#Sarif
Showing 16 of 16 repositories tagged #sarif, ranked by stars
βοΈ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle
A blazingly fast security scanner, written in Rust. Batteries included, TUI for triage, secrets, post-quantum audits, diff-aware scans and more π₯
Enterprise AI Red Team Platform | δΌδΈηΊ§AIηΊ’ιεΉ³ε° | 132 MCP Tools | Pure Python Engines | SDK+CLI+MCP | Auto-Download sqlmap/nuclei/ffuf | Production C2 | LLM Enhanced | Docker Sandbox | SARIF CI/CD | 1980 Tests
Semantic SBOM/CBOM diff, quality scoring, and TUI analysis tool for CycloneDX/SPDX β covering component changes, dependency shifts, license conflicts, vulnerabilities, cryptographic inventory grading, and PQC compliance (CNSA 2.0, NIST IR 8547).
AI-native code security auditor on AgentField that proves exploitability with verdicts, traces, and actionable evidence.
Test, secure, and monitor MCP servers before agents depend on them.
Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.
A group of Rust projects for interacting with the SARIF format
Go library for SARIF - Static Analysis Results Interchange Format
PHP static analysis for architecture & maintainability β 60+ metrics, complexity analysis, dependency graphs, git churn hotspots, and AI-ready MCP server. Alternative to PHPMetrics.
Threat modeling and AI-reasoning vulnerability detection harness for Claude Code β STRIDE + AI + MAESTRO
AI-powered SAST scanner that finds auth bypass, IDOR, and logic bugs Semgrep/CodeQL miss. Free GitHub Action. Supports Python, JS/TS, Go, PHP, Ruby.
Open-source AI pentest and compliance-readiness CLI by NullSquare.
Static and dynamic analysis tool for detecting malicious code, suspicious binaries, and privacy violations
Find and govern AI attack surfaces in application code at PR time. Free, OSS, runs offline.
NSAuditor AI β Open-source, AI-powered network security scanner. 27 plugins, CVE matching, MITRE ATT&CK mapping, verified vulnerabilities, continuous monitoring, MCP integration. Zero data exfiltration. MIT licensed.