Insider is an open-source command-line interface tool developed by the Insider Application Security Team for static source code analysis. The tool performs security analysis directly on source code to identify vulnerabilities and security issues. The tool supports multiple programming languages and technologies including Java, Kotlin, Swift, .NET, C#, and JavaScript. It focuses on detecting security vulnerabilities that align with the OWASP Top 10 security risks. Insider integrates into development workflows through a GitHub Action, enabling automated security scanning within CI/CD pipelines. This integration allows development teams to incorporate security analysis into their DevOps processes without manual intervention. The tool operates as a static analysis security testing (SAST) solution, examining source code without executing the application. It provides vulnerability detection capabilities that help identify potential security flaws during the development phase before code deployment.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
Grafeas is an API specification for managing and auditing metadata about software resources across the software supply chain.
Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.