#go #containers #cyclonedx #docker #golang #hacktoberfest #oci #sbom #spdx #static_analysis #tool
https://github.com/anchore/syft
https://github.com/anchore/syft
GitHub
GitHub - anchore/syft: CLI tool and library for generating a Software Bill of Materials from container images and filesystems
CLI tool and library for generating a Software Bill of Materials from container images and filesystems - anchore/syft
#go #container_image #containers #cyclonedx #docker #golang #hacktoberfest #oci #security #static_analysis #tool #vulnerabilities #vulnerability
https://github.com/anchore/grype
https://github.com/anchore/grype
GitHub
GitHub - anchore/grype: A vulnerability scanner for container images and filesystems
A vulnerability scanner for container images and filesystems - anchore/grype
#rust #linter #pep8 #python #python3 #rustpython #static_analysis #static_code_analysis #style_guide #styleguide #stylelint
https://github.com/charliermarsh/ruff
https://github.com/charliermarsh/ruff
GitHub
GitHub - astral-sh/ruff: An extremely fast Python linter and code formatter, written in Rust.
An extremely fast Python linter and code formatter, written in Rust. - astral-sh/ruff
#yara #all_in_one #antivirus #apk #elf #exe #linux #malware #malware_analysis #osx #packer #python3 #ransomware #security_tools #static_analysis #strings #suspicious_files #termux #threat_analysis #virustotal #windows
https://github.com/CYB3RMX/Qu1cksc0pe
https://github.com/CYB3RMX/Qu1cksc0pe
GitHub
GitHub - CYB3RMX/Qu1cksc0pe: All-in-One malware analysis tool.
All-in-One malware analysis tool. Contribute to CYB3RMX/Qu1cksc0pe development by creating an account on GitHub.
#typescript #code_coverage #composer #continuous_integration #github_actions #hacktoberfest #php #php_extensions #static_analysis #tools
https://github.com/shivammathur/setup-php
https://github.com/shivammathur/setup-php
GitHub
GitHub - shivammathur/setup-php: GitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and various…
GitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and various tools. - shivammathur/setup-php
#cplusplus #abstract_interpretation #program_analysis #software_verification #static_analysis
IKOS is a tool that helps find errors in C and C++ programs before they are run. It uses a technique called Abstract Interpretation to analyze the code and detect potential runtime errors, such as buffer overflows. This tool is especially useful because it can identify problems that might cause your program to crash or behave incorrectly, making your code more reliable and secure. To use IKOS, you simply run the `ikos` command with your source file, and it will report any errors it finds, helping you fix them before running the program. This saves time and ensures your software is safer and more stable.
https://github.com/NASA-SW-VnV/ikos
IKOS is a tool that helps find errors in C and C++ programs before they are run. It uses a technique called Abstract Interpretation to analyze the code and detect potential runtime errors, such as buffer overflows. This tool is especially useful because it can identify problems that might cause your program to crash or behave incorrectly, making your code more reliable and secure. To use IKOS, you simply run the `ikos` command with your source file, and it will report any errors it finds, helping you fix them before running the program. This saves time and ensures your software is safer and more stable.
https://github.com/NASA-SW-VnV/ikos
GitHub
GitHub - NASA-SW-VnV/ikos: Static analyzer for C/C++ based on the theory of Abstract Interpretation.
Static analyzer for C/C++ based on the theory of Abstract Interpretation. - NASA-SW-VnV/ikos
#go #container_image #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #openvex #security #static_analysis #tool #vex #vulnerabilities #vulnerability
Grype is a tool that scans container images and filesystems for known vulnerabilities. It supports various package types, including those from major operating systems like Alpine, Debian, and Ubuntu, as well as language-specific packages like Ruby, Java, JavaScript, Python, and more. Here’s how it benefits you You can easily install Grype using a simple script or through package managers like Homebrew or Chocolatey.
- **Comprehensive Scanning** You can choose from different output formats such as table, JSON, CycloneDX, and SARIF, or even create custom templates.
- **Integration with Other Tools** Grype has active community meetings and support options, including commercial support through Anchore.
- **Automatic Database Updates**: Grype manages its vulnerability database automatically, ensuring you always have the latest vulnerability information.
Overall, Grype helps you identify and manage vulnerabilities in your container images and filesystems efficiently.
https://github.com/anchore/grype
Grype is a tool that scans container images and filesystems for known vulnerabilities. It supports various package types, including those from major operating systems like Alpine, Debian, and Ubuntu, as well as language-specific packages like Ruby, Java, JavaScript, Python, and more. Here’s how it benefits you You can easily install Grype using a simple script or through package managers like Homebrew or Chocolatey.
- **Comprehensive Scanning** You can choose from different output formats such as table, JSON, CycloneDX, and SARIF, or even create custom templates.
- **Integration with Other Tools** Grype has active community meetings and support options, including commercial support through Anchore.
