[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: SARIF eco-system information
Hi all, Here is the information about MicroFocus Fortify support for SARIF:
Hope this helps, k From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org>
On Behalf Of Michael Fanning Eddy and I, working with GitHub, have created a working list of direct SARIF producers. MicroFocus and GrammaTech support is conspicuously absent: we will be soliciting appropriate representation in this list on the TC call today.
MCF
Â
BinSkim is a binary-level security checker that validates Window, Mac and *nix binaries.
Â
Brakeman is
a static analysis tool which checks Ruby on Rails applications for security vulnerabilities.
Â
Checkstyle is
a Java style guidelines checking.
Â
CodeQL is a multilanguage, intraprocedural checker with a large rule set.
Â
Clang
Analyzer, the LLVM C/C++ checker, has added
SARIF export.
Â
CredScan is a file scanner that detects plaintext secrets.
Â
DartAnalyzer is
a dart/flutter analyzer.
Â
Detekt is
a static code analysis tool for the Kotlin programming language.
Â
DevSkim is
a set of IDE checkers and language analyzers that provide inline security analysis.
Â
Electronegativity is
a tool to identify misconfigurations and security anti-patterns in Electron-based
applications.
Â
ESLint
Sarif Formatter enables SARIF export for ESLint,
a _javascript_ static analyzer.
Â
Flawfinderâis
a C/C++ source code security checker.
Â
GoSec is
a GoLang security checker.
Â
Kubesec,
backed by ControlPlane.io provides
Security risk analysis for Kubernetes resources.
Â
MobSF is
is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Â
NodeJSScan is
a Static security code scanner (SAST) for Node.js applications.
Â
Psalm is
an open source tool for finding security vulnerabilities in PHP.
Â
PMD is
a multilanguage source code analyzer.
Â
PSScriptAnalyzer is
a static code checker for PowerShell modules and scripts
Â
PREfast is
the C/C++ correctness checker behind the Microsoft compiler /analyze switch.
Â
Roslyn is
a platform for analyzing and rewriting C#/VB.NET code.
Â
Sarif
Pattern Matcherâis a security-focused pattern matcher that detects (and in some cases authenticates) plaintext secrets, sensitive data, etc.
Â
Security
Code Scan is a Vulnerability Patterns Detector for C# and VB.NET.
Â
Semgrep,
sponsored by R2C,
supports a variety
of languages.
Â
Soblow is
the security-focused static analyzer for the Elixir Phoenix Framework.
Â
SpotBugs is
a Java code checker.
Â
TFSec uses
static analysis of your terraform templates to spot potential security issues.
Â
Trivy is
a vulnerability scanner for containers and other artifacts. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]