Outils d'utilisateurs
code_scanners
Différences
Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
|
code_scanners [2019/10/11 07:53] M0N5T3R |
code_scanners [2023/11/10 10:50] (Version actuelle) M0N5T3R |
||
|---|---|---|---|
| Ligne 1: | Ligne 1: | ||
| - | 🛠 sonarqube https://www.sonarqube.org/ | + | FIXME **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci |
| - | 🛠 VisualCodeGrepper (VCG) - https://sourceforge.net/projects/visualcodegrepp/ | ||
| - | 🛠 Checkmarx https://www.checkmarx.com/ | + | ====== Code scanners ====== |
| - | 🛠 [AppChecker](https://npo-echelon.ru/en/solutions/appchecker.php) - static analysis tool for finding bugs, weaknesses and vulnerabilities in source code | + | 🛠 Semgrep - Semgrep accelerates your security journey by swiftly scanning code and package dependencies for known issues, software vulnerabilities, and detected secrets with unparalleled efficiency. |
| + | https://github.com/semgrep/semgrep | ||
| - | 🛠 [Code insight](https://github.com/console-helpers/code-insight) - A tool for analysing other project code bases. | + | 🛠 CodeQL - CodeQL is the analysis engine used by developers to automate security checks. C , C++, java, python .. https://codeql.github.com/ |
| - | 🛠 [Churn-PHP](https://github.com/bmitch/churn-php.git) - Discover files in need of refactoring. | ||
| - | 🛠 [Eir](https://github.com/Lixody/Eir) - A static vulnerability analysis tool written in C#. | + | 🛠ApplicationInspector - |
| + | Application Inspector is different from traditional static analysis tools in that it doesn't attempt to identify "good" or "bad" patterns; it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security such as the use of cryptography and more. This can be extremely helpful in reducing the time needed to determine what Open Source or other components do by examining the source directly rather than trusting to limited documentation or recommendations. | ||
| + | The tool supports scanning various programming languages including C, C++, C#, Java, JavaScript, HTML, Python, Objective-C, Go, Ruby, PowerShell and more and can scan projects with mixed language files. | ||
| + | https://github.com/microsoft/ApplicationInspector | ||
| - | 🛠 [Exakat](http://www.exakat.io/) - Smart static analysis. | + | 🛠 grep rough audit - source code auditing tool - The following databases are included: |
| + | actionscript, android, asp, c, dotnet, exec, fruit, ios, java, js, perl, php, python, rough, ruby, secrets, spsqli, sql, strings, xss, https://github.com/wireghoul/graudit | ||
| - | 🛠 [jscpd](https://github.com/kucherenko/jscpd) - Copy/paste detector for programming source code. | ||
| - | 🛠 [Mondrian](https://github.com/Trismegiste/Mondrian) - A code analysis tool using Graph Theory. | + | 🛠 VisualCodeGrepper (VCG) - https://sourceforge.net/projects/visualcodegrepp/ |
| - | + | ||
| - | 🛠 [noverify](https://github.com/VKCOM/noverify) - Pretty fast linter (code static analysis utility) for PHP. | + | |
| - | + | ||
| - | 🛠 [Pfff](https://github.com/facebook/pfff) - Tools for code analysis, visualizations, or style-preserving source transformation. | + | |
| - | + | ||
| - | 🛠 [PHP Analysis](https://github.com/cwi-swat/php-analysis) - A library for analysing and modifying PHP Source Code in Rascal (PHP AiR). | + | |
| - | + | ||
| - | 🛠 [PHParch](https://github.com/j6s/phparch.git) - PHPArch is a work in progress architectural testing library for PHP projects. | + | |
| - | + | ||
| - | + | ||
| - | 🛠 [PHP Assumption](https://github.com/rskuipers/php-assumptions.git) - Finds <a href="http://rskuipers.com/entry/from-assumptions-to-assertions">weak assumptions</a> in the code, suggest to turn them into stronger validations. | + | |
| - | + | ||
| - | 🛠 [PhpCodeAnalyzer](https://github.com/wapmorgan/PhpCodeAnalyzer.git) - Finds usage of non-built-in extensions. | + | |
| - | + | ||
| - | + | ||
| - | 🛠 [PHPCodeFixer](https://github.com/wapmorgan/PhpCodeFixer) - Finds usage of deprecated functions, variables and ini directives. | + | |
| - | + | ||
| - | 🛠 [php7mar](https://github.com/Alexia/php7mar) - PHP 7 Migration Assistant Report. | + | |
| - | + | ||
| - | 🛠 [phpcallgraph](http://phpcallgraph.sourceforge.net/) - Generate static call graphs. Such a graph visualizes the call dependencies among methods or functions of an application.. | + | |
| - | + | ||
| - | 🛠 [PHPCPD](https://github.com/sebastianbergmann/phpcpd) - Spots copy/pasted code, and help enforcing DRY rule. | + | |
| - | + | ||
| - | 🛠 [Phan](https://github.com/etsy/phan) - The static analyzer by Rasmus, PHP Creator. | + | |
| - | + | ||
| - | 🛠 [Phinder](https://github.com/sider/phinder.git) - PHP code piece finder | + | |
| - | + | ||
| - | 🛠 [Phortress](https://github.com/lowjoel/phortress) - A PHP static code analyser for potential vulnerabilities. | + | |
| - | + | ||
| - | + | ||
| - | 🛠 [PHP Code Static Analysis](https://github.com/joaaoleite/code-static-analysis) - PHP Code static analysis program made in nodeJS. | + | |
| - | + | ||
