#Sarif

Showing 16 of 16 repositories tagged #sarif, ranked by stars

JetBrains
JetBrains
qodana-action

βš™οΈ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle

Score
0
β˜… 303 β‘‚ 42 β€”
JavaScript
0sec-labs
0sec-labs
foxguard

A blazingly fast security scanner, written in Rust. Batteries included, TUI for triage, secrets, post-quantum audits, diff-aware scans and more π“ƒ₯

Score
86
β˜… 274 β‘‚ 15 β€”
Rust
Coff0xc
Coff0xc
AutoRedTeam-Orchestrator

Enterprise AI Red Team Platform | 企业级AI纒队平台 | 132 MCP Tools | Pure Python Engines | SDK+CLI+MCP | Auto-Download sqlmap/nuclei/ffuf | Production C2 | LLM Enhanced | Docker Sandbox | SARIF CI/CD | 1980 Tests

Score
100
β˜… 254 β‘‚ 52 β€”
Python
sbom-tool
sbom-tool
sbom-tools

Semantic SBOM/CBOM diff, quality scoring, and TUI analysis tool for CycloneDX/SPDX β€” covering component changes, dependency shifts, license conflicts, vulnerabilities, cryptographic inventory grading, and PQC compliance (CNSA 2.0, NIST IR 8547).

Score
0
β˜… 231 β‘‚ 13 β€”
Rust
Agent-Field
Agent-Field
sec-af

AI-native code security auditor on AgentField that proves exploitability with verdicts, traces, and actionable evidence.

Score
100
β˜… 170 β‘‚ 37 β€”
Python
KryptosAI
KryptosAI
mcp-observatory

Test, secure, and monitor MCP servers before agents depend on them.

Score
75
β˜… 142 β‘‚ 24 +1/day
TypeScript
gensecaihq
gensecaihq
Shai-Hulud-2.0-Detector

Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.

Score
71
β˜… 141 β‘‚ 34 β€”
TypeScript
psastras
psastras
sarif-rs

A group of Rust projects for interacting with the SARIF format

Score
50
β˜… 133 β‘‚ 28 +1/day
Rust
owenrumney
owenrumney
go-sarif

Go library for SARIF - Static Analysis Results Interchange Format

Score
43
β˜… 84 β‘‚ 26 β€”
Go
PhpCodeArcheology
PhpCodeArcheology
PhpCodeArcheology

PHP static analysis for architecture & maintainability β€” 60+ metrics, complexity analysis, dependency graphs, git churn hotspots, and AI-ready MCP server. Alternative to PHPMetrics.

Score
25
β˜… 84 β‘‚ 7 +1/day
PHP
davidmatousek
davidmatousek
tachi

Threat modeling and AI-reasoning vulnerability detection harness for Claude Code β€” STRIDE + AI + MAESTRO

Score
57
β˜… 80 β‘‚ 19 β€”
Python
momenbasel
momenbasel
vulnhawk

AI-powered SAST scanner that finds auth bypass, IDOR, and logic bugs Semgrep/CodeQL miss. Free GitHub Action. Supports Python, JS/TS, Go, PHP, Ruby.

Score
29
β˜… 72 β‘‚ 14 β€”
Python
Null-Square
Null-Square
Null-CLi

Open-source AI pentest and compliance-readiness CLI by NullSquare.

Score
0
β˜… 69 β‘‚ 1 β€”
TypeScript
momenbasel
momenbasel
malware-check

Static and dynamic analysis tool for detecting malicious code, suspicious binaries, and privacy violations

Score
14
β˜… 45 β‘‚ 6 +1/day
Python
apisec-inc
apisec-inc
AI-Surface

Find and govern AI attack surfaces in application code at PR time. Free, OSS, runs offline.

Score
0
β˜… 44 β‘‚ 8 β€”
Python
nsasoft
nsasoft
nsauditor-ai

NSAuditor AI β€” Open-source, AI-powered network security scanner. 27 plugins, CVE matching, MITRE ATT&CK mapping, verified vulnerabilities, continuous monitoring, MCP integration. Zero data exfiltration. MIT licensed.

Score
0
β˜… 16 β‘‚ 4 β€”
JavaScript
Related Topics
#devsecops#security#static-analysis#cli#ai-security#python#vulnerability-scanner#mcp#security-tools#appsec#llm#supply-chain-security

Β© 2026 GitRepoTrend Β· GitHub repositories by topic Β· Updated weekly