: RIPS 0.5 development is abandoned. A complete rewrite with OOP support and higher precision is available at https://www.ripstech.com/next-generation/
    Downloads: 22 This Week
    Last Update:
    See Project
  • 17
    Web Application Protection

    Web Application Protection

    Tool to detect and correct vulnerabilities in PHP web applications

    ...WAP detects the following vulnerabilities: - SQL injection using MySQL, PostgreSQL and DB2 DBMS - Reflected cross-site scripting (XSS) - Stored XSS - Remote file inclusion - Local file inclusion - Directory traversal - Source code disclosure - OS command injection - PHP code injection WAP is a static analysis tool that performs taint analysis to detect vulnerabilities, tracking malicious users inputs and checking if they reach calls of sensitive functions. It has a low rate of false positives because has implemented a data mining module to predict false positives when detects vulnerabilities. ...
    Downloads: 2 This Week
    Last Update:
    See Project
  • 18

    Pecker Scanner

    A static source code analyser for vulnerabilities in PHP.

    A scanner named pecker, written in php,It can check dangerous functions with lexical analysis. to scans files for malicious PHP Code. Github : https://github.com/cfc4n/pecker
    Downloads: 0 This Week
    Last Update:
    See Project
  • 19
    PHParser

    PHParser

    A Lexer and a Parser to PHP scripts

    PHParser 1.2 generates a pure Java parser for PHP programs. Invoking this parser yields an explicit parse tree (AST) and a tree walker suitable for further analysis. This tool package is based upon: - ANTLR 3.2 or higher (www.antlr.org). - JDK 1.6 or higher (java.sun.com). - Grammar specifications of PHP 5.3.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 20
    Agnitio
    A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.
    Downloads: 0 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • Next