Static Application Security Testing - SAST

References

https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/code-review-tools
https://owasp.org/www-community/Source_Code_Analysis_Tools
https://github.com/analysis-tools-dev/static-analysis

General

https://github.com/semgrep/semgrep
https://github.com/snyk/cli
https://www.sonarsource.com/open-source-editions/sonarqube-community-edition/

Python

https://github.com/PyCQA/bandit

Golang

https://github.com/securego/gosec

.NET

https://security-code-scan.github.io/

Ruby

https://github.com/presidentbeef/brakeman

Java

https://find-sec-bugs.github.io/
https://spotbugs.github.io/

NodeJs

https://github.com/ajinabraham/nodejsscan
https://github.com/eslint/eslint

PHP

https://github.com/phpstan/phpstan
https://github.com/vimeo/psalm

References

https://github.com/analysis-tools-dev/static-analysis

PreviousDynamic Application Security Testing - DAST NextSoftware Bill of Materials - SBOM

Last updated 7 months ago