Security Scanning

repomixTypeScript

Pack your entire codebase into a single AI-friendly file for analysis by LLMs like Claude, ChatGPT, and Gemini.

Static Analysis & Code QualityRust

A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more.

Awesome Static AnalysisRust

A curated directory of static analysis (SAST) tools and linters for all programming languages, config files, and build tools.

GrypeGo

A vulnerability scanner for container images, filesystems, and SBOMs to detect known security issues.

GrypeGo

A vulnerability scanner for container images, filesystems, and SBOMs to detect known security issues.

sonarqubeJava

An open-source platform for continuous code quality inspection and security analysis across 30+ programming languages.

CheckovPython

A static code analysis tool that scans infrastructure as code, container images, and open source packages for security misconfigurations and vulnerabilities.

checkovPython

A static code analysis tool that scans infrastructure as code, container images, and open source packages for security misconfigurations and vulnerabilities.

tfsecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

TFSecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

tfsecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

TfsecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

PsalmPHP

A static analysis tool for finding errors and security vulnerabilities in PHP applications.

scorecardGo

Automated security health metrics for open source projects, assessing security best practices and risks.

TerrascanGo

A static code analyzer that detects security and compliance violations in Infrastructure as Code before provisioning cloud infrastructure.

terrascanGo

A static code analyzer that detects security and compliance violations in Infrastructure as Code before provisioning cloud infrastructure.

detect-secretsPython

An enterprise-friendly Python tool for detecting and preventing secrets from entering codebases with a baseline approach.

ApplicationInspectorC#

A source code analyzer that identifies features and characteristics in software components using static analysis and a JSON rules engine.

AxiomShell

A dynamic infrastructure framework for distributing security scanning workloads across multiple cloud instances.

SpotbugsJava

A static analysis tool for finding bugs in Java code, succeeding the FindBugs project.

Design Review Workflow

A collection of automated AI-powered workflows for code review, security scanning, and design review using Claude Code agents.

scansJavaScript

An open-source Cloud Security Posture Management (CSPM) tool that scans AWS, Azure, GCP, Oracle, and GitHub for security misconfigurations.

pre-commit-terraformShell

A collection of pre-commit hooks for automating code quality, security, and documentation checks for Terraform, OpenTofu, and Terragrunt configurations.

kube-linterGo

A static analysis tool that checks Kubernetes YAML files and Helm charts for security and production readiness best practices.

TellerRust

A universal secret manager CLI for developers that centralizes secrets from multiple providers and prevents secret sprawl.

BearerGo

Static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.

BearerGo

A static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.

KICSOpen Policy Agent

KICS is an open-source static analysis tool that finds security vulnerabilities, compliance issues, and misconfigurations in Infrastructure as Code.

SecurityJavaScript

ESLint plugin that identifies potential security vulnerabilities in Node.js code, requiring human triage for false positives.

is-website-vulnerableJavaScript

Scans websites for publicly known security vulnerabilities in frontend JavaScript libraries using the Snyk database.

The Claude Agent Skill for Terraform and OpenTofu - testing, modules, CI/CD, and production patterns

A Claude Agent skill providing best practices, testing strategies, and CI/CD workflows for Terraform and OpenTofu infrastructure code.

SSL Labs ScanGo

A command-line client for SSL Labs APIs, enabling automated and bulk SSL/TLS security assessments.

Stelligent/cfn_nagRuby

A linting tool that scans AWS CloudFormation templates for insecure infrastructure patterns and security violations.

SonarJSTypeScript

A static code analyzer for JavaScript, TypeScript, and CSS that detects quality and security issues.

CherrybombRust

A CLI tool that audits API specifications, validates OpenAPI compliance, and runs security tests to prevent undefined user behavior.

Awesome Dynamic AnalysisMarkdown

A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.