Outils d'utilisateurs

Outils du Site


code_scanners

Différences

Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.

Lien vers cette vue

code_scanners [2019/10/11 06:43]
M0N5T3R
code_scanners [2020/03/09 09:14] (Version actuelle)
m0n5t3r
Ligne 1: Ligne 1:
  
-🛠 sonarqube https://www.sonarqube.org/+FIXME **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci
  
-🛠 VisualCodeGrepper (VCG) - https://sourceforge.net/projects/visualcodegrepp/ 
  
-🛠 Checkmarx https://www.checkmarx.com/+====== Code scanners ======
  
  
-🛠 [AppChecker](https://npo-echelon.ru/en/solutions/appchecker.php) - static analysis tool for finding bugs, weaknesses and vulnerabilities in source code+🛠ApplicationInspector - 
 +Application Inspector is different from traditional static analysis tools in that it doesn't attempt to identify "good" or "bad" patterns; it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security such as the use of cryptography and more. This can be extremely helpful in reducing the time needed to determine what Open Source or other components do by examining the source directly rather than trusting to limited documentation or recommendations. 
 +The tool supports scanning various programming languages including C, C++, C#, Java, JavaScript, HTML, Python, Objective-C, Go, Ruby, PowerShell and more and can scan projects with mixed language files. 
 +https://github.com/microsoft/ApplicationInspector
  
-🛠 [Code insight](https://github.com/console-helpers/code-insight) - A tool for analysing other project code bases.+🛠  grep rough audit - source code auditing tool -  The following databases are included: 
 +actionscript, android, asp, c, dotnet, exec,  fruit,  ios,  java, js, perl, php, python, rough, ruby, secrets, spsqli, sql, strings, xss, https://github.com/wireghoul/graudit
  
-🛠 [Churn-PHP](https://github.com/bmitch/churn-php.git) - Discover files in need of refactoring. 
  
-🛠 [Eir](https://github.com/Lixody/Eir) - A static vulnerability analysis tool written in C#.+🛠 VisualCodeGrepper (VCG) - https://sourceforge.net/projects/visualcodegrepp/
  
-🛠 [Exakat](http://www.exakat.io/) - Smart static analysis. 
  
-🛠 [jscpd](https://github.com/kucherenko/jscpd) - Copy/paste detector for programming source code. + 
  
-🛠 [Mondrian](https://github.com/Trismegiste/Mondrian) - A code analysis tool using Graph Theory.+🛠 [Application Inspector](https://www.ptsecurity.com/ww-en/products/ai/) :copyright: Commercial Static Code Analysis which generates exploits to verify vulnerabilitiesSupports: Java (including JSP and JSF), C#, VB.Net, ASP.NET, Php, JavaScript, Objective-C, Swift, C\C++, SQL (PL/SQL. T-SQL. MySQL), HTML5
  
-🛠 [noverify](https://github.com/VKCOM/noverify) - Pretty fast linter (code static analysis utility) for PHP.+🛠 [AppScan Source](https://www.hcltechsw.com/wps/portal/products/appscan/home:copyright: Commercial Static Code Analysis. Supports: Microsoft .NET Framework (C#, ASP.NET, VB.NET), ASP (JavaScript/VBScript), C/C++, COBOL, ColdFusion, JavaScript, JavaServer Pages (JSP), Java™ (including support for Android APIs), Perl, PHP, PL/SQL, T-SQL, Visual Basic 6
  
-🛠 [Pfff](https://github.com/facebook/pfff) - Tools for code analysis, visualizationsor style-preserving source transformation.+🛠 [APPscreener](https://appscreener.us:copyright: Static code analysis for binary and source code - Java/ScalaPHPJavascript, C#, PL/SQL, Python, T-SQL, C/C++, ObjectiveC/Swift, Visual Basic 6.0, Ruby, Delphi, ABAP, HTML5 and Solidity
  
-🛠 [PHP Analysis](https://github.com/cwi-swat/php-analysis) - A library for analysing and modifying PHP Source Code in Rascal (PHP AiR).+🛠 [ArchUnit](https://www.archunit.org/) - Unit test your Java or Kotlin architecture
  
-🛠 [PHParch](https://github.com/j6s/phparch.git) - PHPArch is a work in progress architectural testing library for PHP projects.+🛠 [Axivion Bauhaus Suite](https://www.axivion.com/en/products-services-9#products_bauhaussuite:copyright: Tracks down error-prone code locations, style violations, cloned or dead code, cyclic dependencies and more for C/C++, C#/.NET, Java and Ada 83/Ada 95
  
-  +🛠 [Checkmarx CxSAST](https://www.checkmarx.com/products/static-application-security-testing/) :copyright: - Commercial Static Code Analysis which doesn't require pre-compilationSupports: Android (Java), Apex and VisualForce, ASP, C#, C/C++, Go, Groovy, HTML5, Java, JavaScript, Node.js, Objective C, Perl, PhoneGap, PHP, Python, Ruby, Scala, Swift, VB.NET, VB6, VBScript 
-🛠 [PHP Assumption](https://github.com/rskuipers/php-assumptions.git) - Finds <a href="http://rskuipers.com/entry/from-assumptions-to-assertions">weak assumptions</a> in the code, suggest to turn them into stronger validations.+ 
 +🛠 [coala](https://coala.io/) - Language independent framework for creating code analysis - supports [over 60 languages](https://coala.io/languages) by default 
 + 
 +🛠 [Cobra](https://github.com/WhaleShark-Team/cobra) :A static code analysis system that automates the detecting vulnerabilities and security issue  Supports CC++,php.
  
-🛠 [PhpCodeAnalyzer](https://github.com/wapmorgan/PhpCodeAnalyzer.git) - Finds usage of non-built-in extensions.+🛠 [codeburner](https://github.com/groupon/codeburner) - Provides a unified interface to sort and act on the issues it finds
  
 +🛠 [CodeFactor](https://codefactor.io) :copyright: - Static Code Analysis for C#, C, C++, CoffeeScript, CSS, Groovy, GO, JAVA, JavaScript, Less, Python, Ruby, Scala, SCSS, TypeScript.
  
-🛠 [PHPCodeFixer](https://github.com/wapmorgan/PhpCodeFixer) -  Finds usage of deprecated functionsvariables and ini directives.+🛠 [CodeIt.Right](https://submain.com/products/codeit.right.aspx:copyright: CodeIt.Right&trade; provides a fastautomated way to ensure that your source code adheres to (your) predefined design and style guidelines as well as best coding practices. Supported languages: C#, VB.NET.
  
-🛠 [php7mar](https://github.com/Alexia/php7mar) - PHP 7 Migration Assistant Report.+🛠 [CodeScene](https://empear.com/) :copyright: CodeScene prioritizes technical debt, finds social patterns and identifies hidden risks in your code.
  
-🛠 [phpcallgraph](http://phpcallgraph.sourceforge.net/) - Generate static call graphs. Such a graph visualizes the call dependencies among methods or functions of an application..+🛠 [cqc](https://github.com/xcatliu/cqc) - Check your code quality for js, jsx, vue, css, less, scss, sass and styl files.
  
-🛠 [PHPCPD](https://github.com/sebastianbergmann/phpcpd) Spots copy/pasted code, and help enforcing DRY rule.+🛠 [Coverity](https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html) :copyright: - Synopsys Coverity supports 20 languages and over 70 frameworks including Ruby on rails, Scala, PHP, Python, JavaScript, TypeScript, Java, Fortran, C, C++, C#, VB.NET.
  
-🛠 [Phan](https://github.com/etsy/phan) - The static analyzer by RasmusPHP Creator.+🛠 [DeepSource](https://deepsource.io/) :copyright: In-depth static analysis to monitor source code quality and security. Supports Python and Go and can detect 600+ types of issues in verticals of bug riskssecurity, anti-patterns, performance, documentation and style. Native integration with GitHub.
  
-🛠 [Phinder](https://github.com/sider/phinder.git) - PHP code piece finder+🛠 [Depends](https://github.com/multilang-depends/depends) - Analyses the comprehensive dependencies of code elements for Java, C/C++, Ruby.
  
-🛠 [Phortress](https://github.com/lowjoel/phortress) - A PHP static code analyser for potential vulnerabilities.+🛠 [DevSkim](https://github.com/microsoft/devskim) - Regex-based static analysis tool for Visual Studio, VS Code, and Sublime Text - C/C++, C#, PHP, ASP, Python, Ruby, Java, and others.
  
 +🛠 [Fortify](https://software.microfocus.com/en-us/products/static-code-analysis-sast/overview) :copyright: A commercial static analysis platform that supports the scanning of C/C++, C#, VB.NET, VB6, ABAP/BSP, ActionScript, Apex, ASP.NET, Classic ASP, VB Script, Cobol, ColdFusion, HTML, Java, JS, JSP, MXML/Flex, Objective-C, PHP, PL/SQL, T-SQL, Python (2.6, 2.7), Ruby (1.9.3), Swift, Scala, VB, and XML.
  
