User-friendly documentation for the SARIF file format.
-
Updated
Dec 15, 2023
#
sarif
Here are 353 public repositories matching this topic...
โ๏ธ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle
javascript kotlin python java go php typescript static-code-analysis dotnet static-analysis actions code-review code-quality sarif devsecops code-scanning azure-pipelines github-actions azure-extensions qodana
-
Updated
May 21, 2026 - JavaScript
Corax for Java: A general static analysis framework for java code checking.
java security security-audit static-code-analysis static-analysis code-analysis owasp vulnerability software-analysis program-analysis taint-analysis soot abstract-interpretation cwe sarif sast flowdroid
-
Updated
Dec 3, 2024 - Kotlin
A security scanner as fast as a linter, written in Rust. Batteries included, TUI for triage, secrets, post-quantum audits, diff-aware scans and more ๐ฅ
rust cli security tree-sitter linter static-analysis pre-commit sarif vulnerability-scanner sast code-security semgrep opengrep
-
Updated
May 19, 2026 - Rust
Lint, format and auto-fix your Groovy / Jenkinsfile / Gradle files using command line
lint groovy gradle nextflow ci groovy-language linter codenarc jenkinsfile hacktoberfest sarif code-quality-analyzer sarif-report megalinter
-
Updated
May 21, 2026 - JavaScript
AI Bill of Materials โ discover every AI agent, model, and API in your infrastructure
-
Updated
May 10, 2026 - Python
๐ง JetBrains Qodanaโs official command line tool
javascript kotlin python java cli php typescript static-code-analysis ci code-review code-quality sarif devsecops code-scanning qodana sarif-report
-
Updated
May 20, 2026 - Go
Enterprise AI Red Team Platform | ไผไธ็บงAI็บข้ๅนณๅฐ | 132 MCP Tools | Pure Python Engines | SDK+CLI+MCP | Auto-Download sqlmap/nuclei/ffuf | Production C2 | LLM Enhanced | Docker Sandbox | SARIF CI/CD | 1980 Tests
python cli automation sdk mcp active-directory knowledge-graph penetration-testing mcts kerberos nuclei vulnerability-scanners red-team sarif security-tools c2 docker-sandbox lateral-movement ai-powered llm
-
Updated
May 18, 2026 - Python
Semantic SBOM/CBOM diff, quality scoring, and TUI analysis tool for CycloneDX/SPDX โ covering component changes, dependency shifts, license conflicts, vulnerabilities, cryptographic inventory grading, and PQC compliance (CNSA 2.0, NIST IR 8547).
vex spdx appsec post-quantum-cryptography vulnerability-management sarif oss-compliance licence-management security-compliance sbom pqc cyclonedx software-supply-chain-security sbom-tool sbom-quality cbom cryptographic-inventory cyber-resilience-act
-
Updated
May 21, 2026 - Rust
Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
-
Updated
Sep 4, 2020 - Python
Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.
nodejs npm security sarif devsecops vulnerability-scanner malware-detection credential-theft github-actions open-source-security supply-chain-security sarif-report package-security shai-hulud shai-hulud-detector shai-hulud-attack shai-hulud2-detector shai-hulud2 shai-hulud2-inspector sha1-hulud
-
Updated
May 22, 2026 - TypeScript
Lockfile-first scanner for compromised npm/PyPI/Maven/Cargo/Go/RubyGems packages โ OSV + curated extras feed, SLSA L3, locked-container CI
python go cli npm security rubygems maven pypi supply-chain cargo osv sca sarif lockfile devsecops vulnerability-scanner slsa supply-chain-security dependency-scanner sigstore
-
Updated
May 5, 2026 - Python
โฟ Suite of open and standards-based tools for performing reliable accessibility conformance testing at scale
testing typescript accessibility a11y aria monorepo wcag json-ld earl data-processing customer-facing act sarif horizon2020
-
Updated
May 19, 2026 - HTML
A React-based component for viewing SARIF files.
-
Updated
Nov 12, 2024 - TypeScript
Go library for SARIF - Static Analysis Results Interchange Format
-
Updated
Apr 24, 2026 - Go
PHP static analysis for architecture & maintainability โ 60+ metrics, complexity analysis, dependency graphs, git churn hotspots, and AI-ready MCP server. Alternative to PHPMetrics.
php metrics mcp architecture static-analysis code-analysis ast complexity developer-tools php-static-analysis code-quality quality-assurance technical-debt code-metrics sarif maintainability
-
Updated
May 16, 2026 - PHP
AI-native security auditor on AgentField that proves exploitability with verdicts, traces, and actionable evidence.
python open-source security developer-tools application-security cwe autonomous-agents sarif devsecops ai-agents vulnerability-scanner graphql-security sast ai-security llm agentic-ai agentfield
-
Updated
Apr 6, 2026 - Python
Threat modeling and AI-reasoning vulnerability detection harness for Claude Code โ STRIDE + AI + MAESTRO
security cybersecurity threat-modeling attack-trees sarif devsecops stride ai-security llm-security claude-code agentic-security
-
Updated
May 14, 2026 - Python
๐ GitHub Action for running ShellCheck differentially
shell bash docker linter shellcheck sarif sast github-action shellcheck-action differential-scans full-scans
-
Updated
May 1, 2026 - Shell
Improve this page
Add a description, image, and links to the sarif topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the sarif topic, visit your repo's landing page and select "manage topics."