7 repositorios
Analyzing source code for security vulnerabilities and coding flaws without executing the program.
Distinct from Source Code Analysis: Candidates are focused on educational analysis, web extraction, or code protection.
Explore 7 awesome GitHub repositories matching security & cryptography · Static Analysis Security Testing. Refine with filters or upvote what's useful.
Secguide is an API security hardening framework and a comprehensive knowledge base of secure coding guidelines. It provides a multi-language security standard and a set of static analysis rules designed to identify security flaws and protect application programming interfaces from common exploits. The project functions as a reference library of security patterns and remediation guides, maintaining consistent security requirements across various programming languages. It utilizes rule-based pattern matching and a static analysis pipeline to detect dangerous API calls and vulnerabilities within
Analyzes source code without execution to find potential security flaws during the development or build process.
gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph
Analyzes Go source code to identify potential security vulnerabilities and common coding flaws through static analysis.
Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security
Analyzes source code to find security vulnerabilities and logic flaws before deployment.
The Snyk CLI is a command-line security scanner that detects known vulnerabilities across open-source dependencies, proprietary application code, container images, and infrastructure-as-code configuration files. It also serves as a platform management tool, allowing users to configure organizations, users, SSO, and reporting from the terminal rather than the web dashboard. The CLI integrates directly into development workflows, enabling scanning within IDEs, build pipelines, and version control systems. It implements static analysis with interfile data flow analysis to find complex security f
Performs static analysis on proprietary source code to detect injection flaws, secret leaks, and other security vulnerabilities.
Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co
Analyzes source code without execution to find security vulnerabilities and hard-coded secrets.
nodejsscan is a static analysis security tool and vulnerability detection engine designed to scan Node.js source code for security flaws and common coding vulnerabilities. It functions as a static application security testing tool that analyzes code without executing the program. The tool operates as a security linter that can be integrated into continuous integration pipelines to block insecure code from merging into main branches. It automates the auditing process through rule-based detection and pattern-based static analysis. The project provides capabilities for vulnerability alert autom
Analyzes source code for security vulnerabilities without execution to find flaws before deployment.
Este proyecto es un repositorio educativo integral diseñado para enseñar prácticas de DevOps a través de rutas de aprendizaje estructuradas y ejercicios prácticos. Se centra en dominar la gestión de infraestructura, la orquestación de contenedores y la administración de sistemas proporcionando un plan de estudios que cubre el ciclo de vida completo de los entornos nativos de la nube, desde el aprovisionamiento inicial hasta el mantenimiento continuo y la seguridad. El repositorio se distingue por ofrecer un enfoque práctico basado en tareas para dominios operativos complejos. Guía a los usuarios a través de la implementación de infraestructura como código, la configuración de la gestión de estado remoto para la colaboración en equipo y el despliegue de endurecimiento de seguridad multicapa. Al enfatizar la configuración declarativa y la automatización de línea de comandos, el proyecto permite a los estudiantes construir entornos repetibles y consistentes a través de diversas plataformas en la nube. Los módulos de aprendizaje abarcan una amplia superficie operativa, incluyendo administración de bases de datos, pipelines de entrega automatizados y monitoreo de sistemas impulsado por la observabilidad. Los usuarios pueden practicar la configuración del acceso a la red, la gestión de cuotas de recursos de contenedores y la implementación de mallas de servicio, mientras adquieren experiencia con pruebas de seguridad estáticas y dinámicas. El contenido está organizado en pistas específicas que ayudan a los desarrolladores e ingenieros a prepararse para certificaciones profesionales y desafíos de infraestructura del mundo real.
Provides practical experience in analyzing source code for security vulnerabilities during the development phase.