30 open-source projects similar to microsoft/devskim, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best DevSkim alternative.
Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co
gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph
CodeQL is a semantic code analysis engine and vulnerability scanning tool that treats source code as data. It utilizes a static analysis query language to define complex patterns and security vulnerabilities within a code graph database. The system represents source code as a relational database, enabling the execution of structural queries and data flow analysis. This approach allows for the detection of security flaws and coding errors across large-scale repositories. The tool provides capabilities for automated code auditing, static analysis security testing, and custom vulnerability dete
SonarQube is a static code analysis platform used to scan source code and infrastructure scripts across multiple languages. It detects bugs, security vulnerabilities, and maintainability issues to ensure software meets reliability and security standards. The platform implements automated quality gates for continuous integration and delivery pipelines, verifying code against defined rules during merge or pull requests. It also integrates directly with code editors to provide real-time analysis results and quick-fix guidance during development. The system covers broad functional areas includin
nodejsscan is a static analysis security tool and vulnerability detection engine designed to scan Node.js source code for security flaws and common coding vulnerabilities. It functions as a static application security testing tool that analyzes code without executing the program. The tool operates as a security linter that can be integrated into continuous integration pipelines to block insecure code from merging into main branches. It automates the auditing process through rule-based detection and pattern-based static analysis. The project provides capabilities for vulnerability alert autom
Lint an npm or yarn lockfile to analyze and detect security issues
ApplicationInspector is a multi-language static analysis tool designed to detect specific features and characteristics within source code. It utilizes a declarative JSON rules engine to identify patterns and structural tags across project directories without requiring the analyzer to be recompiled. The system distinguishes itself through a code version differ that compares two different source paths to report changes in detected features. It also provides utilities for creating and validating custom JSON-based rules, including a validation pipeline to verify syntax and identifier uniqueness.
The Microsoft.CodeAnalysis.NetAnalyzers package moved into the dotnet/sdk repository for further development and respond to issues formerly in this repository.
🐊 Pluggable and configurable JavaScript Linter, code transformer and formatter with superpowers 💪: built-in support of js, jsx, ts, markdown, yaml, toml, json and ignore. Write declarative codemods in a simplest possible way 😏
Open source local-first PR scanner that finds dead code, security bugs, secrets, quality regressions, and AI-code mistakes before merge. For first timers refer to https://duriantaco.github.io/skylos/repo-map/
Brakeman is a static analysis security tool and scanner specifically designed for Ruby on Rails source code. It identifies common security vulnerabilities, such as injection and cross-site scripting, by analyzing the application codebase without executing the application. The tool functions as a security auditor that detects mass assignment risks and template vulnerabilities. It evaluates the final output of rendered views and identifies unrestricted assignment patterns that could allow unauthorized modification of model attributes. The system provides vulnerability management through the us
.. image:: https://travis-ci.org/python-security/pyt.svg?branch=master :target: https://travis-ci.org/python-security/pyt
Linter for dangerous Postgres migration patterns in Diesel and SQLx. Prevents downtime caused by unsafe schema changes.
weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.
DeepAudit is a privacy-preserving code audit platform that combines multiple specialized AI agents to identify and verify security vulnerabilities in source code. It functions as a local LLM vulnerability scanner, an automated security report generator, and a sandboxed exploit verifier, all operating entirely within an internal network to keep sensitive code and data on premises. What distinguishes DeepAudit is its multi-agent cooperative approach: teams of AI agents jointly plan, analyze, and cross-check findings across the codebase, moving beyond single-pass scanning. The platform also sand
AllHackingTools is a security tool orchestrator and suite designed to install, update, and manage a wide array of third-party hacking and security utilities from a single command interface. It functions as a centralized hub for network analysis, open source intelligence, penetration testing, and social engineering tools. The project provides specialized frameworks for gathering open source intelligence and searching for user profiles across social platforms. It includes toolkits for network reconnaissance, vulnerability scanning, and the execution of security exploits, as well as a social eng
This project is a suite of automated tools and an LLM code review framework designed for design auditing, security scanning, and AI-driven code analysis. It functions as a developer workflow orchestrator that uses static analysis agents and agent-based workflows to automate pull request analysis and security audits. The system employs a dual-loop agent architecture to coordinate primary analysis and secondary verification, reducing false positives. It distinguishes itself through the use of browser automation to perform live UI component testing and verify frontend changes against accessibili
Pyre is a high-performance static type checker and analysis tool for Python. It identifies type errors and ensures type safety without executing the program, utilizing a static type inference engine to maintain consistency across functions. The project is distinguished by an incremental type analysis engine that operates as a background daemon. This system monitors filesystem changes to re-validate only modified parts of a project, reducing the time required for repeated analysis. It also includes a static analysis security tool that uses taint analysis to track untrusted data flows and ident
CrackMapExec is a network penetration testing framework and automated security scanner designed to assess security postures across large IP ranges. It functions as a multi-protocol security scanner and network protocol auditor used to identify vulnerabilities and misconfigurations. The tool provides capabilities for Active Directory auditing to enumerate users and permissions, as well as post-exploitation enumeration to gather system metadata and discover lateral movement paths. It includes a framework for credential spraying and harvesting across various network services. The system utilize
cloc is a codebase metrics tool and multi-language code analyzer designed to count blank lines, comment lines, and physical lines of code. It serves as a source code line counter and report generator that identifies file types to calculate source volume across a wide variety of programming languages. The tool distinguishes itself by providing codebase version comparison to measure relative changes in source and comment lines between two versions of a directory or archive. It also supports the definition of custom languages and the extension of language recognition by loading custom comment fi
my-git is a comprehensive framework and reference guide for Git version control administration, repository governance, and software release management. It provides a structured approach to managing the software development lifecycle, from initial feature branching to final production deployment. The project distinguishes itself through a specialized AI-assisted development framework. This includes workflows for managing AI-generated code via automated diff reviews, intent-based commit splitting, and governance models for multi-agent coordination and session isolation using worktrees. The cod
This project is a Language Server Protocol implementation for PostgreSQL that provides autocompletion, syntax diagnostics, and type checking for SQL and PL/pgSQL. It functions as a database schema validator and a static analysis engine designed to detect security vulnerabilities, performance bottlenecks, and dangerous migration patterns in database scripts. The server differentiates itself by using live database connections to provide schema-aware intelligence, allowing it to verify that tables, columns, and data types actually exist. It performs static analysis on procedural functions to det
This project is a software engineering standards guide and technical quality manual. It provides a framework for engineering governance, focusing on maintaining code quality, peer review processes, and sustainable development across large-scale technical organizations. The documentation establishes a code review framework that covers preparing, performing, and assigning peer reviews to ensure codebase stability. It defines standardized engineering patterns and maintainability criteria to keep diverse project repositories uniform and readable. The guidelines encompass code quality assurance,
Git-secrets is a security utility designed to prevent the accidental exposure of sensitive credentials by integrating automated scanning directly into the version control commit lifecycle. It functions as a commit scanner that evaluates staged files and commit messages against defined security policies before changes are finalized in a repository. The tool utilizes regular expression pattern matching to identify potential secrets and supports the registration of custom patterns to address specific organizational security requirements. To manage operational friction, it includes mechanisms for
Ruby production code coverage collection and reporting (line of code usage)
A simple live reloading plugin for vite.
A Rake task gem that helps you find the unused routes and controller actions for your Rails 3+ app
:zap: Don't make your Rubies go fast. Make them go fasterer ™. :zap: