Parse CSS, Sass, and SCSS into Unist syntax trees
Meta-schema for the Static Application Security Testing (SAST) of JSON Schemas
SOOS Static Application Security Testing (SAST) scanning support. Register for a free SOOS trial at https://app.soos.io/register
Globstar-compatible static analysis tool for Node.js - A backward-compatible reimplementation of the MIT-licensed Globstar.dev SAST
LLM-enhanced SAST analysis built on circle-ir
Opengrep adapter — CLI-mode multi-language SAST scanner
Full SAST + SCA sweep for the pull_request.deep lifecycle stage. Semgrep with full ruleset (auto config) + osv-scanner against package manifests.
SAST CLI tool for detecting vulnerabilities in Node.js backends
tools for using AppThreat/sast-scan with JupiterOne
Agentic SAST scanner — white box, CI-ready, multi-provider. Reasoning where regex falls short.
High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis
Command to convert Gitlab SAST report to SonarQube external issue report
SAST Tool For Javascript
Converts tslint output into GitLab SAST report format
A lightweight, extensible Static Application Security Testing (SAST) tool for JavaScript. Detects vulnerabilities like XSS, SQL injection, hardcoded secrets, prototype pollution, and more — with CWE references, severity ratings, and context-aware reportin
ExploitQ CLI — SAST, SCA, API security, and secrets scanning for CI/CD pipelines
GitLab SAST for NodeJS
SpotBugs Java SAST scanner adapter for AspidaSec
gosec Go SAST scanner adapter for AspidaSec
Bandit Python SAST scanner adapter for AspidaSec
Herramienta SAST (Análisis Estático de Seguridad) para detectar vulnerabilidades y código malicioso.
Real-time code-quality gate for AI coding agents (Claude Code) — multi-engine SAST + LLM critic + cross-file taint, OSS, self-hosted.
MCP server for AI-powered security scanning - SAST, SCA, DAST, and secrets detection
Kensa SAST プラグイン(Semgrep 統合、AI生成コード向けカスタムルール)
This tool helps in running Static Code Analysis (SCA), Static Application Security Testing (SAST), Secret scanning, and License compliance scanning on your project. It also allows you to write your own policy files in YAML format to enforce blocking in pipelines when security issues are detected.
AI Code Security Scanner — detect vulnerabilities in AI-generated code
Security gate for AI-generated code - blocks the build until vulnerabilities are fixed
Security static analyzer for Rust. Analyzes MIR to detect vulnerabilities. (Requires nightly)
A security scanner as fast as a linter, written in Rust. 170+ built-in rules across 11 languages.
A blazingly-fast, Rust tool for finding patterns in code, inspired by 'gf'.
AI-enhanced code security scanner — blazing fast secret detection with LLM-powered false positive filtering
React performance + security scanner. Finds perf anti-patterns, XSS, secrets, and CVEs. Single binary, zero config, SARIF output.
Qryon - Ultra-fast code intelligence and security analyzer for polyglot projects
Scanr command-line interface
Scanr engine abstraction contracts
SCA engine implementation for Scanr
SDK to construct SAST scanners
WARNING: Contains intentional security vulnerabilities including command injection, YAML deserialization, eval injection, and hardcoded secrets. For testing GitLab dependency scanning, SAST tools, and security training ONLY. DO NOT use in production.
Bloodinary detects high-severity vulnerabilities like SQLi, XSS, and RCE in any Ruby application, including custom frameworks.
Shield AST is an all-in-one command-line tool that automates security testing by integrating popular open-source scanners for SAST, SCA, and IaC, helping you find and fix vulnerabilities early in the development lifecycle.
A Ruby library which allows you to stem words in Bahasa Indonesia.
A maintained fork of the sastrawi gem. Stems words in Bahasa Indonesia using the Nazief & Adriani algorithm with Enhanced Confix Stripping. Based on the original work by Andrias Meisyal (sastrawi gem) and the PHP Sastrawi project (github.com/sastrawi/sastrawi).
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.