Analysis tools logo

15 Node.js Static Analysis Tools

Type:
Any
0
0

njsscan

  • Type: cli
264

A static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep.

0

NodeJSScan

  • Type: cli
  • Type: service
2026

A static security code scanner for Node.js applications powered by libsast and semgrep that builds on the njsscan cli tool. It features a UI with various dashboards about an application's security status.

0

Offensive 360

  • Type: web

Commercial Static Code Analysis system doesn't require building the source code or pre-compilation.

0

RIPS

  • Type: cli

A static source code analyser for vulnerabilities in PHP scripts.

0

Semgrep

  • Type: cli
  • Type: service
7158

A fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. Its rules look like the code you already write; no abstract syntax trees or regex wrestling. Supports 17+ languages.

0

ShiftLeft Scan

  • Type: cli
  • Type: service
527

Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines.

0

Sigrid

  • Type: cli
  • Type: service

Sigrid helps you to improve your software by measuring your system's code quality, and then compares the results against a benchmark of thousands of industry systems to give you concrete advice on areas where you can improve.

0

standard

  • Type: cli
27494

An npm module that checks for Javascript Styleguide issues.

0

Synopsys

  • Type: cli

A commercial static analysis platform that allows for scanning of multiple languages (C/C++, Android, C#, Java, JS, PHP, Python, Node.JS, Ruby, Fortran, and Swift).

0

ThreatMapper

  • Type: service
  • Type: web
2158

Vulnerability Scanner and Risk Evaluation for containers, serverless and hosts at runtime. ThreatMapper generates runtime BOMs from dependencies and operating system packages, matches against multiple threat feeds, scans for unprotected secrets, and scores issues based on severity and risk-of-exploit.

0

trivy

  • Type: cli
14079

A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Checks containers and filesystems.

0

WhiteHat Application Security Platform

  • Type: cli

WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10.

❤️ Sponsor this project

We are currently looking for partners who want to sponsor hosting and development of the project.

Check out our Github Sponsors page here

Missing an entry? Please let us know.