Combine all available linters to automatically validate your sources without configuration

mobsfscan is a SAST that can find insecure code patterns in your Android and iOS source code

Execute Flawfinder to scan source code for vulnerabilities

Scan project dependencies for restrictive and incompatible licenses

checks if your Node.js installation is vulnerable to known security vulnerabilities

Scan your projects with Qodana on GitHub. Docs: https://jb.gg/qodana-github-action

Run security analyzers

ghascompliance

Security scanning with Code-Pathfinder - an open-source CodeQL alternative

Runs Semgrep with all rules from semgrep-rules-manager

Run rules in a GitHub repository

Check for vulnerabilities in your container image

Scalable and interprocedural C# code analyzer for detecting race condition, null pointer derefs and resource leaks

Add flair to your infrastructure repositories with Terrafetch

Scans your code for violations using Salesforce Code Analyzer, uploads results as an artifact, and creates a job summary

GitHub Action for performing differential scans using ShellCheck linter

AI supply chain security scanner. Detects malware in Pickle, PyTorch, Keras, and GGUF models and verifies integrity

An AI Supply Chain security tool that that detects Pickle bombs and generates CycloneDX SBOMs for ML models

Runs tfsec and outputs any failures

Run tfsec against terraform code base and upload the sarif output to the github repo