You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+4-12Lines changed: 4 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -168,7 +168,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
168
168
169
169
-[ESBMC](http://esbmc.org) — ESBMC is an open source, permissively licensed, context-bounded model checker based on satisfiability modulo theories for the verification of single- and multi-threaded C/C++ programs.
170
170
171
-
-**flawfinder**:warning: — Finds possible security weaknesses.
171
+
-[flawfinder](http://dwheeler.com/flawfinder/) — Finds possible security weaknesses.
172
172
173
173
-**flint++**:warning: — Cross-platform, zero-dependency port of flint, a lint program for C++ developed and used at Facebook.
174
174
@@ -268,7 +268,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
268
268
269
269
-[ESBMC](http://esbmc.org) — ESBMC is an open source, permissively licensed, context-bounded model checker based on satisfiability modulo theories for the verification of single- and multi-threaded C/C++ programs.
270
270
271
-
-**flawfinder**:warning: — Finds possible security weaknesses.
271
+
-[flawfinder](http://dwheeler.com/flawfinder/) — Finds possible security weaknesses.
272
272
273
273
-**flint++**:warning: — Cross-platform, zero-dependency port of flint, a lint program for C++ developed and used at Facebook.
274
274
@@ -907,8 +907,6 @@ It uses the pycodestyle utility to determine what parts of the code needs to be
907
907
908
908
-**ciocheck**:warning: — Linter, formatter and test suite helper. As a linter, it is a wrapper around `pep8`, `pydocstyle`, `flake8`, and `pylint`.
909
909
910
-
-[Code Pathfinder](https://codepathfinder.dev) — An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced structural search, derive insights, find vulnerabilities in code.
911
-
912
910
-**cohesion**:warning: — A tool for measuring Python class cohesion.
913
911
914
912
-[deal](https://deal.readthedocs.io/) — Design by contract for Python. Write bug-free code. By adding a few decorators to your code, you get for free tests, static analysis, formal verification, and much more.
@@ -1383,6 +1381,8 @@ It supports multiple languages and is designed to be extensible, allowing you to
1383
1381
1384
1382
-[Code Intelligence](https://www.code-intelligence.com):copyright: — CI/CD-agnostic DevSecOps platform which combines industry-leading fuzzing engines for finding bugs and visualizing code coverage
1385
1383
1384
+
-[Code Pathfinder](https://codepathfinder.dev) — Opensource Static Code Analysis for security teams with Inter file dataflow taint analysis. Built for finding vulnerabilities, advanced structural search, derive insights and supports MCP server.
1385
+
1386
1386
-[Code-Graph-RAG](https://code-graph-rag.com) — Builds knowledge graphs from multi-language codebases using Tree-sitter AST parsing and stores them in Memgraph. Supports 11 programming languages with a unified graph schema and enables natural language querying and editing of code structure and relationships. Functions as an MCP server for AI assistant integration.
1387
1387
1388
1388
-[Codeac](https://www.codeac.io/?ref=awesome-static-analysis):copyright: — Automated code review tool integrates with GitHub, Bitbucket and GitLab (even self-hosted). Available for JavaScript, TypeScript, Python, Ruby, Go, PHP, Java, Docker, and more. (open-source free)
@@ -1823,8 +1823,6 @@ Loading address: binbloom can parse a raw binary firmware and determine its load
1823
1823
1824
1824
-[clair](https://github.com/coreos/clair) — Vulnerability Static Analysis for Containers.
1825
1825
1826
-
-[Code Pathfinder](https://codepathfinder.dev) — An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced structural search, derive insights, find vulnerabilities in code.
1827
-
1828
1826
-**collector**:warning: — Run arbitrary scripts inside containers, and gather useful information.
1829
1827
1830
1828
-**dagda**:warning: — Perform static analysis of known vulnerabilities in docker images/containers.
@@ -1863,8 +1861,6 @@ It identifies potential security risks in K8s RBAC design and makes suggestions
1863
1861
1864
1862
-[Code Climate](https://codeclimate.com) — The open and extensible static analysis platform, for everyone.
1865
1863
1866
-
-[Code Pathfinder](https://codepathfinder.dev) — An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced structural search, derive insights, find vulnerabilities in code.
1867
-
1868
1864
-[Codecov](https://about.codecov.io/):copyright: — Codecov is a company that provides code coverage tools for developers and engineering leaders to gain visibility into their code coverage.
1869
1865
They offer flexible and unified reporting, seamless coverage insights, and robust coverage controls. Codecov supports over 20 languages and is CI/CD agnostic. Over 29,000 organizations and 1 million developers use Codecov. Codecov has recently joined Sentry.
1870
1866
@@ -1919,8 +1915,6 @@ Its technology helps developers automate testing, find bugs, and reduce manual l
1919
1915
1920
1916
-[Cloud (IaC) Security for JetBrains IDEs](https://plugins.jetbrains.com/plugin/25413-cloud-iac-security) — Cloud (IaC) Security plugin for JetBrains IDEs. Performs real-time inspections of Docker & Kubernetes IaC with 50+ rules based on Docker image/build security best practices, Kubernetes Pod Security Standards, and NSA/CISA Kubernetes Hardening Guidance.
1921
1917
1922
-
-[Code Pathfinder](https://codepathfinder.dev) — An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced structural search, derive insights, find vulnerabilities in code.
1923
-
1924
1918
-[Dockle](https://github.com/goodwithtech/dockle) — Container Image Linter for Security helping build the Best-Practice Docker Image. Scans Docker images for security vulnerabilities and CIS Benchmark compliance. Checks for secrets, credential exposure, and security best practices. Provides multiple severity levels (FATAL, WARN, INFO) and supports various output formats for CI/CD integration.
1925
1919
1926
1920
@@ -2219,8 +2213,6 @@ but with the following improvements:
2219
2213
2220
2214
-[Cloud (IaC) Security for JetBrains IDEs](https://plugins.jetbrains.com/plugin/25413-cloud-iac-security) — Cloud (IaC) Security plugin for JetBrains IDEs. Performs real-time inspections of Docker & Kubernetes IaC with 50+ rules based on Docker image/build security best practices, Kubernetes Pod Security Standards, and NSA/CISA Kubernetes Hardening Guidance.
2221
2215
2222
-
-[Code Pathfinder](https://codepathfinder.dev) — An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced structural search, derive insights, find vulnerabilities in code.
2223
-
2224
2216
-[Credential Digger](https://github.com/SAP/credential-digger) — Credential Digger is a GitHub scanning tool that identifies hardcoded credentials (Passwords, API Keys, Secret Keys, Tokens, personal information, etc), and filtering the false positive data through a machine learning model called [Password Model](https://huggingface.co/SAPOSS/password-model). This scanner is able to detect passwords and non structured tokens with a low false positive rate.
2225
2217
2226
2218
-[Datree](https://datree.io/) — A CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies
"description": "An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced structural search, derive insights, find vulnerabilities in code.",
3383
+
"description": "Opensource Static Code Analysis for security teams with Inter file dataflow taint analysis. Built for finding vulnerabilities, advanced structural search, derive insights and supports MCP server.",
3383
3384
"discussion": null,
3384
3385
"deprecated": null,
3385
3386
"resources": [
@@ -7598,7 +7599,7 @@
7598
7599
"plans": null,
7599
7600
"description": "Finds possible security weaknesses.",
0 commit comments