24 projects
Harbor
Harbor is an open source container image registry that secures images with role-based access control, scans images for vulnerabilities, and signs images as trusted.
Contributors
9,151
Organizations
2,130
Software value
$41M
OSS-Fuzz
OSS-Fuzz is a continuous fuzzing infrastructure that helps identify security vulnerabilities in open source software through automated testing. It provides tools, infrastructure, and processes to make fuzzing an integral part of the development workflow for open source projects.
Contributors
2,914
Organizations
845
Software value
$6.8M
CodeQL
CodeQL is a semantic code analysis engine that helps developers and security researchers discover vulnerabilities across codebases. It treats code as data, allowing users to write queries to analyze codebases and find security weaknesses, bugs, and quality issues.
Contributors
2,328
Organizations
521
Software value
$87M
Semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Contributors
1,629
Organizations
436
Software value
$36M
Gitleaks
Gitleaks is a security scanning tool that detects and prevents hardcoded secrets, credentials, and sensitive information in git repositories. It uses pattern matching and entropy analysis to identify potential data leaks in commit history and source code.
Contributors
1,505
Organizations
384
Software value
$829K
Brakeman
A static analysis security vulnerability scanner for Ruby on Rails applications
Contributors
1,053
Organizations
402
Software value
$2.2M
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Contributors
1,036
Organizations
186
Software value
$828K
Grype
Grype is a vulnerability scanner for container images and filesystems that identifies known vulnerabilities in packages and dependencies across multiple programming languages and package managers.
Contributors
961
Organizations
273
Software value
$3.3M
Bandit
Bandit is a tool designed to find common security issues in Python code.
Contributors
914
Organizations
318
Software value
$747K
gosec
Go security checker
Contributors
778
Organizations
300
Software value
$872K
KICS
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Contributors
715
Organizations
116
Software value
$34M
Trivy Action
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Contributors
598
Organizations
196
Software value
$65K
SVF
Static Value-Flow Analysis Framework for Source Code
Contributors
520
Organizations
72
Software value
$2.5M
Maester
Maester is a PowerShell based test automation framework to help you stay in control of your Microsoft security configuration.
Contributors
440
Organizations
28
Software value
$5.4M
Retire.js
Retire.js is a security scanner that helps detect the use of JavaScript libraries with known vulnerabilities in web applications and Node.js projects. It analyzes JavaScript files and dependencies to identify outdated versions that may pose security risks.
Contributors
427
Organizations
120
Software value
$3M
OWASP Dependency-Check
OWASP Dependency-Check is a Software Composition Analysis (SCA) tool that detects publicly disclosed vulnerabilities in project dependencies. It scans application dependencies and identifies known security vulnerabilities by checking them against the National Vulnerability Database (NVD) and other data sources.
Contributors
376
Organizations
56
Software value
$6.8M
OWASP secureCodeBox
secureCodeBox (SCB) - continuous secure delivery out of the box
Contributors
306
Organizations
45
Software value
$14M
GitGuardian Secrets Detection and Infrastructure Security
Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
This project hasn't been onboarded to LFX Insights.
Joern
Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc
This project hasn't been onboarded to LFX Insights.
MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
This project hasn't been onboarded to LFX Insights.
Snyk CLI
Snyk CLI scans and monitors your projects for security vulnerabilities.
This project hasn't been onboarded to LFX Insights.
The OWASP ZAP Project
ZAP Add-ons
This project hasn't been onboarded to LFX Insights.