28 个仓库
Static analysis tools that scan source code for security vulnerabilities and coding flaws.
Distinct from Security and Vulnerability Scanning: None of the candidates accurately capture source-level vulnerability scanning without being tied to awesome-lists or container images.
Explore 28 awesome GitHub repositories matching security & cryptography · Source Code Vulnerability Scanning. Refine with filters or upvote what's useful.
Edict is a multi-agent orchestration system and framework designed to coordinate specialized large language model agents. It functions as a workflow designer and orchestrator that decomposes complex objectives into structured plans, using directed acyclic graphs and role-based hierarchies to execute sub-tasks. The system is distinguished by its event-driven architecture, utilizing a publish-subscribe event bus and transactional outbox to manage agent communications and task transitions. It features a dedicated skill management system that allows for the importation, updating, and sandboxed ex
Scans source code for vulnerabilities and generates ranked lists of risks with corresponding fixes.
gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph
Analyzes source code against security rules to identify potential vulnerabilities and risks.
Bandit is a static analysis security testing tool and vulnerability detection scanner for Python source code. It functions as a security-focused linter and static analyzer that identifies common vulnerabilities and architectural flaws without executing the program. The tool utilizes an abstract syntax tree to analyze code patterns and identifies risky function calls or insecure configurations. It employs a plugin-based rule engine to decouple scanning logic from individual security checks and supports configuration-driven filtering to exclude specific files or ignore certain warnings. The sy
Scans Python source code for security vulnerabilities and coding flaws before deployment.
ClamAV - Documentation is here: https://docs.clamav.net
Provides a command-line tool for one-time file scans without requiring a persistent daemon process.
Superagent is a framework for AI assistant orchestration and agent security. It provides the tools to build intelligent assistants that integrate external APIs and maintain conversation memory to automate complex tasks. The project focuses on AI agent security through adversarial testing, red teaming, and the detection of prompt injections and malicious tool calls. It includes automated vulnerability patching, which scans codebases and configurations for security flaws and generates pull requests with fixes. The platform supports retrieval augmented generation by connecting language models t
Continuously scans repositories and configurations during CI/CD to identify vulnerabilities and generate automated fixes.
AllAboutBugBounty is a curated collection of bug bounty techniques and payloads for web application security testing. It serves as a reference resource covering common web vulnerabilities and exploitation methods for security researchers, providing a structured approach to identifying and exploiting web application security flaws in bug bounty programs. The repository covers a wide range of attack categories including authentication bypass, cross-site scripting injection, server-side request forgery, web cache poisoning, and business logic abuse. It includes techniques for bypassing access co
Documents techniques for exposing source code via misconfigurations as part of bug bounty reconnaissance.
该项目是一个使用大语言模型代理进行安全漏洞自动发现和修复的框架。它作为一个安全研究管道,自动化侦察、崩溃发现和可利用性分析过程,以识别可重现的软件错误。 该系统通过利用限制网络出口和文件系统访问以防止宿主机受损的容器化代理沙箱而脱颖而出。它采用专门的补丁生成和验证循环,其中包括对抗性重攻击测试,即由新代理尝试使用新输入绕过建议的修复程序,以确保修复的有效性。 该框架涵盖了广泛的安全功能,包括静态漏洞分析、攻击面划分和威胁模型构建。它提供了通过崩溃签名聚类和去重进行漏洞分类的工具,以及执行大规模代码迁移以在整个代码库中应用系统性修复的能力。
Uses AI agents to analyze code, craft inputs, and execute binaries to autonomously discover security flaws.
Trail of Bits scans source code with static analysis and fuzzing to find security flaws without manual effort.
jscpd is a code duplication detector that scans source code across 223 languages to find identical or near-identical copy-pasted blocks using a rolling hash algorithm. It is built with a Rust core for high performance, exposed through a Node.js API and CLI, and can be run as a standalone binary with no runtime dependencies. The tool detects duplicates in embedded languages within Vue, Svelte, Astro, and Markdown files by tokenizing each language block separately, and it supports extensionless scripts via shebang detection. The project distinguishes itself through its integration capabilities
Scans source directories for exact and near-exact code clones across many languages.
Snyk is an application security testing platform designed to identify and remediate vulnerabilities across source code, open-source dependencies, container images, and infrastructure-as-code configurations. It functions as a comprehensive security workflow automation tool, utilizing a static analysis engine and dependency graph mapping to detect security flaws and license compliance issues throughout the software development lifecycle. The platform distinguishes itself through agentic workflow orchestration and an automated remediation pipeline that generates and submits pull requests to patc
Examines application code for security flaws using interfile analysis and standard library awareness.
Revive is a configurable static analysis linter and code quality tool for Go. It analyzes source code to detect common coding mistakes, identify style violations, and enforce language standards without executing the program. The project functions as both a command line tool and an embeddable analysis engine. This allows the core linting logic to be integrated as a library into other Go applications for programmatic code inspection. The tool supports custom rule sets and severity levels managed through a structured configuration file. It provides capabilities for suppressing specific warnings
Performs static analysis on Go source files to detect mistakes and enforce style standards.
The Snyk CLI is a command-line security scanner that detects known vulnerabilities across open-source dependencies, proprietary application code, container images, and infrastructure-as-code configuration files. It also serves as a platform management tool, allowing users to configure organizations, users, SSO, and reporting from the terminal rather than the web dashboard. The CLI integrates directly into development workflows, enabling scanning within IDEs, build pipelines, and version control systems. It implements static analysis with interfile data flow analysis to find complex security f
Performs static analysis on application source code to detect security flaws.