- **Automatic Database Updates**: Grype manages its vulnerability database automatically, ensuring you always have the latest vulnerability information.
Overall, Grype helps you identify and manage vulnerabilities in your container images and filesystems efficiently.
https://github.com/anchore/grype
GitHub
GitHub - anchore/grype: A vulnerability scanner for container images and filesystems
A vulnerability scanner for container images and filesystems - anchore/grype
#cplusplus #analyzer #binary_analysis #c_plus_plus #cpp #cybersecurity #dark_mode #dear_imgui #disassembler #forensics #hacking #hacktoberfest #hex_editor #ips #mathematical_evaluator #multi_platform #pattern_language #preprocessor #reverse_engineering #static_analysis #windows
ImHex is a powerful hex editor designed for reverse engineers, programmers, and anyone who needs to work with binary data. It offers many features that make it useful and user-friendly. Here are the key benefits ImHex allows you to edit bytes, manage patches, undo and redo changes infinitely, and copy bytes in various formats. It also supports colorful highlighting, data display in different types (like integers, floats, colors), and decoding data in various encodings.
- **Custom Pattern Language** It has dark and light modes to protect your eyes, especially during late-night work sessions.
- **Data Analysis and Visualization** It supports various search methods (string, sequence, regex) and numerous hashing algorithms.
- **Modern Interface** ImHex works on Windows, macOS, and Linux, with options for web and nightly pre-release versions.
Overall, ImHex provides a comprehensive set of tools to make working with binary data efficient and comfortable.
https://github.com/WerWolv/ImHex
ImHex is a powerful hex editor designed for reverse engineers, programmers, and anyone who needs to work with binary data. It offers many features that make it useful and user-friendly. Here are the key benefits ImHex allows you to edit bytes, manage patches, undo and redo changes infinitely, and copy bytes in various formats. It also supports colorful highlighting, data display in different types (like integers, floats, colors), and decoding data in various encodings.
- **Custom Pattern Language** It has dark and light modes to protect your eyes, especially during late-night work sessions.
- **Data Analysis and Visualization** It supports various search methods (string, sequence, regex) and numerous hashing algorithms.
- **Modern Interface** ImHex works on Windows, macOS, and Linux, with options for web and nightly pre-release versions.
Overall, ImHex provides a comprehensive set of tools to make working with binary data efficient and comfortable.
https://github.com/WerWolv/ImHex
GitHub
GitHub - WerWolv/ImHex: 🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3…
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. - WerWolv/ImHex
#go #golang #security #security_automation #security_tools #static_analysis #static_code_analysis
Gosec is a tool that checks your Go code for security issues. It scans your code to find problems like hard-coded credentials, unsafe code practices, and other vulnerabilities. You can install it easily using commands or integrate it into your GitHub actions for automated checks. Gosec allows you to customize which rules to run, exclude certain files or folders, and generate reports in various formats. This helps you identify and fix security issues quickly, making your code more secure and reliable.
https://github.com/securego/gosec
Gosec is a tool that checks your Go code for security issues. It scans your code to find problems like hard-coded credentials, unsafe code practices, and other vulnerabilities. You can install it easily using commands or integrate it into your GitHub actions for automated checks. Gosec allows you to customize which rules to run, exclude certain files or folders, and generate reports in various formats. This helps you identify and fix security issues quickly, making your code more secure and reliable.
https://github.com/securego/gosec
GitHub
GitHub - securego/gosec: Go security checker
Go security checker. Contribute to securego/gosec development by creating an account on GitHub.
❤3
#go #code_quality #code_security #sast #static_analysis #tree_sitter
Globstar is a free, open-source tool that helps developers check their code for problems like security issues or bad coding practices. It uses a simple way to write these checks using tree-sitter queries, which are easy to learn and use. You can run Globstar in your automated testing pipelines without needing extra software installed. This makes it fast and easy to ensure your code follows your team's rules and standards. Plus, since it's open-source under the MIT license, you can use it freely in any project without worrying about legal restrictions.
https://github.com/DeepSourceCorp/globstar
Globstar is a free, open-source tool that helps developers check their code for problems like security issues or bad coding practices. It uses a simple way to write these checks using tree-sitter queries, which are easy to learn and use. You can run Globstar in your automated testing pipelines without needing extra software installed. This makes it fast and easy to ensure your code follows your team's rules and standards. Plus, since it's open-source under the MIT license, you can use it freely in any project without worrying about legal restrictions.
https://github.com/DeepSourceCorp/globstar
GitHub
GitHub - DeepSourceCorp/globstar: Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running…
Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter. - DeepSourceCorp/globstar
#go #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #sbom #spdx #static_analysis #tool
Syft is a tool that helps create a list of all the software components used in your applications, known as a Software Bill of Materials (SBOM). This list is important for finding vulnerabilities and ensuring that your software complies with licensing rules. By using Syft, you can better manage your software's security and compliance. It works with many types of software and can be used with other tools like Grype to check for vulnerabilities. This helps keep your software safe and up-to-date.
