30 open-source projects similar to python-security/pyt, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Pyt alternative.
Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co
DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.
nodejsscan is a static analysis security tool and vulnerability detection engine designed to scan Node.js source code for security flaws and common coding vulnerabilities. It functions as a static application security testing tool that analyzes code without executing the program. The tool operates as a security linter that can be integrated into continuous integration pipelines to block insecure code from merging into main branches. It automates the auditing process through rule-based detection and pattern-based static analysis. The project provides capabilities for vulnerability alert autom
Git-secrets is a security utility designed to prevent the accidental exposure of sensitive credentials by integrating automated scanning directly into the version control commit lifecycle. It functions as a commit scanner that evaluates staged files and commit messages against defined security policies before changes are finalized in a repository. The tool utilizes regular expression pattern matching to identify potential secrets and supports the registration of custom patterns to address specific organizational security requirements. To manage operational friction, it includes mechanisms for
Checks filenames to be committed against a library of filename rules to prevent sensitive files in Git
Editor utility for unity to help check resources in the current scene (including active textures, their sizes, materials, meshes and which objects are using them)
The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines.
Write tests against structured configuration data using the Open Policy Agent Rego query language
A server-side TypeScript and JavaScript library immune to Regular Expression Denial of Service (ReDoS) attacks by using Rust and linear RegEx under the hood. Regolith has a linear worst case time complexity, compared to the default RegExp found in TypeScript and JavaScript, which has an exponential worst case.
ESLint plugin to detect and stop Trojan Source attacks
Lint an npm or yarn lockfile to analyze and detect security issues
Analyze a git source code repository for health signals and project vitals
Small tool to inform you about potential risks in project dependencies list
mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.
JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.