Insider
Insider is an open-source command-line interface tool developed by the Insider Application Security Team for static source code analysis. The tool performs security analysis directly on source code to identify vulnerabilities and security issues. The tool supports multiple programming languages and technologies including Java, Kotlin, Swift, .NET, C#, and JavaScript. It focuses on detecting security vulnerabilities that align with the OWASP Top 10 security risks. Insider integrates into development workflows through a GitHub Action, enabling automated security scanning within CI/CD pipelines. This integration allows development teams to incorporate security analysis into their DevOps processes without manual intervention. The tool operates as a static analysis security testing (SAST) solution, examining source code without executing the application. It provides vulnerability detection capabilities that help identify potential security flaws during the development phase before code deployment.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.
AndroBugs Framework is an Android vulnerability analysis system that scans mobile applications for security vulnerabilities, missing best practices, and dangerous shell commands.
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.