https://github.com/anchore/syft
Syft is a tool that helps create a list of all the software components used in your applications, known as a Software Bill of Materials (SBOM). This list is important for finding vulnerabilities and ensuring that your software complies with licensing rules. By using Syft, you can better manage your software's security and compliance. It works with many types of software and can be used with other tools like Grype to check for vulnerabilities. This helps keep your software safe and up-to-date.
https://github.com/anchore/syft
GitHub
GitHub - anchore/syft: CLI tool and library for generating a Software Bill of Materials from container images and filesystems
CLI tool and library for generating a Software Bill of Materials from container images and filesystems - anchore/syft
👍2
#ocaml #c #go #java #javascript #python #r2c #ruby #sast #semgrep #static_analysis #static_code_analysis #typescript
Semgrep is a fast, open-source tool that scans your code to find bugs and security issues in over 30 programming languages. It works locally on your computer or in your build system, so your code stays private. Semgrep’s rules are easy to write and understand, helping you catch problems early in development, whether in your IDE, pre-commit checks, or CI/CD pipelines. For stronger security, the Semgrep AppSec Platform offers advanced analysis, AI-powered triage, and detailed fix guidance, reducing false alarms and helping developers fix issues quickly without slowing down. This improves code quality and security efficiently.
https://github.com/semgrep/semgrep
Semgrep is a fast, open-source tool that scans your code to find bugs and security issues in over 30 programming languages. It works locally on your computer or in your build system, so your code stays private. Semgrep’s rules are easy to write and understand, helping you catch problems early in development, whether in your IDE, pre-commit checks, or CI/CD pipelines. For stronger security, the Semgrep AppSec Platform offers advanced analysis, AI-powered triage, and detailed fix guidance, reducing false alarms and helping developers fix issues quickly without slowing down. This improves code quality and security efficiently.
https://github.com/semgrep/semgrep
GitHub
GitHub - semgrep/semgrep: Lightweight static analysis for many languages. Find bug variants with patterns that look like source…
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code. - semgrep/semgrep
#rust #code_analyzer #code_style #coding_standards #formatter #lexer #linter #parser #php #static_analysis #type_checker
Mago is a very fast tool for PHP that checks your code for errors, fixes many problems automatically, and formats it neatly. It is built using Rust, which makes it much faster and more reliable than many other PHP tools. Mago helps you find bugs, improve code quality, and keep your code clean and consistent with less effort. It also offers deep analysis to catch tricky issues and lets you see your code’s structure visually. This means you can write better PHP code faster and with more confidence. Installation is easy on macOS and Linux using a simple script or other methods like Homebrew or Composer.
https://github.com/carthage-software/mago
Mago is a very fast tool for PHP that checks your code for errors, fixes many problems automatically, and formats it neatly. It is built using Rust, which makes it much faster and more reliable than many other PHP tools. Mago helps you find bugs, improve code quality, and keep your code clean and consistent with less effort. It also offers deep analysis to catch tricky issues and lets you see your code’s structure visually. This means you can write better PHP code faster and with more confidence. Installation is easy on macOS and Linux using a simple script or other methods like Homebrew or Composer.
https://github.com/carthage-software/mago
GitHub
GitHub - carthage-software/mago: Mago is a toolchain for PHP that aims to provide a set of tools to help developers write better…
Mago is a toolchain for PHP that aims to provide a set of tools to help developers write better code. - carthage-software/mago
#rust #dataflow #rust #static_analysis #vscode
Flowistry is a tool for Rust programming that helps you focus on the parts of code relevant to your current task by analyzing how data flows within functions. When you select a variable or expression, it fades out unrelated code, making it easier to understand complex functions and see what affects or is affected by that code. It works as a VSCode plugin and uses Rust’s ownership system to provide precise analysis. This helps you read, debug, and modify Rust code more efficiently by reducing distractions and highlighting important dependencies. However, it has some limitations with certain Rust features like interior mutability and nested functions.
https://github.com/willcrichton/flowistry
Flowistry is a tool for Rust programming that helps you focus on the parts of code relevant to your current task by analyzing how data flows within functions. When you select a variable or expression, it fades out unrelated code, making it easier to understand complex functions and see what affects or is affected by that code. It works as a VSCode plugin and uses Rust’s ownership system to provide precise analysis. This helps you read, debug, and modify Rust code more efficiently by reducing distractions and highlighting important dependencies. However, it has some limitations with certain Rust features like interior mutability and nested functions.
https://github.com/willcrichton/flowistry
GitHub
GitHub - willcrichton/flowistry: Flowistry is an IDE plugin for Rust that helps you focus on relevant code.
Flowistry is an IDE plugin for Rust that helps you focus on relevant code. - willcrichton/flowistry