Analysis tools logo

22 Containers Static Analysis Tools

Type:
Any
113

Mega-Linter

  • Type: cli
959

Mega-Linter can handle any type of project thanks to its 70+ embedded Linters, its advanced reporting, runnable on any CI system or locally, with assisted installation and configuration, able to apply formatting and fixes

25

ThreatMapper

  • Type: service
  • Type: web
2581

Vulnerability Scanner and Risk Evaluation for containers, serverless and hosts at runtime. ThreatMapper generates runtime BOMs from dependencies and operating system packages, matches against multiple threat feeds, scans for unprotected secrets, and scores issues based on severity and risk-of-exploit.

16

DeepSource

  • Type: service

In-depth static analysis to find issues in verticals of bug risks, security, anti-patterns, performance, documentation and style. Native integrations with GitHub, GitLab and Bitbucket. Less than 5% false positives.

6

Codeac

  • Type: service

Automated code review tool integrates with GitHub, Bitbucket and GitLab (even self-hosted). Available for JavaScript, TypeScript, Python, Ruby, Go, PHP, Java, Docker, and more. (open-source free)

3

Haskell Dockerfile Linter

  • Type: cli
7871

A smarter Dockerfile linter that helps you build best practice Docker images.

2

kics

  • Type: cli
1343

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible

2

trivy

  • Type: cli
15122

A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Checks containers and filesystems.

1

CodeFlow

  • Type: service

Automated code analysis tool to deal with technical depth. Integrates with Bitbucket and Gitlab. (free for Open Source Projects)

1

Snyk Code

  • Type: service

Snyk Code finds security vulnerabilities based on AI. Its speed of analysis allow us to analyse your code in real time and deliver results when you hit the save button in your IDE. Supported languages are Java, JavaScript, Python, PHP, C#, Go and TypeScript. Integrations with GitHub, BitBucket and Gitlab. It is free to try and part of the Snyk platform also covering SCA, containers and IaC.

0

anchore

  • Type: cli
1514

Discover, analyze, and certify container images. A service that analyzes Docker images and applies user-defined acceptance policies to allow automated container image validation and certification

0

clair

  • Type: cli
9201

Vulnerability Static Analysis for Containers.

0

collector

  • Type: cli
288

Run arbitrary scripts inside containers, and gather useful information.

0

dagda

  • Type: cli
1012

Perform static analysis of known vulnerabilities in docker images/containers.

0

Docker Label Inspector

  • Type: cli
80

Lint and validate Dockerfile labels.

0

Offensive 360

  • Type: web

Commercial Static Code Analysis system doesn't require building the source code or pre-compilation.

0

OpenSCAP

  • Type: cli
1019

Suite of automated audit tools to examine the configuration and known vulnerabilities following the NIST-certified Security Content Automation Protocol (SCAP).

0

Qualys Container Security

  • Type: service

Container native application protection to provide visibility and control of containerized applications.

0

sysdig

  • Type: service

A secure DevOps platform for cloud and container forensics. Built on an open source stack, Sysdig provides Docker image scanning and created Falco, the open standard for runtime threat detection for containers, Kubernetes and cloud.

0

Vuls

  • Type: cli
9663

Agent-less Linux vulnerability scanner based on information from NVD, OVAL, etc. It has some container image support, although is not a container specific tool.

-3

ShiftLeft Scan

  • Type: cli
  • Type: service
548

Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines.

❤️ Sponsor this project

We are currently looking for partners who want to sponsor hosting and development of the project.

Check out our Github Sponsors page here

Missing an entry? Please let us know.