gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph
Pyre is a high-performance static type checker and analysis tool for Python. It identifies type errors and ensures type safety without executing the program, utilizing a static type inference engine to maintain consistency across functions. The project is distinguished by an incremental type analysis engine that operates as a background daemon. This system monitors filesystem changes to re-validate only modified parts of a project, reducing the time required for repeated analysis. It also includes a static analysis security tool that uses taint analysis to track untrusted data flows and ident
Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co
ApplicationInspector is a multi-language static analysis tool designed to detect specific features and characteristics within source code. It utilizes a declarative JSON rules engine to identify patterns and structural tags across project directories without requiring the analyzer to be recompiled. The system distinguishes itself through a code version differ that compares two different source paths to report changes in detected features. It also provides utilities for creating and validating custom JSON-based rules, including a validation pipeline to verify syntax and identifier uniqueness.
CodeQL is a semantic code analysis engine and vulnerability scanning tool that treats source code as data. It utilizes a static analysis query language to define complex patterns and security vulnerabilities within a code graph database.
The main features of github/codeql are: Graph-Relational Databases, Static Analysis Security Testing, Codebase Analysis, Security and Vulnerability Scanning, Code Analysis Query Languages, Code Analysis Pipelines, Declarative Query Languages, Code Knowledge Graphs.
Open-source alternatives to github/codeql include: securego/gosec — gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws.… facebook/pyre-check — Pyre is a high-performance static type checker and analysis tool for Python. It identifies type errors and ensures… bearer/bearer — Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security… microsoft/applicationinspector — ApplicationInspector is a multi-language static analysis tool designed to detect specific features and characteristics… coderaiser/putout — 🐊 Pluggable and configurable JavaScript Linter, code transformer and formatter with superpowers 💪: built-in support… jshint/jshint — JSHint is a JavaScript static analysis tool and linter designed to detect errors and enforce coding standards. It…