#codeanalysis

DeepSecrets
DeepSecrets

Secrets scanner that understands code.

JPEXS
JPEXS

Free Flash decompiler.

django-DefectDojo
django-DefectDojo

DevSecOps, ASPM, Vulnerability Management.

tfsec
tfsec

Security scanner for your Terraform code.

sonarqube
sonarqube

Continuous inspection.

nodejsscan
nodejsscan

A static security code scanner for Node.js applications.

Semgrep
Semgrep

Lightweight static analysis for many languages.

UglifyJS
UglifyJS

A JavaScript parser, minifier, compressor and beautifier toolkit.

MapperPlus
MapperPlus

An advanced source map extractor based on headless browser.

infer
infer

A static analyzer for Java, C, C++, and Objective-C.

qark
qark

Look for several security related Android application vulnerabilities.

pmd
pmd

An extensible multilanguage static code analyzer.

brakeman
brakeman

Static analysis security vulnerability scanner for Ruby on Rails applications.

codeql
codeql

Power security researchers around the world as well as code scanning.

Argus-SAF
Argus-SAF

Static analysis framework built in house to do security vetting for Android applications.

sourcemapper
sourcemapper

Extract JavaScript source trees from source map files.

jswzl
jswzl

Improve your web application aecurity testing with rich data from static analysis.

Pyscan
Pyscan

A dependency vulnerability scanner for your python projects, straight from the terminal.

Frida
Frida

Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

murphysec
murphysec

An open source tool focused on software supply chain security.

repo-supervisor
repo-supervisor

Scan your code for security misconfiguration, search for passwords and secrets.

talisman
talisman

Validate the outgoing changeset for things that look suspicious such as tokens, passwords and keys.

git-secrets
git-secrets

Prevents you from committing secrets and credentials into git repositories.

gef
gef

A modern experience for GDB with advanced debugging capabilities.

svn-extractor
svn-extractor

Simple script to extract all web resources by means of .SVN folder exposed over network.

QuadraInspect
QuadraInspect

A comprehensive approach to the vulnerability analysis of Android application.

ggshield
ggshield

Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.

GitHacker
GitHacker

A Git source leak exploit tool that restores the entire Git repository, including data from stash.

Nosey Parker
Nosey Parker

Command-line tool that finds secrets and sensitive information in textual data and Git history.

drek
drek

A static-code-analysis tool for performing security-focused code reviews.

detect-secrets
detect-secrets

An enterprise friendly way of detecting and preventing secrets in code.

EarlyBird
EarlyBird

Sensitive data detection tool capable of scanning source code repositories.

Mosca
Mosca

Manual search tool to find bugs like a grep unix command.

Sourcegraph
Sourcegraph

Search millions of open source repositories.

localdataHog
localdataHog

String-based secret-searching tool, high entropy and regexes.

StaCoAn
StaCoAn

Crossplatform tool which help to perform static code analysis on mobile applications.

Betterscan
Betterscan

Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.

Whispers
Whispers

Identify hardcoded secrets in static structured text.

Yet Another Robber
Yet Another Robber

Yar is a tool for plunderin' organizations, users and/or repositories...

TruffleHog
TruffleHog

Find credentials all over the place.