High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis
LLM-enhanced SAST analysis built on circle-ir
LLM SAST skills — turn your AI coding assistant into a SAST scanner for your codebase.
AI/vibe-coding repo safety skill with secret scanning, SAST, GitHub read guard, MCP safety, and incident cleanup.
Pup — an AI-native, evidence-based application security platform: contextual AI SAST, reachability-based SCA, and threat modelling for JavaScript/TypeScript.
Zfuzz security CLI — deterministic SAST, SCA, secret scanning and an MCP server for AI coding agents. Rust-native, sub-second, zero config. Static scanning is free and open source.
Security copilot for your IDE. SAST, SCA, secrets, threat modeling — right where you code. Rust-native, zero config, runs 100% locally.
逐码 CLI — 命令行代码安全审计工具 (SAST + SCA)
Insomnia — SAST & offensive security toolkit launcher (insom.ai)
Static Application Security Testing CLI for detecting security vulnerabilities via taint tracking
Community access-lane scanner and local control engine for AI-built apps
AI-powered static analysis CLI with LLM-enhanced vulnerability detection
MCP server exposing Cognium spec-conformance, spec-drift, and pattern-search tools over stdio
local-first security analysis for TypeScript & JavaScript
Run OSE Auditor (financial-logic security scanner for Node.js/TypeScript) without installing Python yourself -- this wrapper finds a Python 3 interpreter, installs the ose-auditor PyPI package on first run if needed, and forwards all arguments to it.
Salus — CLI de AppSec com IA. Code review, análise de vulnerabilidades, hardening defensivo e auditoria AI/LLM. Modo BYOK (Bring Your Own Key).
A security scanner as fast as a linter, written in Rust. 170+ built-in rules across 10 languages.
SIC free code scanner — read-only static analysis for hardcoded secrets, dangerous patterns, and dependency CVEs. Zero runtime dependencies.
SecureScout pre-commit security scanner
Security scanner for AI-generated code — find vulnerabilities before you ship