7 Repos
Analyzing source code for security vulnerabilities and coding flaws without executing the program.
Distinct from Source Code Analysis: Candidates are focused on educational analysis, web extraction, or code protection.
Explore 7 awesome GitHub repositories matching security & cryptography · Static Analysis Security Testing. Refine with filters or upvote what's useful.
Secguide is an API security hardening framework and a comprehensive knowledge base of secure coding guidelines. It provides a multi-language security standard and a set of static analysis rules designed to identify security flaws and protect application programming interfaces from common exploits. The project functions as a reference library of security patterns and remediation guides, maintaining consistent security requirements across various programming languages. It utilizes rule-based pattern matching and a static analysis pipeline to detect dangerous API calls and vulnerabilities within
Analyzes source code without execution to find potential security flaws during the development or build process.
gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph
Analyzes Go source code to identify potential security vulnerabilities and common coding flaws through static analysis.
Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security
Analyzes source code to find security vulnerabilities and logic flaws before deployment.
The Snyk CLI is a command-line security scanner that detects known vulnerabilities across open-source dependencies, proprietary application code, container images, and infrastructure-as-code configuration files. It also serves as a platform management tool, allowing users to configure organizations, users, SSO, and reporting from the terminal rather than the web dashboard. The CLI integrates directly into development workflows, enabling scanning within IDEs, build pipelines, and version control systems. It implements static analysis with interfile data flow analysis to find complex security f
Performs static analysis on proprietary source code to detect injection flaws, secret leaks, and other security vulnerabilities.
Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co
Analyzes source code without execution to find security vulnerabilities and hard-coded secrets.
nodejsscan is a static analysis security tool and vulnerability detection engine designed to scan Node.js source code for security flaws and common coding vulnerabilities. It functions as a static application security testing tool that analyzes code without executing the program. The tool operates as a security linter that can be integrated into continuous integration pipelines to block insecure code from merging into main branches. It automates the auditing process through rule-based detection and pattern-based static analysis. The project provides capabilities for vulnerability alert autom
Analyzes source code for security vulnerabilities without execution to find flaws before deployment.
Dieses Projekt ist ein umfassendes Bildungs-Repository, das darauf ausgelegt ist, DevOps-Praktiken durch strukturierte Lernpfade und praktische Übungen zu vermitteln. Es konzentriert sich auf die Beherrschung von Infrastrukturmanagement, Container-Orchestrierung und Systemadministration, indem es einen Lehrplan bereitstellt, der den gesamten Lebenszyklus Cloud-nativer Umgebungen abdeckt, von der anfänglichen Bereitstellung bis zur laufenden Wartung und Sicherheit. Das Repository zeichnet sich durch einen praktischen, aufgabenbasierten Ansatz für komplexe operative Domänen aus. Es führt Nutzer durch die Implementierung von Infrastructure-as-Code, die Konfiguration von Remote-State-Management für die Teamzusammenarbeit und die Bereitstellung mehrschichtiger Sicherheitshärtung. Durch die Betonung deklarativer Konfiguration und Befehlszeilenautomatisierung ermöglicht das Projekt Lernenden den Aufbau wiederholbarer, konsistenter Umgebungen über diverse Cloud-Plattformen hinweg. Die Lernmodule umfassen eine breite operative Oberfläche, einschließlich Datenbankadministration, automatisierter Bereitstellungspipelines und Observability-gesteuerter Systemüberwachung. Nutzer können das Konfigurieren von Netzwerkzugriffen, das Verwalten von Container-Ressourcenquoten und das Implementieren von Service-Meshes üben, während sie gleichzeitig Erfahrungen mit statischen und dynamischen Sicherheitstests sammeln. Die Inhalte sind in spezifische Tracks organisiert, die Entwicklern und Ingenieuren helfen, sich auf professionelle Zertifizierungen und reale Infrastrukturherausforderungen vorzubereiten.
Provides practical experience in analyzing source code for security vulnerabilities during the development phase.