Packages that audit existing source code for vulnerability analysis.
Tool count: 48
Name | Version | Description | Category | Website |
---|---|---|---|---|
androwarn | 135.626c02d | Yet another static code analyzer for malicious Android applications. | mobile code-audit | |
bandit | 1.7.10 | Python security linter from OpenStack Security | code-audit | |
bof-detector | 19.e08367d | A simple detector of BOF vulnerabilities by source-code-level check. | code-audit | |
brakeman | 1:v6.2.2.r3.g4313af20b | A static analysis security vulnerability scanner for Ruby on Rails applications | code-audit exploitation scanner | |
cflow | 1.7 | A C program flow analyzer. | code-audit | |
checkov | 3.2.283.r0.g71e236293 | Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages. | code-audit | |
codeql | 1:2.8.1 | The CLI tool for GitHub CodeQL | automation code-audit | |
cppcheck | 2.16.0 | A tool for static C/C++ code analysis | code-audit | |
cpptest | 2.0.0 | A portable and powerful, yet simple, unit testing framework for handling automated tests in C++. | code-audit | |
detect-secrets | v1.5.0.r43.ga57ec40 | An enterprise friendly way of detecting and preventing secrets in code. | code-audit | |
devaudit | 803.ca0a68e | An open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams. | code-audit | |
dscanner | 0.15.2 | Swiss-army knife for D source code. | code-audit | |
expose | 1110.30264af | A Dynamic Symbolic Execution (DSE) engine for JavaScript | binary reversing code-audit | |
flawfinder | 2.0.19 | Searches through source code for potential security flaws. | code-audit scanner | |
git-dump | 7.4c9a2a9 | Dump the contents of a remote git repository without directory listing enabled. | scanner code-audit | |
githound | v1.7.1.r15.g1d20536 | Find secret information in git repositories. | code-audit recon | |
graudit | 629.132db32 | Grep rough source code auditing tool. | code-audit | |
horusec | v2.9.0.beta.2.r1.g873d4104 | Static code analysis to identify security flaws for many languages. | code-audit | |
leena | 2.5119f56 | Symbolic execution engine for JavaScript | binary code-audit | |
local-php-security-checker | v2.1.3.r1.g1d1fdac | A command line tool that checks your PHP application packages with known security vulnerabilities. | code-audit | |
mosca | 130.a7e725d | Static analysis tool to find bugs like a grep unix command. | code-audit | |
njsscan | 0.3.1 | A static application testing (SAST) tool that can find insecure code patterns in your node.js applications. | code-audit | |
peach-fuzz | 55.404e8ee | Simple vulnerability scanning framework. | fuzzer code-audit | |
pfff | 0.29 | Tools and APIs for code analysis, visualization and transformation | code-audit | |
php-malware-finder | 0.3.4.r82.g87b6d7f | Detect potentially malicious PHP files. | webapp malware scanner code-audit | |
php-vulnerability-hunter | 1.4.0.20 | An whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications. | windows webapp code-audit | |
phpstan | 11751.a0b6b3b56 | PHP Static Analysis Tool - discover bugs in your code without running it. | code-audit | |
procyon | 0.6 | A suite of Java metaprogramming tools focused on code generation and analysis. | decompiler code-audit | |
pscan | 1.3 | A limited problem scanner for C source files | code-audit | |
rats | 6.4ba54ce | A rough auditing tool for security in source code files. It is a tool for scanning C, C++, Perl, PHP, Python and Ruby source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions. As its name implies, the tool performs only a rough analysis of source code. It will not find every error and will also find things that are not errors. Manual inspection of your code is still necessary, but greatly aided with this tool. | code-audit | |
retire | 5.2.5.r8.g32079d2 | Scanner detecting the use of JavaScript libraries with known vulnerabilities. | scanner code-audit | |
semgrep | 1.96.0 | Lightweight static analysis for many languages. | code-audit | |
shellcheck | 0.10.0 | Shell script analysis tool | code-audit | |
slither | 1:4572.3befc968b | Solidity static analysis framework written in Python 3. | code-audit exploitation | |
smalisca | 58.1aa7a16 | Static Code Analysis for Smali files. | mobile code-audit | |
snyk | 1.1283.0 | CLI and build-time tool to find and fix known vulnerabilities in open-source dependencies. | code-audit scanner | |
sonar-scanner | 4.8.0.2856 | Generic CLI tool to launch project analysis on SonarQube servers. | code-audit | |
spaf | 11.671a976 | Static Php Analysis and Fuzzer. | webapp fuzzer code-audit | |
splint | 3.1.2.git20180129 | A tool for statically checking C programs for security vulnerabilities and coding mistakes | code-audit | |
spotbugs | 17541.5e8dcde6c | A tool for static analysis to look for bugs in Java code. | code-audit | |
stacoan | 0.90 | Crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. | mobile code-audit | |
stoq | 769.8bfc78b | An open source framework for enterprise level automated analysis. | code-audit | |
tell-me-your-secrets | 1:v2.4.2.r3.g5434b9d | Find secrets on any machine from over 120 Different Signatures. | code-audit forensic | |
valgrind | 3.24.0 | A tool to help find memory-management problems in programs | binary code-audit | |
whispers | 2.4.0.r0.g24ee0f0 | Identify hardcoded secrets and dangerous behaviours. | code-audit | |
wpbullet | 34.6185112 | A static code analysis for WordPress (and PHP). | code-audit webapp | |
wscript | 201.0410be2 | Emulator/tracer of the Windows Script Host functionality. | code-audit | |
yasca | 2.1 | Multi-Language Static Analysis Toolset. | code-audit |