# Source Code Auditing Tools A collection of source code static analysis and security auditing tools for various scripting and programming languages which can be used during security assessments. ## Go | Name | Description | URL | |:-:|:-:|:-:| | Glasgo | A static analysis tool intended to check for potential security issues. | [https://github.com/ttarvis/glasgo](https://github.com/ttarvis/glasgo) | | gosec | Inspects source code for security problems by scanning the Go AST. | [https://github.com/securego/gosec](https://github.com/securego/gosec) | | go-mod-outdated | An easy way to find outdated dependencies of your Go projects. | [https://github.com/psampaz/go-mod-outdated](https://github.com/psampaz/go-mod-outdated) | | SafeSQL | SafeSQL is a static analysis tool for Go that protects against SQL injections. | [https://github.com/stripe/safesql](https://github.com/stripe/safesql) | | Nancy | Nancy is a tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index, and as well, works with Nexus IQ Server, allowing you a smooth experience as a Golang developer, using the best tools in the market! | [https://github.com/sonatype-nexus-community/nancy](https://github.com/sonatype-nexus-community/nancy) | ## PHP | Name | Description | URL | |:-:|:-:|:-:| | Psalm | Psalm is a static analysis tool for finding errors in PHP applications. | [https://github.com/vimeo/psalm](https://github.com/vimeo/psalm) | | PHPStan | PHPStan focuses on finding errors in your code without actually running it. | [https://github.com/phpstan/phpstan](https://github.com/phpstan/phpstan) | | Larastan | Larastan is a PHPStan wrapper for laravel and focuses on finding errors in your code without actually running it. | [https://github.com/nunomaduro/larastan](https://github.com/nunomaduro/larastan) | | RIPS | RIPS is a static code analysis tool for the automated detection of security vulnerabilities in PHP applications. | [http://rips-scanner.sourceforge.net/](http://rips-scanner.sourceforge.net/) | ## Java | Name | Description | URL | |:-:|:-:|:-:| | Pixee | Pixeebot finds security and code quality issues in your code and creates merge-ready pull requests with recommended fixes. | [https://pixee.ai](https://pixee.ai) | ## Python | Name | Description | URL | |:-:|:-:|:-:| | Pixee | Pixeebot finds security and code quality issues in your code and creates merge-ready pull requests with recommended fixes. | [https://pixee.ai](https://pixee.ai) | # Contributions The list of available tools is in no way exhaustive. There are still many popular languages like C, C++ and Java missing from the list. Feel free to contribute by adding any relevant source code auditing tools to this repository by creating a pull request.

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：