-🛠 [PHP Code Static Analysis](https://github.com/joaaoleite/code-static-analysis) - PHP Code static analysis program made in nodeJS.+🛠 [Goodcheck](https://github.com/sideci/goodcheck) - Regexp based customizable linter
  
-🛠 [PHP Inspection](https://plugins.jetbrains.com/plugin/7622?pr=idea) - Static analysis plugin for PHPStorm.+🛠 [graudit](https://github.com/wireghoul/graudit) - Grep rough audit - source code auditing tool - C/C++, PHP, ASP, C#, Java, Perl, Python, Ruby
  
-🛠 [PHP Integrator](https://github.com/php-integrator) - Indexes PHP code and performs static analysis for Atom editor.+🛠 [Hound CI](https://houndci.com/) - Comments on style violations in GitHub pull requests. Supports Coffeescript, Go, HAML, JavaScript, Ruby, SCSS and Swift.
  
-🛠 [Phlint](https://gitlab.com/phlint/phlint) - Phlint is a tool with an aim to help maintain quality of php code by analyzing code and pointing out potential code issues.+🛠 [imhotep](https://github.com/justinabrahms/imhotep) - Comment on commits coming into your repository and check for syntactic errors and general lint warnings.
  
-🛠 [PHP lint](http://php.net/manual/en/features.commandline.options.php) - PHP itselfable to detect syntax error from command line.+🛠 [Infer](https://github.com/facebook/infer) - A static analyzer for JavaC and Objective-C
  
-🛠 [PHPlint](http://www.icosaedro.it/phplint/) - A validator and documentator for PHP 5 programs.+🛠 [Klocwork](http://www.klocwork.com/products-services/klocwork:copyright: Quality and Security Static analysis for  C/C++, Java and C#
  
-🛠 [PHP-Parallel-Lint](https://github.com/JakubOnderka/PHP-Parallel-Lint) - A parallel php linting tool for PHP 5.3.3 or newer+🛠 [Kiuwan](https://www.kiuwan.com/code-security-sast/:copyright: Identify and remediate cyber threats in a blazingly fast, collaborative environment, with seamless integration in your SDLC. Python, C\C++, Java, C#, PHP and more
  
-🛠 [PHP Magic Number Detector](https://github.com/povils/phpmnd) - PHP Magic Number Detector+🛠 [oclint](https://github.com/oclint/oclint) - A static source code analysis tool to improve quality and reduce defects for C, C++ and Objective-C
  
-🛠 [PHP-malware-finder](https://github.com/nbs-system/php-malware-finder) Detect potentially malicious PHP files+🛠 [pfff](https://github.com/facebook/pfff) Facebook's tools for code analysis, visualizations, or style-preserving source transformation for many languages
  
-🛠 [PHP Mess Detector](http://phpmd.org/) - Look for several potential problems within source code.+🛠 [PMD](https://pmd.github.io/) - source code analyzer for Java, Javascript, PLSQL, XML, XSL and others
  
-🛠 [PHP Reaper](https://github.com/emanuil/php-reaper.git) - Scan ADOdb code for SQL Injections.+🛠 [Pronto](https://github.com/prontolabs/pronto) - Quick automated code review of your changes. Supports more than 40 runners for various languages, including Clang, Elixir, JavaSCript, PHP, Ruby and more
  
-🛠 [PHP SA](https://github.com/ovr/phpsa) - A development tool aimed at bringing complex analysis for PHP applications and libraries.+🛠 [pre-commit](https://github.com/pre-commit/pre-commit) - A framework for managing and maintaining multi-language pre-commit hooks.
  
-🛠 [PHP Stan](https://github.com/phpstan/phpstan) - Focuses on finding errors in code without actually running it.+🛠 [PT.PM](https://github.com/PositiveTechnologies/PT.PM) - An engine for searching patterns in the source code, based on Unified AST or UST. At present time C#, Java, PHP, PL/SQL, T-SQL, and JavaScript are supported. Patterns can be described within the code or using a DSL.
  
-🛠 [PHP Unlocker](http://emanuilslavov.com/php-unlocker/) - Detect potential, unintended DB table locks for PHP applications using ADOdbUses static analysis methods.+🛠 [PVS-Studio](https://www.viva64.com/en/pvs-studio/) :copyright: a ([conditionally free](https://www.viva64.com/en/b/0614/) for FOSS and individual developers) static analysis of C, C++, C# and Java code. For advertising purposes [you can propose a large FOSS project for analysis by PVS employees](https://github.com/viva64/pvs-studio-check-list). Supports CWE mapping, MISRA and CERT coding standards.
  
