30 open-source projects similar to bearer/bearer, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Bearer alternative.
gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph
nodejsscan is a static analysis security tool and vulnerability detection engine designed to scan Node.js source code for security flaws and common coding vulnerabilities. It functions as a static application security testing tool that analyzes code without executing the program. The tool operates as a security linter that can be integrated into continuous integration pipelines to block insecure code from merging into main branches. It automates the auditing process through rule-based detection and pattern-based static analysis. The project provides capabilities for vulnerability alert autom
The Snyk CLI is a command-line security scanner that detects known vulnerabilities across open-source dependencies, proprietary application code, container images, and infrastructure-as-code configuration files. It also serves as a platform management tool, allowing users to configure organizations, users, SSO, and reporting from the terminal rather than the web dashboard. The CLI integrates directly into development workflows, enabling scanning within IDEs, build pipelines, and version control systems. It implements static analysis with interfile data flow analysis to find complex security f
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
Brakeman is a static analysis security tool and scanner specifically designed for Ruby on Rails source code. It identifies common security vulnerabilities, such as injection and cross-site scripting, by analyzing the application codebase without executing the application. The tool functions as a security auditor that detects mass assignment risks and template vulnerabilities. It evaluates the final output of rendered views and identifies unrestricted assignment patterns that could allow unauthorized modification of model attributes. The system provides vulnerability management through the us
TruffleHog is a secret scanning tool designed to identify leaked credentials and API keys across version control systems, cloud storage, and filesystems. It functions as a git secret detector that enumerates hidden commits and a cloud storage security auditor for inspecting container images and storage buckets. The project is distinguished by a credential verification engine that tests discovered secrets against service APIs to confirm they are active, which eliminates false positive alerts. It further analyzes these verified credentials to determine the specific access levels and resources t
Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security
Faraday is a vulnerability management platform and security tool aggregator designed to centralize security findings from multiple scanners into a single dashboard. It utilizes a relational security database to catalog hosts, services, and security flaws, enabling users to track remediation and analyze organizational risk. The platform distinguishes itself through a plugin-based system that normalizes diverse security tool outputs into a unified data model. It supports deep integration with a wide array of scanners and CLI tools, intercepting shell command output or parsing report files to ag
Gitleaks is a static analysis security tool and secret detection engine designed to find hardcoded passwords, API keys, and authentication tokens. It functions as a Git secret scanner that analyzes both local file systems and Git commit history to prevent credential leaks. The tool distinguishes itself through a decoding pipeline that transforms base64 and hex strings into plaintext to find obfuscated secrets. It further reduces false positives using proximity-based validation and fingerprint-based suppression to filter out known or baseline findings. The system covers a broad range of detec
Secguide is an API security hardening framework and a comprehensive knowledge base of secure coding guidelines. It provides a multi-language security standard and a set of static analysis rules designed to identify security flaws and protect application programming interfaces from common exploits. The project functions as a reference library of security patterns and remediation guides, maintaining consistent security requirements across various programming languages. It utilizes rule-based pattern matching and a static analysis pipeline to detect dangerous API calls and vulnerabilities within
Gixy is a static configuration analyzer and security auditor for Nginx. It functions as an infrastructure-as-code security scanner and web server configuration linter designed to identify vulnerabilities and misconfigurations in server definitions before deployment. The tool focuses on detecting high-risk security flaws, including host header spoofing, server-side request forgery, and path traversal. It specifically audits Nginx configurations for risks such as HTTP splitting, multiline header issues, and unauthorized third-party access resulting from incorrect Referer or Origin header patter
Pyre is a high-performance static type checker and analysis tool for Python. It identifies type errors and ensures type safety without executing the program, utilizing a static type inference engine to maintain consistency across functions. The project is distinguished by an incremental type analysis engine that operates as a background daemon. This system monitors filesystem changes to re-validate only modified parts of a project, reducing the time required for repeated analysis. It also includes a static analysis security tool that uses taint analysis to track untrusted data flows and ident
This project is a web application security standard and vulnerability framework. It provides a comprehensive list of the most critical security risks facing web applications, paired with technical guidance and a structured methodology for identifying and mitigating these flaws. The framework functions as a secure coding guide and a risk assessment methodology, offering a standardized approach to prioritizing vulnerabilities based on their potential impact and likelihood of exploitation. It defines architectural patterns and technical recommendations to help developers implement defense in dep
The automated security helper is a command-line utility designed to orchestrate multiple security analysis tools into a unified, configuration-driven workflow. It functions as a central engine that executes static application security testing and infrastructure scans, aggregating diverse tool outputs into a standardized, machine-readable format to ensure consistent vulnerability detection across development lifecycles. The tool distinguishes itself through a modular plugin architecture that allows for the integration of custom or proprietary scanners, alongside an external intelligence layer
Bandit is a static analysis security testing tool and vulnerability detection scanner for Python source code. It functions as a security-focused linter and static analyzer that identifies common vulnerabilities and architectural flaws without executing the program. The tool utilizes an abstract syntax tree to analyze code patterns and identifies risky function calls or insecure configurations. It employs a plugin-based rule engine to decouple scanning logic from individual security checks and supports configuration-driven filtering to exclude specific files or ignore certain warnings. The sy
tfsec is a static analysis tool and security scanner for Terraform configuration files. It functions as an infrastructure as code security scanner and compliance linter designed to detect misconfigurations and vulnerabilities across multiple cloud providers before resources are deployed. The tool identifies security risks by analyzing infrastructure code and variable files to evaluate the final state of the environment. It supports custom policy enforcement and allows for the suppression of specific security warnings through inline comments. Its capabilities cover cloud security posture mana
