njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

An OpenAPI 3 checker based on spectral.

GPT AiCSA(Code security audit)，SAST（Static Application Security Testing，静态应用程序安全测试），JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes

Damn Vulnerable SCA Application

Checkmarx Scan Github Action

CodeSec by Contrast - The fastest and most accurate SAST scanner. Scan code and serverless environments

Automate vulnerability triage which prioritizes remediation over discovery

Static analysis framework for Polynomial Identity Language (PIL) used in zkEVM for defining state machines

A static analyzer to scan JavaScript code for problematic regular expressions.

Integrate static security testing with HCL AppScan on Cloud using GitHub Actions

Focus SAST scans (with CodeQL) on just the changed parts of your monorepo, split up as you define

CodeThreat GitLab Integration seamlessly connects with GitLab CI/CD pipelines to perform comprehensive code security scans. It supports multiple programming languages and frameworks, delivering detailed security analysis to detect potential vulnerabilities.

CodeThreat GitHub Action integrates with GitHub to perform code security tests on your code. It supports a variety of languages and frameworks, providing detailed security scans to identify potential issues.

GitHub native DevSecOps CI/CD best practices include automated security testing, code analysis, and policy enforcement using GitHub Actions, coupled with secure IaC and container security measures. This entails managing secrets, enforcing access control, and implementing incident response and monitoring, all while fostering continuous learning.

ESLint backbone repository for workshop

Sample nodejs app to illustrate best-practices for proactive security

Static analyser for unsafe use of jQuery methods which are vulnerable to XSS attack. Also available as a Coala Bear.

Docker - Container bauen und pflegen – Best Practices (RevealJS Presentation)