Security Scanning

70 projects

Showing 34 of 70 projects

Security Code ScanC#

A static code analyzer that detects security vulnerabilities in C# and VB.NET applications.

#owasp#analyzer#csharp

Stars974

Forks160

Last commit1 year ago

SonarC#C#

Static code analyzer for C# and VB.NET that detects bugs, vulnerabilities, and code smells to improve code quality and security.

#code-metrics#static-code-analysis#csharp

Stars907

Forks240

Last commit4 days ago

BinSkimC#

A lightweight static analysis tool that validates security and correctness characteristics of Windows PE and Linux ELF binaries.

#nuget#microsoft#security-scanning

Stars854

Forks171

Last commit3 days ago

plpgsql_checkC

A PostgreSQL extension that performs static analysis and linting for PL/pgSQL stored procedures.

#database-development#linter#function-plpgsql

Stars763

Forks58

Last commit3 days ago

web-codegen-scorerTypeScript

A tool for evaluating the quality of web code generated by Large Language Models (LLMs) using configurable checks and automated repair.

#llm-coding#accessibility-testing#security-scanning

Stars749

Forks63

Last commit

PHPCS Security AuditPHP

A PHP_CodeSniffer ruleset that detects security vulnerabilities and weaknesses in PHP code, including Drupal 7.

#phpcs#php-security#drupal-security

Stars727

Forks79

Last commit3 years ago

repo-supervisorJavaScript

A security tool that scans code for secrets and passwords in JSON, JavaScript, and YAML files via CLI or GitHub PR webhooks.

#github-integration#entropy-analysis#secret-detection

Stars653

Forks89

Last commit3 years ago

Snyk Test ActionHTML

A collection of GitHub Actions for Snyk to check projects for vulnerabilities across multiple languages and tools.

#actions#container-security#snyk-integration

Stars640

Forks194

Last commit8 days ago

Scan code with SonarCloudShell

A deprecated GitHub Action for scanning code with SonarQube Cloud to detect quality and security issues.

#multi-language#sonarcloud#security-scanning

Stars608

Forks229

Last commit9 months ago

Kubectrl KubesecGo

A kubectl plugin for security risk analysis of Kubernetes resources like pods, deployments, daemonsets, and statefulsets.

#container-security#kubectl-plugin#risk-analysis

Stars519

Forks36

Last commit1 year ago

stacktowerGo

Visualize package dependencies as XKCD-style tower diagrams for Python, Rust, JavaScript, Ruby, PHP, Java, and Go.

#multi-language#software-architecture#developer-tools

Stars514

Forks12

Last commit26 days ago

deps.rsSass

A service that shows at a glance if your Rust dependencies are out of date or insecure.

#devops#open-source#crates

Stars488

Forks29

Last commit1 month ago

GitHub Actions for WordPressShell

A collection of GitHub Actions and workflows for automating WordPress plugin development, deployment, and quality checks.

#phpcs#security-scanning#wordpress-org

Stars463

Forks41

Last commit8 months ago

SkylosPython

Open-source static analysis tool for Python, TypeScript, and Go that detects dead code, security vulnerabilities, and AI-generated regressions.

#security-scanning#ai-code-review#vulnerability-detection

Discover internet-wide misconfigurations in services like Elasticsearch, databases, and web servers using high-speed scanning tools.

#internet-wide-scan#osint#zgrab2

Stars398

Forks43

Last commit5 years ago

ExakatPHP

An automated static analysis engine for PHP that performs automated code reviews and identifies issues.

#exakat-engine#phar#php7

Stars380

Forks42

Last commit4 years ago

HawkeyeJavaScript

A security scanning CLI tool that detects vulnerabilities, secrets, and outdated dependencies across multiple programming languages.

#multi-language#pre-commit-hooks#secret-detection

Stars362

Forks86

Last commit4 years ago

addons-linterJavaScript

A linter for Firefox WebExtensions that validates add-ons for security, performance, and policy compliance.

#developer-tools#browser-extensions#security-scanning

Stars358

Forks158

Last commit4 days ago

linters

A community wiki curating static analysis tools (linters) for improving code quality across programming languages and formats.

#developer-tools#security-scanning#programming-languages

Stars349

Forks30

Last commit2 months ago

terraregGo

Open source Terraform module registry with UI, Git integration, security alerts, and cost estimation.

#devops#module-registry#terraform-registry

Stars343

Forks38

Last commit28 days ago

vuln-regex-detectorPerl

A tool to scan projects for regexes vulnerable to catastrophic backtracking (REDOS) through static extraction, detection, and validation.

#programming-security#regex-security#security-scanning

A fast TUI for searching, inspecting, and managing Arch Linux and AUR packages with integrated security scans and news.

#arch-linux#archlinux#packages

Stars275

Forks9

Last commit21 days ago

cloud-conciergeGo

A containerized tool that codifies unmanaged cloud resources as Terraform, detects drift, estimates costs, and scans for security issues via pull requests.

#cloud-infrastructure#devops#security-scanning

A self-hosted private Terraform registry for modules and providers with built-in security scanning and documentation.

#hacktoberfest#devops#private-registry

Stars237

Forks21

Last commit3 days ago

validIaCTypeScript

An open-source tool that combines tflint, tfsec, infracost, and inframap to validate Terraform Infrastructure-as-Code.

#cloud-infrastructure#devops#security-scanning

Stars235

Forks8

Last commit1 year ago

Upload and Scan Files with VirusTotalTypeScript

A GitHub Action to upload and scan files for malware using VirusTotal's analysis engine.

#supply-chain-security#actions#virustotal

Stars224

Forks22

Last commit3 days ago

MageVulnDBPHP

A database of Magento 1 and 2 extensions with known security vulnerabilities, enabling automated detection of insecure third-party modules.

#magento#vulnerability#magento-extensions

Stars211

Forks36

Last commit13 days ago

DrydockTypeScript

An open-source container update monitoring tool with a modern dashboard, supporting 23 registries, 20 notification triggers, and automated updates.

#devops#homelab#container-monitoring

A Python tool that scans codebases for potentially dangerous patterns like hardcoded passwords or accidental diff checkins.

#secret-detection#pre-commit#security-scanning

Stars127

Forks20

Last commit4 years ago

usulnetGo

A self-hosted Docker management platform with a unified web UI for containers, security, DNS, VPN, monitoring, backups, and multi-node orchestration.

#backup-management#reverse-proxy#devops

Stars116

Forks5

Last commit18 days ago

TangoGo

A command-line tool for analyzing server access logs with filters and detailed reports.

#traffic-analysis#tango-logs#apache-log-analysis

Stars113

Forks4

Last commit3 months ago

pre-commit-opentofuShell

A collection of pre-commit hooks for automating formatting, validation, security scanning, and documentation of OpenTofu configurations.

#hacktoberfest#devops#pre-commit

Stars93

Forks14

Last commit5 days ago

easy_infraPython

A Docker container that simplifies and secures Infrastructure as Code deployments by running security scans before IaC tools.

#devops#azure#continuous-integration

Stars78

Forks7

Last commit4 days ago

Run tfsec, with reviewdog output on the PRShell

A GitHub Action that runs tfsec with reviewdog on pull requests to enforce Terraform security best practices.

#terraform-security#security-scanning#infrastructure-as-code

Stars76

Forks24

Last commit

PreviousPage 2 of 2

Related Tags

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub