Static Application Security Testing

AI-powered SAST tool that finds and auto-fixes code vulnerabilities in real-time

Static application security testing tool for source code vulnerability scanning

Code security and quality platform with SAST, SCA, DAST, and AI code protection

Real-time vulnerability detection and automated fixing for AI-generated code

A command-line tool that scans textual data and Git history to identify and locate secrets, API keys, passwords, and other sensitive information.

A pre-commit security tool that scans source code repositories to detect and prevent secrets like API keys, passwords, and credentials from being committed to version control systems.

Pre-commit hook for validating outgoing changeset

A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.

Insider is an open-source CLI tool that performs static source code analysis to detect OWASP Top 10 vulnerabilities across multiple programming languages including Java, Kotlin, Swift, .NET, C#, and JavaScript.

A sensitive data detection tool for scanning source code repositories

StaCoAn is a cross-platform tool for static code analysis on mobile applications, emphasizing the identification of security vulnerabilities.

SearchCode is an extensive code search engine that indexes 75 billion lines of code from millions of projects to help developers find coding examples and libraries.

Betterscan is an orchestration toolchain that coordinates multiple security tools to scan source code and infrastructure as code for security vulnerabilities, compliance risks, secrets, and misconfigurations.

Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.

Exhaustive checklist for securing Node.js web services with a focus on error handling and custom error pages.

JSON.parse() drop-in replacement with prototype poisoning protection.

Using high-quality entropy sources for CSPRNG seeding is crucial for security.

A Node.js library for validating environment variables and providing immutable access to configuration values in applications.

A suite of secret scanners built in Rust for performance.

A tool for identifying potential security vulnerabilities in web applications

Dependencies is an open-source modern replacement for Dependency Walker that helps Windows developers analyze and troubleshoot DLL load dependency issues.

A collection of vulnerable web application test cases designed to benchmark and evaluate the effectiveness of static security analyzers and penetration testing tools.

QARK is a static analysis tool that scans Android applications for security vulnerabilities and can generate proof-of-concept exploits for discovered issues.

DroidRA is an instrumentation-based Android security analysis tool that improves the accuracy of reflective call analysis through composite constant propagation techniques.