 +🛠 [Reviewdog](https://github.com/haya14busa/reviewdog) - A tool for posting review comments from any linter in any code hosting service.
  
-🛠 [PHP testability](https://github.com/edsonmedina/php_testability) - Analyses and produces a report with testability issues of a php codebase.+🛠 [Security Code Scan](https://security-code-scan.github.io/) - Security code analyzer for C# and VB.NET. Detects various security vulnerability patterns: SQLi, XSS, CSRF, XXE, Open Redirect, etc.
  
 +🛠 [Semmle QL and LGTM](https://semmle.com/) :copyright: - Find security vulnerabilities, variants, and critical code quality issues using queries over source code. Automatic PR code review; free for public GitHub/Bitbucket repo: [LGTM.com](https://LGTM.com).
  
-🛠 [PHP vuln hunter](https://github.com/OneSourceCat/phpvulhunter) - Scan PHP vulnerabilities automatically using static analysis methods.+🛠 [shipshape](https://github.com/google/shipshape) - Static program analysis platform that allows custom analyzers to plug in through a common interface
  
-🛠 [Progpilot](https://github.com/designsecurity/progpilot) - A static analysis tool for security purposes.+🛠 [SonarQube](http://www.sonarqube.org/) - SonarQube is an open platform to manage code quality.
  
-🛠 [Psalm](https://getpsalm.org/) - A static analysis tool for finding errors in PHP applications.+🛠 [STOKE](https://github.com/StanfordPL/stoke) - a programming-language agnostic stochastic optimizer for the x86_64 instruction setIt uses random search to explore the extremely high-dimensional space of all possible program transformations
  
-🛠 [psecio:parse](https://github.com/psecio/parse.git- Parse : A PHP Security Scanner.+🛠 [Synopsys](https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html) :copyright: - commercial static analysis platform that allows for scanning of multiple languages (C/C++, Android, C#, Java, JS, PHP, Python, Node.JS, Ruby, Fortran, and Swift)
  
 +🛠 [TscanCode](https://github.com/Tencent/TscanCode) - A fast and accurate static analysis solution for C/C++, C#, Lua codes provided by Tencent. Using GPLv3 license.
  
-🛠 [Side Channel Analyzer](https://github.com/olivo/side-channel-analyzer) - Search for side-channel vulnerable code.+🛠 [Undebt](https://github.com/Yelp/undebt) Language-independent tool for massive, automatic, programmable refactoring based on simple pattern definitions
  
-🛠 [TaintPHP](https://github.com/olivo/TaintPHP.git) - Static Taint Analyzer.+🛠 [Veracode](http://www.veracode.com/products/static-analysis-sast/static-code-analysis:copyright: - Find flaws in binaries and bytecode without requiring source. Support all major programming languages: Java, .NET, JavaScript, Swift, Objective-C, C, C++ and more.
  
-🛠 [Taint'em All](http://taint.spro.ink/) - A taint analysis tool for the PHP language, it makes use of Static Taint Analysis + Symbolic Execution.+🛠 [WALA](http://wala.sourceforge.net/wiki/index.php/Main_Page) - static analysis capabilities for Java bytecode and related languages and for JavaScript
  
-🛠 [Tuli](https://github.com/ircmaxell/Tuli) - A static analysis engine.+🛠 [WhiteHat Application Security Platform](https://www.whitehatsec.com/products/static-application-security-testing/) :copyright: WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10. Language support for: Java, C#(.NET), ASP.NET, PHP, JavaScript, Node.js, Objective-C, Android, HTML5, TypeScript
  
-🛠 [Unused-scanner](https://github.com/Insolita/unused-scanner.git) - Detect unused composer dependencies+🛠 [Wotan](https://github.com/fimbullinter/wotan) - Pluggable TypeScript and JavaScript linter
  
-🛠 [WAP](https://www.owasp.org/index.php/OWASP_WAP-Web_Application_Protection) - Tool to detect and correct input validation vulnerabilities in PHP (4.0 or higher) web applications and predicts false positives+🛠 [XCode](https://developer.apple.com/xcode/) :copyright: XCode provides a pretty decent UI for [Clang's](http://clang-analyzer.llvm.org/xcode.html) static code analyzer (C/C++, Obj-C)
  
-🛠 [PHP VarDump Check](https://github.com/JakubOnderka/PHP-Var-Dump-Check) - PHP console application for finding forgotten variable dump. 
  
-🛠 [17eyes](https://github.com/17eyes/17eyes) - PHP static analyzer written in Haskell. 
code_scanners.1570769026.txt.gz · Dernière modification: 2019/10/11 06:43 par M0N5T3R