8 dépôts
Analyzing source code for security vulnerabilities and coding flaws without executing the program.
Distinct from Source Code Analysis: Candidates are focused on educational analysis, web extraction, or code protection.
Explore 8 awesome GitHub repositories matching security & cryptography · Static Analysis Security Testing. Refine with filters or upvote what's useful.
Secguide is an API security hardening framework and a comprehensive knowledge base of secure coding guidelines. It provides a multi-language security standard and a set of static analysis rules designed to identify security flaws and protect application programming interfaces from common exploits. The project functions as a reference library of security patterns and remediation guides, maintaining consistent security requirements across various programming languages. It utilizes rule-based pattern matching and a static analysis pipeline to detect dangerous API calls and vulnerabilities within
Analyzes source code without execution to find potential security flaws during the development or build process.
gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph
Analyzes Go source code to identify potential security vulnerabilities and common coding flaws through static analysis.
Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security
Analyzes source code to find security vulnerabilities and logic flaws before deployment.
Snyk is an application security testing platform designed to identify and remediate vulnerabilities across source code, open-source dependencies, container images, and infrastructure-as-code configurations. It functions as a comprehensive security workflow automation tool, utilizing a static analysis engine and dependency graph mapping to detect security flaws and license compliance issues throughout the software development lifecycle. The platform distinguishes itself through agentic workflow orchestration and an automated remediation pipeline that generates and submits pull requests to patc
Analyzes application source code across multiple programming languages to detect security flaws and insecure coding patterns.
The Snyk CLI is a command-line security scanner that detects known vulnerabilities across open-source dependencies, proprietary application code, container images, and infrastructure-as-code configuration files. It also serves as a platform management tool, allowing users to configure organizations, users, SSO, and reporting from the terminal rather than the web dashboard. The CLI integrates directly into development workflows, enabling scanning within IDEs, build pipelines, and version control systems. It implements static analysis with interfile data flow analysis to find complex security f
Performs static analysis on proprietary source code to detect injection flaws, secret leaks, and other security vulnerabilities.
Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co
Analyzes source code without execution to find security vulnerabilities and hard-coded secrets.
nodejsscan is a static analysis security tool and vulnerability detection engine designed to scan Node.js source code for security flaws and common coding vulnerabilities. It functions as a static application security testing tool that analyzes code without executing the program. The tool operates as a security linter that can be integrated into continuous integration pipelines to block insecure code from merging into main branches. It automates the auditing process through rule-based detection and pattern-based static analysis. The project provides capabilities for vulnerability alert autom
Analyzes source code for security vulnerabilities without execution to find flaws before deployment.
Ce projet est un dépôt éducatif complet conçu pour enseigner les pratiques DevOps via des parcours d'apprentissage structurés et des exercices pratiques. Il se concentre sur la maîtrise de la gestion de l'infrastructure, l'orchestration de conteneurs et l'administration système en fournissant un programme qui couvre le cycle de vie complet des environnements cloud-native, du provisionnement initial à la maintenance continue et à la sécurité. Le dépôt se distingue en offrant une approche pratique et basée sur les tâches pour des domaines opérationnels complexes. Il guide les utilisateurs à travers l'implémentation de l'infrastructure en tant que code, la configuration de la gestion de l'état distant pour la collaboration en équipe et le déploiement d'un durcissement de sécurité multicouche. En mettant l'accent sur la configuration déclarative et l'automatisation en ligne de commande, le projet permet aux apprenants de construire des environnements reproductibles et cohérents à travers diverses plateformes cloud. Les modules d'apprentissage couvrent une large surface opérationnelle, y compris l'administration de base de données, les pipelines de livraison automatisés et la surveillance système axée sur l'observabilité. Les utilisateurs peuvent s'entraîner à configurer l'accès réseau, à gérer les quotas de ressources de conteneurs et à implémenter des maillages de services, tout en acquérant de l'expérience avec les tests de sécurité statiques et dynamiques. Le contenu est organisé en pistes spécifiques qui aident les développeurs et les ingénieurs à se préparer aux certifications professionnelles et aux défis d'infrastructure du monde réel.
Provides practical experience in analyzing source code for security vulnerabilities during the development phase.