image.png

SAST (Static Application Security Testing)

Semgrep (Python, JavaScript, Java, Go & more) + правила:  XSS / DOM-based XSS

**Horusec (for C#, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart, Elixir, Shell, and Nginx)**

Brakeman (for Ruby)

Bandit (for Python)

**FindBugs (for Java)**

**Kubesec (for Kubernetes)**

**Bearer (for JavaScript, TypeScript, Ruby, and Java stacks)**

Mate (for C/C++)

**CodeQL by GitHub**


DAST (Dynamic Application Security Testing)

Untrusted TypesPostMessage tracker


Info

https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools