Semgrep

Static analysis at ludicrous speed.

Pricing: Free

What is Semgrep?

Semgrep is a highly-configurable SAST tool that looks for recurring patterns in the syntax tree. It can either run locally using Docker or be integrated into the CI/CD pipeline with Github Actions.

Results are delivered as JSON files, allowing you to pipe the results into other tools, like jq in order to manipulate them.

More tools in Security Testing

Terrascan

Static code analyzer for Infrastructure as Code

Security Testing

Free

gitleaks

Scan git repos (or files) for secrets using regex and entropy 🔑

Security Testing

Free

Deepfence ThreatMapper

Identify vulnerabilities in running containers, images, hosts and repositories

Security Testing

Free