code-scanning

A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.

Extensions to the PHP Reflection API, static code scanning, and code generation

Actions for running CodeQL analysis

🚀 Useful README.md, LICENSE, CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md, GitHub Issues, Pull Requests and Actions templates to jumpstart your projects.

📝 Source repository of Qodana Help

⚙️ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle

Telling tales on you for leaking secrets!

codemillx is a tool for CodeQL, extract the comments in the code and generate codeql module. 强化Go开源项目安全检测(内含开源项目漏洞挖掘方法)

🔧 JetBrains Qodana’s official command line tool

NaiveSystems Analyze is a static analysis tool for code security and compliance.

This repository contains CodeQL queries and libraries which support various Coding Standards.

GitHub Advance Security Compliance Action

Code scanner to check for issues in prompts and LLM calls

Code Pathfinder, the open-source alternative to GitHub CodeQL built with GoLang. Built for advanced structural search, derive insights, find vulnerabilities in code.

Codety Scanner is a comprehensive code scanner designed to detect code issues for 30+ programming languages and IaC frameworks. It embeds more than 6,000 code analysis rules and can detect code smells, vulnerable code, secrets in the code, performance issues, style violations, and more.

A GitHub action for organizations that enables advanced security code scanning on all new repos

CodeScanAI is an open source tool that utilizes powerful AI models (OpenAI, Gemini, and even self-hosted servers) to scan your codebase for possible security vulnerabilities.

GitHub Action for filtering Code Scanning alerts by path and id

Action to retrofit a CodeQL bundle with additional queries, libraries, and customizations