| - | 🛠 [PHP Inspection](https://plugins.jetbrains.com/plugin/7622?pr=idea) - Static analysis plugin for PHPStorm. | + | |
| - | + | ||
| - | 🛠 [PHP Integrator](https://github.com/php-integrator) - Indexes PHP code and performs static analysis for Atom editor. | + | |
| - | + | ||
| - | 🛠 [Phlint](https://gitlab.com/phlint/phlint) - Phlint is a tool with an aim to help maintain quality of php code by analyzing code and pointing out potential code issues. | + | |
| - | + | ||
| - | 🛠 [PHP lint](http://php.net/manual/en/features.commandline.options.php) - PHP itself, able to detect syntax error from command line. | + | |
| - | + | ||
| - | 🛠 [PHPlint](http://www.icosaedro.it/phplint/) - A validator and documentator for PHP 5 programs. | + | |
| - | + | ||
| - | 🛠 [PHP-Parallel-Lint](https://github.com/JakubOnderka/PHP-Parallel-Lint) - A parallel php linting tool for PHP 5.3.3 or newer | + | |
| - | + | ||
| - | 🛠 [PHP Magic Number Detector](https://github.com/povils/phpmnd) - PHP Magic Number Detector | + | |
| - | + | ||
| - | 🛠 [PHP-malware-finder](https://github.com/nbs-system/php-malware-finder) - Detect potentially malicious PHP files | + | |
| - | + | ||
| - | 🛠 [PHP Mess Detector](http://phpmd.org/) - Look for several potential problems within source code. | + | |
| - | + | ||
| - | 🛠 [PHP Reaper](https://github.com/emanuil/php-reaper.git) - Scan ADOdb code for SQL Injections. | + | |
| - | + | ||
| - | 🛠 [PHP SA](https://github.com/ovr/phpsa) - A development tool aimed at bringing complex analysis for PHP applications and libraries. | + | |
| - | + | ||
| - | 🛠 [PHP Stan](https://github.com/phpstan/phpstan) - Focuses on finding errors in code without actually running it. | + | |
| - | + | ||
| - | 🛠 [PHP Unlocker](http://emanuilslavov.com/php-unlocker/) - Detect potential, unintended DB table locks for PHP applications using ADOdb. Uses static analysis methods. | + | |
| - | + | ||
| - | + | ||
| - | 🛠 [PHP testability](https://github.com/edsonmedina/php_testability) - Analyses and produces a report with testability issues of a php codebase. | + | |
| - | + | ||
| - | + | ||
| - | 🛠 [PHP vuln hunter](https://github.com/OneSourceCat/phpvulhunter) - Scan PHP vulnerabilities automatically using static analysis methods. | + | |
| - | + | ||
| - | 🛠 [Progpilot](https://github.com/designsecurity/progpilot) - A static analysis tool for security purposes. | + | |
| - | + | ||
| - | 🛠 [Psalm](https://getpsalm.org/) - A static analysis tool for finding errors in PHP applications. | + | |
| - | + | ||
| - | 🛠 [psecio:parse](https://github.com/psecio/parse.git) - Parse : A PHP Security Scanner. | + | |
| - | + | ||
| - | + | ||
| - | 🛠 [Side Channel Analyzer](https://github.com/olivo/side-channel-analyzer) - Search for side-channel vulnerable code. | + | |
| - | + | ||
| - | 🛠 [TaintPHP](https://github.com/olivo/TaintPHP.git) - Static Taint Analyzer. | + | |
| - | + | ||
| - | 🛠 [Taint'em All](http://taint.spro.ink/) - A taint analysis tool for the PHP language, it makes use of Static Taint Analysis + Symbolic Execution. | + | |
| - | + | ||
| - | 🛠 [Tuli](https://github.com/ircmaxell/Tuli) - A static analysis engine. | + | |
| - | + | ||
| - | 🛠 [Unused-scanner](https://github.com/Insolita/unused-scanner.git) - Detect unused composer dependencies | + | |
| - | + | ||
| - | 🛠 [WAP](https://www.owasp.org/index.php/OWASP_WAP-Web_Application_Protection) - Tool to detect and correct input validation vulnerabilities in PHP (4.0 or higher) web applications and predicts false positives. | + | |
| - | + | ||
| - | + | ||
| - | + | ||
| - | 🛠 [PHP VarDump Check](https://github.com/JakubOnderka/PHP-Var-Dump-Check) - PHP console application for finding forgotten variable dump. | + | |
| - | 🛠 [17eyes](https://github.com/17eyes/17eyes) - PHP static analyzer written in Haskell. | ||
| Ligne 125: | Ligne 40: | ||
| 🛠 [coala](https://coala.io/) - Language independent framework for creating code analysis - supports [over 60 languages](https://coala.io/languages) by default | 🛠 [coala](https://coala.io/) - Language independent framework for creating code analysis - supports [over 60 languages](https://coala.io/languages) by default | ||
| - | 🛠 [Cobra](http://spinroot.com/cobra/) :copyright: - Structural source code analyzer by NASA's Jet Propulsion Laboratory. Supports C, C++, Ada, and Python. | + | 🛠 [Cobra](https://github.com/WhaleShark-Team/cobra) :A static code analysis system that automates the detecting vulnerabilities and security issue Supports C, C++,php. |
| 🛠 [codeburner](https://github.com/groupon/codeburner) - Provides a unified interface to sort and act on the issues it finds | 🛠 [codeburner](https://github.com/groupon/codeburner) - Provides a unified interface to sort and act on the issues it finds | ||
code_scanners.1570773202.txt.gz · Dernière modification: 2019/10/11 07:53 par M0N5T3R
Outils de la Page
Sauf mention contraire, le contenu de ce wiki est placé sous la licence suivante : CC Attribution-Share Alike 3.0 Unported