这是一个基于 AI 的静态分析工具和自动化漏洞扫描器,旨在检测注入和身份验证绕过等安全缺陷。它利用大语言模型对多种编程语言进行语义推理,从而识别代码变更中的漏洞。 该工具作为 GitHub Action 运行,集成在持续集成流水线中以分析 Pull Request 的差异。它专注于修改后的代码行,针对性地发现新风险,并通过在 Pull Request 中直接发布自动化评论来报告结果。 分析过程由可自定义的安全策略和外部规则注入引导,支持针对特定项目的指令。这些自定义规则和过滤器用于减少干扰并剔除低影响的发现,从而优先处理高置信度的安全风险。
Analyzes specific code changes in a diff to identify new security risks without scanning the entire codebase.
Credo 是一个用于 Elixir 的静态分析工具和 Linter。它作为一个代码质量分析器,扫描源代码以识别风格不一致、常见错误和潜在的安全漏洞。 该工具提供了一个可定制的框架,用于定义和测试专门的规则,以强制执行项目特定的编码标准。它识别复杂的代码片段和重复代码,以突出重构和简化的机会。 其功能涵盖自动化代码审查、Elixir 编码标准的强制执行,以及通过编辑器集成提供的实时开发者反馈。
Scans source code for security vulnerabilities, coding flaws, and stylistic inconsistencies using predefined logic checks.
gocode 是一个用于 Go 语言的语言服务器后端和自动补全守护进程。它作为一个静态代码分析器和符号索引器,为文本编辑器提供实时的标识符和符号建议。 该项目利用客户端-服务器守护进程架构来维护一个持久的后台进程,避免了为每个请求重新加载包元数据的开销。它采用两级元数据缓存系统,并解析已编译的包二进制文件,以实现快速的符号查找和声明检索。 该系统涵盖了广泛的功能领域,包括针对成员字段、函数签名和变量的上下文敏感自动补全,以及自动代码格式化。它管理词法作用域跟踪和递归符号解析,以确保准确的类型和变量补全。 管理工具允许进行守护进程配置管理、状态控制以及带有详细日志记录的调试模式,以监控后台进程。
Operates as a background process analyzing Go source and binaries to provide real-time symbol suggestions.
openvas-scanner 是一个漏洞扫描器,旨在识别目标系统中的安全弱点和过时软件。它通过执行安全测试和网络攻击脚本进行网络漏洞扫描,并通过对已安装软件进行静态版本检查来执行本地安全审计。 该项目利用社区管理的源(feeds)来同步和更新本地安全定义和漏洞测试。这些测试和扫描配置通过容器镜像或手动传输加载到系统中,并存储在持久化关系型数据库中,以便进行长期跟踪和报告。 该系统包含一个可以使用容器编排部署的管理栈。通过 Web 管理仪表板、专用命令行工具以及各种远程过程接口(包括基于 XML 的 API 和用于 Windows 系统远程进程执行的 WMI)提供管理控制。 安全和访问通过基于角色的访问控制(RBAC)、密码策略强制执行以及 Web 界面的 TLS 加密进行管理。该扫描器还具有异步任务调度功能以自动化安全审计,并支持通过 SMTP 发送电子邮件通知以进行安全警报。
Provides a dedicated command-line toolset to manage the vulnerability system and scanner.
Vulture is a static analysis tool and linter designed to find unused variables, functions, and classes in Python source code. It operates as a dead code detector and unused code finder that scans source files to identify unreachable expressions and imports without executing the code. The tool employs a confidence-based heuristic scoring system to assign probability values to detections, helping to distinguish truly unused symbols from potential false positives. It further assists in pruning dead logic by sorting detected unused classes and functions by line count to prioritize the removal of
Acts as a static analysis tool specifically designed to find unreferenced symbols in Python code.
Latest is a macOS system utility and application update tracker that monitors installed software to identify available version updates. It functions as a software update aggregator, providing a centralized dashboard to track pending updates across multiple installation sources. The tool serves as a release note viewer, retrieving and displaying detailed changelogs and version history in a consistent layout. It enables keyboard-driven navigation, allowing users to browse update lists and trigger installations through a secondary input bar. The application covers software maintenance and unifi
Scans multiple software installation sources to identify pending updates and consolidate them into a unified list.
DeepAudit is a privacy-preserving code audit platform that combines multiple specialized AI agents to identify and verify security vulnerabilities in source code. It functions as a local LLM vulnerability scanner, an automated security report generator, and a sandboxed exploit verifier, all operating entirely within an internal network to keep sensitive code and data on premises. What distinguishes DeepAudit is its multi-agent cooperative approach: teams of AI agents jointly plan, analyze, and cross-check findings across the codebase, moving beyond single-pass scanning. The platform also sand
Scanning source code and configuration files for known security vulnerabilities using rule-based pattern matching and vulnerability databases.
PurpleLlama 是一套安全工具集和框架,旨在审计大语言模型(LLM)漏洞并实施运行时输入输出防护栏。它提供了一个安全评估框架和基准测试套件,用于量化与提示词注入(prompt injection)及恶意代码生成相关的风险。 该项目包含内容审核器和输入输出过滤器,使用标准化分类法来识别并拦截有害内容、越狱尝试和不安全命令。它还具备敏感文档分类功能,以防止私密信息的未经授权泄露。 该系统涵盖了广泛的安全领域,包括多语言安全分类、执行时代码漏洞扫描,以及基于行业标准框架的网络安全风险基准测试。
Inspects generated code fragments for security vulnerabilities and malicious commands prior to execution.