SAST (Static Application Security Testing)
Semgrep (Python, JavaScript, Java, Go & more) + правила: XSS / DOM-based XSS
**Horusec (for C#, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart, Elixir, Shell, and Nginx)**
🐻 **Bearer (for JavaScript, TypeScript, Ruby, and Java stacks)**
Terrascan (by Tenable - K8, Docker, Cuber, CFT, ARM etc)
Trivy (Repos, Containers, Kuber)
Bandit (for Python)
**Kubesec (for Kubernetes)**
Mate (for C/C++)
DAST (Dynamic Application Security Testing)
Untrusted Types / PostMessage tracker
Info