Zizmor is a security linter and static analysis tool designed to audit GitHub Actions workflow files. It functions as a CI/CD security scanner that identifies security vulnerabilities, misconfigurations, and software supply chain risks within automation pipelines. The project distinguishes itself by providing an automated workflow remediator that applies security fixes to identified vulnerabilities. It also implements a language server for integration with code editors and supports a variety of analysis personas to scale the sensitivity and volume of reported findings. The tool covers a broa
Infer is a static analysis toolset for Java, C, C++, and Objective-C designed to detect memory leaks, null dereferences, and resource bugs. It functions as a multi-language bug finder that identifies race conditions, deadlocks, and memory safety issues by translating source code into a common intermediate representation for analysis. The project distinguishes itself through an inter-procedural data flow analyzer that tracks movement between sources and sinks to detect tainted flows and generate data flow graphs. It also includes a framework for verifying temporal properties and reachability u
tfsec is a static analysis tool and security scanner for infrastructure as code, specifically designed to detect misconfigurations and compliance violations in Terraform and cloud infrastructure definitions before deployment. It functions as a cloud security policy engine that identifies vulnerabilities across multiple cloud platforms. The tool provides capabilities for cloud compliance auditing and scanning of Cloud Development Kit code. It supports custom security policy enforcement and allows for the definition of organization-specific security requirements. The scanner includes features
React Doctor is a static analysis tool for React codebases designed to identify security, performance, and architectural issues. It functions as a codebase health diagnostic engine that produces numeric health scores and structured diagnostics to improve maintainability. The tool features an incremental code scanner that evaluates only the files changed between branches or staged in the working tree to provide fast feedback. It is designed to operate as a quality gate within CI pipelines, allowing for the enforcement of codebase health standards by failing builds on critical errors. The anal
Gitleaks is a security scanning engine designed to identify hardcoded credentials, API keys, and other sensitive information within version control systems and local file structures. It functions as a static analysis tool that automates the detection of secrets, helping to prevent the accidental exposure of sensitive data during the development lifecycle. The tool distinguishes itself through its ability to perform deep forensic analysis of git history, allowing users to audit entire project timelines or enforce security gates within continuous integration pipelines. It supports complex detec
testssl.sh is a network security tool and SSL/TLS security scanner used to audit server configurations. It functions as a diagnostic utility that validates supported ciphers and protocols to identify cryptographic vulnerabilities and flaws in encrypted communication. The tool is available as both a command-line utility and a dockerized security scanner, allowing for execution in isolated environments without the need for local dependency installation. Its capabilities cover SSL configuration auditing and TLS server security analysis. The system exports scan results into structured reports a
Terrascan is an infrastructure as code security scanner and cloud configuration auditor designed to detect security violations and compliance risks in cloud templates and Dockerfiles before provisioning. It utilizes the Open Policy Agent to evaluate infrastructure templates against both standard security policies and custom organizational rules. The project functions as a security guardrail within build pipelines, blocking risky deployments by integrating scanning logic directly into CI/CD workflows. It also includes a container registry vulnerability scanner that collects vulnerability data
Shannon is an integrated security platform designed for autonomous penetration testing, static and dynamic analysis, and automated vulnerability remediation within self-hosted, private infrastructure. It functions as a unified security suite that orchestrates the entire lifecycle of vulnerability management, from initial discovery and reachability prioritization to the generation and verification of code-level patches. The platform distinguishes itself through its agentic approach to security, deploying autonomous agents to execute both black-box and white-box exploits against running applica
Repomix is an AI-focused development utility designed to prepare local and remote codebases for analysis, review, and automated interaction. It functions as a codebase context bundler and a Model Context Protocol server, aggregating project files into structured documents that are optimized for ingestion by large language models. By serving as a bridge between local repositories and external intelligence agents, the tool facilitates real-time codebase inspection and automated development workflows. The system distinguishes itself through rigorous repository token management and security-consc
Dalfox is an automated web application security tool specifically designed for discovering and verifying cross-site scripting vulnerabilities. It functions as an XSS vulnerability scanner that analyzes HTTP parameters and DOM structures to identify reflected, stored, and blind injection points. The project distinguishes itself by providing a Model Context Protocol server and a REST API, allowing artificial intelligence agents and remote interfaces to trigger and manage security scans programmatically. It utilizes a payload mutation engine and fingerprinting strategies to execute WAF evasion t
Strix is an automated security research and vulnerability scanning platform that leverages language models to orchestrate complex security analysis tasks. It functions as a comprehensive framework for penetration testing and continuous security integration, allowing users to embed automated vulnerability research directly into development pipelines or execute it within isolated, containerized environments. The platform distinguishes itself through a multi-agent orchestration engine that coordinates specialized autonomous agents to perform parallel security assessments. By integrating LLM-agno
LinEnum is a suite of security utilities for auditing Linux systems, scanning for privilege escalation paths, and enumerating local vulnerabilities. It functions as a system security audit tool, a local enumeration utility, and a scanner for identifying misconfigurations that could allow a user to gain root access. The project includes specialized auditing for containerized environments, specifically detecting Docker and LXC signatures to identify potential escape vectors to the host system. Its broader capabilities cover the analysis of kernel versions, the identification of SUID binaries a
Nettacker is an automated penetration testing framework designed to orchestrate reconnaissance, port scanning, and vulnerability detection. It functions as a network reconnaissance tool and vulnerability scanner that identifies open ports, fingerprints services, and checks systems against databases of known security flaws. The framework distinguishes itself by combining a web application crawler for discovering hidden paths via fuzzing with a vulnerability management system that persists scan results in a database to track historical assessments. It also includes specialized capabilities for