8 repository-uri
Analyzing source code for security vulnerabilities and coding flaws without executing the program.
Distinct from Source Code Analysis: Candidates are focused on educational analysis, web extraction, or code protection.
Explore 8 awesome GitHub repositories matching security & cryptography · Static Analysis Security Testing. Refine with filters or upvote what's useful.
Secguide is an API security hardening framework and a comprehensive knowledge base of secure coding guidelines. It provides a multi-language security standard and a set of static analysis rules designed to identify security flaws and protect application programming interfaces from common exploits. The project functions as a reference library of security patterns and remediation guides, maintaining consistent security requirements across various programming languages. It utilizes rule-based pattern matching and a static analysis pipeline to detect dangerous API calls and vulnerabilities within
Analyzes source code without execution to find potential security flaws during the development or build process.
gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph
Analyzes Go source code to identify potential security vulnerabilities and common coding flaws through static analysis.
Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security
Analyzes source code to find security vulnerabilities and logic flaws before deployment.
Snyk is an application security testing platform designed to identify and remediate vulnerabilities across source code, open-source dependencies, container images, and infrastructure-as-code configurations. It functions as a comprehensive security workflow automation tool, utilizing a static analysis engine and dependency graph mapping to detect security flaws and license compliance issues throughout the software development lifecycle. The platform distinguishes itself through agentic workflow orchestration and an automated remediation pipeline that generates and submits pull requests to patc
Analyzes application source code across multiple programming languages to detect security flaws and insecure coding patterns.
The Snyk CLI is a command-line security scanner that detects known vulnerabilities across open-source dependencies, proprietary application code, container images, and infrastructure-as-code configuration files. It also serves as a platform management tool, allowing users to configure organizations, users, SSO, and reporting from the terminal rather than the web dashboard. The CLI integrates directly into development workflows, enabling scanning within IDEs, build pipelines, and version control systems. It implements static analysis with interfile data flow analysis to find complex security f
Performs static analysis on proprietary source code to detect injection flaws, secret leaks, and other security vulnerabilities.
Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co
Analyzes source code without execution to find security vulnerabilities and hard-coded secrets.
nodejsscan is a static analysis security tool and vulnerability detection engine designed to scan Node.js source code for security flaws and common coding vulnerabilities. It functions as a static application security testing tool that analyzes code without executing the program. The tool operates as a security linter that can be integrated into continuous integration pipelines to block insecure code from merging into main branches. It automates the auditing process through rule-based detection and pattern-based static analysis. The project provides capabilities for vulnerability alert autom
Analyzes source code for security vulnerabilities without execution to find flaws before deployment.
Acest proiect este un repository educațional cuprinzător conceput pentru a preda practicile DevOps prin căi de învățare structurate și exerciții hands-on. Se concentrează pe stăpânirea gestionării infrastructurii, orchestrarea containerelor și administrarea sistemelor, oferind un curriculum care acoperă întregul ciclu de viață al mediilor cloud-native, de la provizionarea inițială până la întreținerea continuă și securitate. Repository-ul se distinge prin oferirea unei abordări practice, bazate pe sarcini, pentru domenii operaționale complexe. Ghidează utilizatorii prin implementarea infrastructurii ca cod (infrastructure-as-code), configurarea gestionării stării la distanță pentru colaborarea în echipă și deployment-ul securizării multi-stratificate. Punând accent pe configurarea declarativă și automatizarea liniei de comandă, proiectul permite cursanților să construiască medii repetabile și consistente pe diverse platforme cloud. Modulele de învățare acoperă o suprafață operațională largă, inclusiv administrarea bazelor de date, pipeline-uri de livrare automatizate și monitorizarea sistemelor bazată pe observabilitate. Utilizatorii pot exersa configurarea accesului la rețea, gestionarea cotelor de resurse pentru containere și implementarea service mesh-urilor, câștigând în același timp experiență cu testarea de securitate statică și dinamică. Conținutul este organizat în track-uri specifice care ajută dezvoltatorii și inginerii să se pregătească pentru certificări profesionale și provocări de infrastructură din lumea reală.
Provides practical experience in analyzing source code for security vulnerabilities during the development phase.