An example JavaScript application that shows how Sonar's deeper SAST can detect vulnerabilities even with third-party libraries

A compliance automation platform. Scale GRC, and enhance security and compliance program.

Docker - Container bauen und pflegen – Best Practices (RevealJS Presentation)

Static analyser for unsafe use of jQuery methods which are vulnerable to XSS attack. Also available as a Coala Bear.

ESLint backbone repository for workshop

Integrate static security testing with HCL AppScan on Cloud using GitHub Actions

CodeThreat GitHub Action integrates with GitHub to perform code security tests on your code. It supports a variety of languages and frameworks, providing detailed security scans to identify potential issues.

GitHub native DevSecOps CI/CD best practices include automated security testing, code analysis, and policy enforcement using GitHub Actions, coupled with secure IaC and container security measures. This entails managing secrets, enforcing access control, and implementing incident response and monitoring, all while fostering continuous learning.

A static analyzer to scan JavaScript code for problematic regular expressions.

Static analysis framework for Polynomial Identity Language (PIL) used in zkEVM for defining state machines

CodeSec by Contrast - The fastest and most accurate SAST scanner. Scan code and serverless environments

Checkmarx Scan Github Action

GPT AiCSA(Code security audit)，SAST（Static Application Security Testing，静态应用程序安全测试），JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes

An OpenAPI 3 checker based on spectral.

JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.