Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
code_scanners [2019/10/25 13:00] M0N5T3R |
code_scanners [2023/11/10 10:50] (Version actuelle) M0N5T3R |
||
---|---|---|---|
Ligne 6: | Ligne 6: | ||
- | 🛠 sonarqube https://www.sonarqube.org/ | + | 🛠 Semgrep - Semgrep accelerates your security journey by swiftly scanning code and package dependencies for known issues, software vulnerabilities, and detected secrets with unparalleled efficiency. |
+ | https://github.com/semgrep/semgrep | ||
+ | |||
+ | 🛠 CodeQL - CodeQL is the analysis engine used by developers to automate security checks. C , C++, java, python .. https://codeql.github.com/ | ||
+ | |||
+ | |||
+ | 🛠ApplicationInspector - | ||
+ | Application Inspector is different from traditional static analysis tools in that it doesn't attempt to identify "good" or "bad" patterns; it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security such as the use of cryptography and more. This can be extremely helpful in reducing the time needed to determine what Open Source or other components do by examining the source directly rather than trusting to limited documentation or recommendations. | ||
+ | The tool supports scanning various programming languages including C, C++, C#, Java, JavaScript, HTML, Python, Objective-C, Go, Ruby, PowerShell and more and can scan projects with mixed language files. | ||
+ | https://github.com/microsoft/ApplicationInspector | ||
+ | |||
+ | 🛠 grep rough audit - source code auditing tool - The following databases are included: | ||
+ | actionscript, android, asp, c, dotnet, exec, fruit, ios, java, js, perl, php, python, rough, ruby, secrets, spsqli, sql, strings, xss, https://github.com/wireghoul/graudit | ||
🛠 VisualCodeGrepper (VCG) - https://sourceforge.net/projects/visualcodegrepp/ | 🛠 VisualCodeGrepper (VCG) - https://sourceforge.net/projects/visualcodegrepp/ | ||
Ligne 27: | Ligne 40: | ||
🛠 [coala](https://coala.io/) - Language independent framework for creating code analysis - supports [over 60 languages](https://coala.io/languages) by default | 🛠 [coala](https://coala.io/) - Language independent framework for creating code analysis - supports [over 60 languages](https://coala.io/languages) by default | ||
- | 🛠 [Cobra](http://spinroot.com/cobra/) :copyright: - Structural source code analyzer by NASA's Jet Propulsion Laboratory. Supports C, C++, Ada, and Python. | + | 🛠 [Cobra](https://github.com/WhaleShark-Team/cobra) :A static code analysis system that automates the detecting vulnerabilities and security issue Supports C, C++,php. |
🛠 [codeburner](https://github.com/groupon/codeburner) - Provides a unified interface to sort and act on the issues it finds | 🛠 [codeburner](https://github.com/groupon/codeburner) - Provides a unified interface to sort and act on the issues it finds |