Semgrep

Static analysis at ludicrous speed.

Pricing: Free

What is Semgrep?

Semgrep is a highly-configurable SAST tool that looks for recurring patterns in the syntax tree. It can either run locally using Docker or be integrated into the CI/CD pipeline with Github Actions.

Results are delivered as JSON files, allowing you to pipe the results into other tools, like jq in order to manipulate them.

More tools in Security Testing

Terrascan

Security Testing

Static code analyzer for Infrastructure as Code

Free

gitleaks

Security Testing

Scan git repos (or files) for secrets using regex and entropy 🔑

Free

Deepfence ThreatMapper

Security Testing

Identify vulnerabilities in running containers, images, hosts and repositories

Free