sarif

Here are 212 public repositories matching this topic...

microsoft / sarif-tutorials

User-friendly documentation for the SARIF file format.

Updated

JetBrains / qodana-action

⚙️ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle

javascript kotlin python java go php typescript static-code-analysis dotnet static-analysis actions code-review code-quality sarif devsecops code-scanning azure-pipelines github-actions azure-extensions qodana

Updated
JavaScript

Feysh-Group / corax-community

Star

Corax for Java: A general static analysis framework for java code checking.

java security security-audit static-code-analysis static-analysis code-analysis owasp vulnerability software-analysis program-analysis taint-analysis soot abstract-interpretation cwe sarif sast flowdroid

Updated
Kotlin

👁 npm-groovy-lint

nvuillam / npm-groovy-lint

Sponsor

Star

Lint, format and auto-fix your Groovy / Jenkinsfile / Gradle files using command line

lint groovy gradle nextflow ci groovy-language linter codenarc jenkinsfile hacktoberfest sarif code-quality-analyzer sarif-report megalinter

Updated
JavaScript

JetBrains / qodana-cli

Star

🔧 JetBrains Qodana’s official command line tool

javascript kotlin python java cli php typescript static-code-analysis ci code-review code-quality sarif devsecops code-scanning qodana sarif-report

Updated
Go

Trusera / ai-bom

Star

AI Bill of Materials — discover every AI agent, model, and API in your infrastructure

security ai sarif bill-of-materials ai-security sbom github-actions cyclonedx llm

Updated
Python

Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!

docker static-analysis sarif sast azure-devops

Updated
Python

👁 sbom-tools

sbom-tool / sbom-tools

Star

Semantic SBOM diff and TUI analysis tool. Compares CycloneDX/SPDX files to component changes, dependency shifts, license conflicts, and vulnerabilities.

vex spdx appsec vulnerability-management sarif oss-compliance licence-management security-compliance sbom cyclonedx software-supply-chain-security sbom-tool sbom-quality cbom cyber-resilience-act

Updated
Rust

Siteimprove / alfa

Star

♿ Suite of open and standards-based tools for performing reliable accessibility conformance testing at scale

testing typescript accessibility a11y aria monorepo wcag json-ld earl data-processing customer-facing act sarif horizon2020

Updated
HTML

psastras / sarif-rs

Star

A group of Rust projects for interacting with the SARIF format

rust cli serde clippy sarif

Updated
Rust

gensecaihq / Shai-Hulud-2.0-Detector

Star

Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.

nodejs npm security sarif devsecops vulnerability-scanner malware-detection credential-theft github-actions open-source-security supply-chain-security sarif-report package-security shai-hulud shai-hulud-detector shai-hulud-attack shai-hulud2-detector shai-hulud2 shai-hulud2-inspector sha1-hulud

Updated
TypeScript

microsoft / sarif-web-component

Star

A React-based component for viewing SARIF files.

react react-components sarif

Updated
TypeScript

owenrumney / go-sarif

Sponsor

Star

Go library for SARIF - Static Analysis Results Interchange Format

security static-analysis hacktoberfest sarif security-tools reporting-tools tfsec sarif-report

Updated
Go

👁 differential-shellcheck

redhat-plumbers-in-action / differential-shellcheck

Star

🐚 GitHub Action for running ShellCheck differentially

shell bash docker linter shellcheck sarif sast github-action shellcheck-action differential-scans full-scans

Updated
Shell

trailofbits / vscode-sarif-explorer

Star

SARIF Explorer: A VSCode extension that helps you visualize and triage static analysis results

static-analysis vscode-extension sarif

Updated
TypeScript

chainguard-dev / vex

Star

vexctl is a tool to attest VEX impact statements

scanner container vulnerability vex vulnerability-detection attestation sarif csaf sbom

Updated
Go

PhpCodeArcheology / PhpCodeArcheology

Star

PHP static analysis for architecture & maintainability — 60+ metrics, complexity analysis, dependency graphs, git churn hotspots, and AI-ready MCP server. Alternative to PHPMetrics.