| No | Tool | Description |
|---|---|---|
| 1 | OSV Scanner | OSV is a distributed vulnerability database. OSV-Scanner serves as the official tool to query this database and identify relevant vulnerabilities impacting your project's dependencies. |
| 2 | grype | A vulnerability scanner for container images and filesystems. |
| 3 | Yelp/detect-secrets | A secret scanner. Detects hardcoded secrets in the project. |
| 4 | Bandit | Bandit is a tool designed to find common security issues in Python code. |
| 5 | semgrep | Lightweight static analysis for many languages. Find bug variants with patterns that look like source code. |
| 6 | gitleaks | Detects and prevents hardcoded secrets in the project. |
| 7 | trivy | Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more. |
| 8 | jake | Check your Python environments for vulnerable Open Source packages with OSS Index or Sonatype Nexus Lifecycle. |
| 9 | nancy | A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index. |
| 10 | confused | Tool to check for dependency confusion vulnerabilities in multiple package management systems. |
Last active
December 13, 2023 13:54
-
-
Save PouyaEsmaeili/7c857ed1db8e4b0fc0ece1907d5c24a6 to your computer and use it in GitHub Desktop.
Free and Open Source tools for vulnerability scanning.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment