JSPM

Command-line tool for detecting vulnerabilities in files and directories.

This is the SOOS API Client for registered clients leveraging the various integrations to the SOOS platform. Register for a free trial today at https://app.soos.io/register

Zero-config security scanner for React Native & Expo apps. Find vulnerabilities with 68 security rules covering Android, iOS, and React Native specific issues.

Security MCP for vibe coding. 390 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis, +25 AI-native rules (MCP supply-chain, RAG/vector poisoning, agent loop DoS, public-prefix

AEGIS core engine — orchestrator, scoring (0-1000), config loader with Zod-strict schema, suppression filter, shared types + utilities. The foundation of the AEGIS security-scanner suite for Next.js + Supabase.

AEGIS scanner registry — 41 built-in regex checkers + 1 AST cross-file taint analyzer + 20 external-tool wrappers (16 SAST/DAST: Semgrep, Gitleaks, Trivy, ZAP, …; +1 passive subdomain-recon: Subfinder; +3 LLM-agent pentest: Strix, PTAI, Pentest-Swarm-AI —

AI-powered static analysis CLI with LLM-enhanced vulnerability detection

LLM-enhanced SAST analysis built on circle-ir

AEGIS MCP server — exposes scan / findings / score / compliance / fix-suggestion tools to any Model Context Protocol agent (Claude Code, Cursor, Continue, Zed). Five registered tools: aegis_scan, aegis_findings, aegis_score, aegis_compliance, aegis_fix_su

High-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis

AEGIS CLI — paranoid stack-specific security scanner for Next.js + Supabase. 0-1000 score, 42 built-in checkers (+20 external-tool wrappers: 16 SAST/DAST + 1 passive subdomain-recon + 3 LLM-agent pentest frameworks), AST-based cross-file taint analysis, 4

Parse CSS, Sass, and SCSS into Unist syntax trees

Snitch CLI. Unified surface for Snitch security audits AND Snitch: Marketing audits. Runs on your device with your own AI provider key; Snitch's servers never receive your code or your audit findings. PKCE login, scope-gated subcommands.

A package API to run a static analysis of your module's dependencies.

SOOS Static Application Security Testing (SAST) scanning support. Register for a free SOOS trial at https://app.soos.io/register

VibeSecurity — Auditoria de segurança para quem cria com IA. Secrets, vulnerabilidades e rotas sem auth.

A security scanner as fast as a linter, written in Rust. 170+ built-in rules across 10 languages.

Deterministic QA plugin for Claude Code — CRAP index, Technical Debt Ratio, tree-sitter AST, SARIF 2.1.0, hooks, and a local Vue dashboard.

A PM for your AI coding agents. Delegate, orchestrate, and audit Claude Code, Codex, Aider, and OpenCode from one local web UI — every AI action traced, every file scored.

Multi-model security review for AI-generated code. Runs OpenAI, Anthropic, and Google reviewers in parallel and posts findings as PR comments.

AI security scanner for vibe-coded apps. Find vulnerabilities before attackers do.

Semantic static analysis engine for detecting security vulnerabilities via taint tracking

AI-powered multi-agent security platform. 23 agents scan 80+ attack classes including AI integration supply chain (Vercel-class attacks), Hermes Agent deployments (ASI-01–ASI-10), tool registry poisoning, function-call injection, skill permission drift, a

Kuzushi — security-native AI operating environment

KubbiSec ASPM — Application Security Posture Management CLI

10 security checks. Zero false positives. Ship with confidence.

Security scanning for the vibe coding era. MCP server + CLI that finds secrets, auth bugs, SQL injection, XSS, IDOR, and vulnerable deps — and opens fix PRs. Works in Cursor, Claude Code, and VS Code. Bring your own model (Anthropic, OpenAI, Gemini, Groq,

Security analysis and vulnerability detection for MUSUBIX - Neuro-Symbolic AI Integration with CodeQL-equivalent capabilities

Node.js security CLI

Pre-commit security gate for OWASP Top 10 2021 — SAST, SCA and misconfig checks for Node/Express, Go and React codebases

Open-source AI code-review assistant for application security. Flags likely vulnerabilities in source code with reasoning and suggested fixes.

Production-grade security hardening skill for Claude Code — AI/vibe-coded projects, OWASP Top 10, zero-trust, red-team, Supabase RLS, compliance (SOC 2, PCI-DSS, GDPR/LGPD)

SquireX MCP Server — Agentforce Capability Scanner for AI Coding Agents

The security and reliability linter for JavaScript and TypeScript

Agent Capability Scanner — Salesforce Agentforce, ServiceNow, MuleSoft, and MCP security analysis

Globstar-compatible static analysis tool for Node.js - A backward-compatible reimplementation of the MIT-licensed Globstar.dev SAST

NodeSecure tool enabling secured continuous delivery

Static analysis for LLM-application code. OWASP LLM Top 10 at commit time.

Run deep static and Docker-based dynamic secure code reviews directly inside VS Code.

AI-powered security scanner with 15 scan phases, 10 specialist agents, container/IaC/DAST/taint analysis, and AI-assisted remediation.

MCP server for security scanning — structured Trivy, Semgrep, and Gitleaks findings for AI agents

CodeSlick CLI tool for pre-commit security scanning — 308 checks across JS, TS, Python, Java, Go

Tiny security gate for CI/CD — orchestrates Semgrep, Gitleaks, osv-scanner, Trivy, and npm audit with a premium HTML report.

An MCP server supporting LLM requests for CodeQL development tools and resources.

Checkmarx CLI Plugin

Anthropic's vulnerability scanning scaffold (Carlini, [un]prompted 2026) — parallel Claude Code security scans per file

AI-powered code scanning agent that triages findings and creates Jira tickets

OWASP API security scanner with AI-assisted behavioral testing, static analysis, container scanning, and GraphQL probing.

Agentic security scanner for code repos — analyst + primary + secondary agent pipeline over OpenRouter / OpenAI / Anthropic models, with a live Ink terminal UI.

AEGIS Security Scanner — Governed Cyber Reasoning System

Static security scanner for AI CLI and MCP configurations — detects credential leaks, prompt injection, jailbreaks, and supply chain risks

Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1700+ vulnerability rules with AST & taint analysis, LLM-powered semantic code review, auto-fix. For Claude Code, Cursor, Windsu

Mako Security CLI - scan for vulnerabilities in dependencies, code, and infrastructure

Security scanner for AI-native codebases

Webhook security audit CLI — finds signature-verification bugs in JavaScript, TypeScript, and Python codebases. Local, deterministic, zero-network. Ships rules for Stripe, GitHub, Shopify, Slack, Twilio, and Square; JSON / SARIF 2.1.0 output for CI and Gi

Shared Secretlint config for Nick2bad4u projects.

AI agent governance platform — static scanning + runtime interception for Claude Code, Cursor, GitHub Copilot, Codex, LangChain, CrewAI, and Kiro. Blocks dangerous tool calls in real-time.

Client for interaction with Checkmarx products.

Local-first vulnerability reachability CLI for JavaScript and TypeScript

The security layer for AI agents — platform-agnostic threat detection with 300+ rules, runtime blocking, and remediation guidance. Continuous protection.

CodeQL security audit SDK for clawhub.ai AI skills

AI Code Security Auditor — catches vulnerabilities that LLMs introduce and SonarQube misses. Purpose-built for AI-generated code with educational feedback.

Local opensource pen-testing suite. Your code. Your AI. Your terms. `opt` is the CLI entry point.

MCP server for AI-powered security scanning - SAST, SCA, DAST, and secrets detection

VibeCheck Ultimate CLI — Ship with confidence. 65+ commands merged from 4 codebases: kernel infrastructure, ISL verification, Reality Mode, Agent Firewall, MCP Server.

Kira-Lite MCP Server — Real-time security scanning for AI coding assistants

AI-powered CLI security auditor that scans codebases for vulnerabilities, explains findings with exact code references, and optionally applies fixes. Provider-agnostic — works with Anthropic, OpenAI, Google, Azure, Vertex AI, and Ollama.

AI Agent Security — scan every tool call for secrets, PII, destructive commands, and prompt injection. Runs locally, zero dependencies, no signup required.

CodePipeline action to lint dockerfiles with hadolint

CodePipeline action to integrate Anchore Engine into your pipeline

Guardrail CLI - Enterprise security scanning with interactive menu, arrow navigation, and auto-installation

Background check for AI agents — discover, assess, and test before you ship

SafeWeave MCP server — Free SAST, secrets, and dependency scanning for AI code editors. Upgrade to Self-Hosted Pro for all 8 scanners + compliance profiles.

AI security MCP server and enforcement gate for Claude Code, Cursor, GitHub Copilot, Codex, Replit, and any MCP-compatible editor. Applies OWASP, MITRE ATT&CK, NIST, Zero Trust, PCI DSS, SOC 2, and ISO 27001.

Senior Security Auditor AI agent — performs thorough read-only security analysis of codebases. Identifies vulnerabilities, assesses risk via CVSS scoring, maps compliance gaps, and provides actionable remediation. Built with LangChain, LangGraph, and Groq

ExploitQ CLI — SAST, SCA, API security, and secrets scanning for CI/CD pipelines

BIT Security Review — MCP server for devs + CLI for CI/CD pipelines. Activates 7 specialized agents (SECRETS, AUTH, DATA, INPUT, DEPS, INCIDENTS, AGENTIC) mapped to OWASP A1–A10, OWASP Agentic AI T1–T15, and CWE.

MCP server providing AI coding agents with full programmatic access to the Checkmarx One security platform

CodeSlick Security Analysis MCP Server - 323 security checks across 5 languages + 17 MCP-specific behavioral checks + AI code detection

MCP server for Cybrium security tools — 1,815 rules, 75+ languages. SAST, secrets, IaC, K8s, supply-chain, endpoint posture.

SmartCheck is an extensible static analysis tool for discovering vulnerabilities and other code issues in Ethereum smart contracts written in the Solidity programming language.

Asyntax AI — security-scan your codebase from the terminal

AI-powered CLI vulnerability scanner using Gemini

GuardLink — Security annotations for code. Threat modeling that lives in your codebase.

Guardrails for AI-assisted development - Detects IDOR, missing input validation, hardcoded secrets, and other critical bugs in AI-generated code

Security scanner for AI-generated code — find vulnerabilities before you ship

CortexHQ: Security & Guardrails for AI Code

Bootstrap and run fcli fortify-setup action in any environment

A comprehensive security scanning tool for Vue.js projects with rule-based vulnerability detection

Security-first code scanner for AI-assisted development. Scan your code, get FIXES.md, let AI fix everything.

Quantum Viper CLI (qv) - Professional AI-Powered Security Analysis

A comprehensive n8n community node for Snyk security platform providing 12 resources and 60+ operations for vulnerability management, project monitoring, and security reporting.

Herramienta SAST (Análisis Estático de Seguridad) para detectar vulnerabilidades y código malicioso.

AI-powered codebase auditor — security, quality, performance, architecture & more

SiteShadow CLI — 2,021 security checks, 249 CWEs, 100% OWASP 2025 coverage.

Source-code-level security scanner for MCP server implementations

Comprehensive vulnerability scanning for code, dependencies, and configurations with CVE detection

PII Lexical Analyzer -- Detect PII in source code and map to GDPR/CCPA regulatory frameworks

Portable, standards-backed security policies for any AI coding agent. One command to install OWASP, CWE, NIST rules + security skills.

Vibecheck CLI - Ship with confidence. One verdict: SHIP | WARN | BLOCK.

AI-powered security scanner with 9-agent swarm. Detect secrets, vulnerabilities, attack paths. CLI, API, or cloud dashboard at app.aurasecurity.io

AICLUDE Security Vulnerability Scanner - Claude Code Skill for querying the AICLUDE scan database

Feature-rich MCP server for Black Duck Polaris — trigger SAST/SCA/DAST scans, query findings, generate reports (SBOM, SPDX, CycloneDX), manage policies, triage issues, and more. Works with Claude Code, Claude Desktop, GitHub Copilot, Cursor, and any MCP-c

TitanShieldAI CLI — AI-powered security scanner for your codebase. Zero config. Under 2 minutes.

The most comprehensive Angular security auditing tool. 150+ rules, 10 scan types (OWASP, API security, performance, accessibility, dependency audit, hacking, complexity, code quality). Auto-fix suggestions, HTML dashboard, SVG badge generation, SARIF expo

Security scanning engine for Model Context Protocol (MCP) servers. Detects hardcoded secrets, command injection, SSRF, auth misconfig, and compliance gaps.

MCP server for querying Black Duck Polaris security vulnerabilities, issues, and scan results

AI-powered security scanner for codebases and pull requests — SAST, secrets, dependencies, threat modeling

CLI for AI-powered security scanning of codebases and pull requests

BreachKit — AI security testing agent. MCP server that turns your coding agent into a pen tester. DAST, SAST, and SCA via Playwright.

AUDIT CLI binaries with automatic platform download and verification.

AI-native security scanner CLI for detecting vulnerabilities in AI-generated code, BYOK patterns, and modern web applications

Guardrail CLI - Enterprise security scanning with interactive menu, arrow navigation, and auto-installation

AICLUDE Security Vulnerability Scanner - MCP Server for querying vulnerability scan results

Security scanner for AI agent architectures - 220+ detection patterns and 5 runtime guard modules for prompt injection, SSRF, path traversal, credential exposure, MCP security, and OWASP ASI vulnerabilities

A Model Context Protocol (MCP) server that automatically analyzes security vulnerabilities in your code and generates secure code alternatives. This server integrates with Cursor IDE to provide real-time security analysis and secure code generation capabi

VEXLIT CLI — AI-powered code security vulnerability scanner

Security scanner for AI-generated code. Catches what traditional scanners miss.

MCP server for NoHack security scanning API - query vulnerabilities, secrets, scans, and repo configs

Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1700+ vulnerability rules with AST & taint analysis, LLM-powered semantic code review, auto-fix. For Claude Code, Cursor, Windsu

Kensa SAST プラグイン（Semgrep 統合、AI生成コード向けカスタムルール）

CodeThreat AppSec CLI for CI/CD integration and automated security scanning

A lightweight, extensible Static Application Security Testing (SAST) tool for JavaScript. Detects vulnerabilities like XSS, SQL injection, hardcoded secrets, prototype pollution, and more — with CWE references, severity ratings, and context-aware reportin

Comprehensive APK security analysis and forensic investigation tool for Android applications

CLI tool to detect leaked secrets, frontend exposure, and generate safe fixes.

Security Scanner for Financial Applications - CLI tool for detecting vulnerabilities, secrets, and security issues in fintech codebases

SynapseAudit CLI - AI-Powered Security Scanner for your code

The open-source security CLI hub — query, enrich, automate.

Venom — Autonomous AI pentester for developers. Find exploits AND fix them.

DevSecOps toolkit for AI-assisted secure development — security scanner, ISMS dashboard, asset management

Security scanner for AI-generated and vibe-coded projects. Detects secrets, injection attacks, weak crypto, backdoors, and more.

Official Model Context Protocol (MCP) server for Appknox - enables AI assistants to perform mobile application security testing

Open-source CLI for scanning repositories for security risks across code, infra, and dependencies.

Guardrail CLI — Ship with confidence. AI-native code scanning, security analysis, and quality gates.

GlanceVibe CLI - Security vulnerability scanner for JavaScript/TypeScript

Security guardrails and vulnerability scanning for OpenCode

Lightweight, zero-Python security scanner MCP server for AI coding agents. Fast install (~5s), 1700+ vulnerability rules with pure JavaScript regex engine, 4.3M+ package hallucination detection. For Claude Code, Cursor, Windsurf, Cline.

AI-Powered Security Vulnerability Hunter using Gemini 2.5 Flash

AI-powered feature scaffolding for Next.js. Vibe code safely.

Enterprise-grade CLI security scanner for detecting secrets and vulnerabilities in codebases

VEXLIT core analysis engine — AI-powered code security vulnerability scanner

Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.

AI agent security platform — scan, fix, monitor, and pentest MCP servers, Claude skills, Codex plugins, Cursor extensions, and 5 more platforms. 227 rules across 17 threat categories.

VibeCheck Ultimate CLI — Ship with confidence. 65+ commands merged from 4 codebases: kernel infrastructure, ISL verification, Reality Mode, Agent Firewall, MCP Server.

Security scanner for MCP (Model Context Protocol) servers. Detect vulnerabilities, secrets, injection risks, and misconfigurations before deployment.

AI security scanner for vibe-coded apps. Find vulnerabilities before attackers do.

Security vulnerability analysis microservice for GitHub repositories

Security scanner for AI agent skills — detect secrets, prompt injections, and dangerous code

GuardScan - Privacy-first AI Code Review CLI with comprehensive security scanning

DevSecureX CLI - Advanced security scanning tool for developers. Detect vulnerabilities across 20+ programming languages with comprehensive SAST, dependency analysis, secrets detection, and compliance reporting. Integrates seamlessly with CI/CD pipelines

MCP server for Checkmarx SAST scanning - enables Claude to read security findings

Security scanner with AST taint tracking — we're watching your back so you can let it rip

Lightweight MCP security scanner for AI coding agents. 400+ YAML rules, tool-poisoning detection, prompt injection scanning, package hallucination checks, auto-fix generation, and optional LLM deep audit. MIT licensed, fully offline-capable.

Security & Quality Guardrails - Adoption-first developer discipline. Block new issues, accept existing ones with baseline mode.

AI-powered code review — security (OWASP Top 10), code quality, standards enforcement, and custom rules. 6 providers (Ollama free/local, Gemini, Groq, DeepSeek, OpenAI, Anthropic). MCP server for Cursor, Windsurf, VS Code, Claude Desktop + CLI + Node API.

AI security scanner for developers — Scan for PII, secrets, prompt injection, and unsafe AI SDK usage.

Vibeguard for Replit - Security scanner with pre-configured Nix environment. All tools included.

Security scanner for AI-generated code. Catches what traditional scanners miss — hardcoded secrets, dangerous defaults, exposed keys, and more.

AI-powered security vulnerability scanner that runs locally via npm with zero infrastructure. Uses free HuggingFace models by default.

AI-powered security scanner for your codebase. Scan for vulnerabilities, get risk scores, auto-report on GitLab MRs.

AI-first security orchestration CLI: secrets, SAST, and SCA in one command

GuardLink — Security annotations for code. Threat modeling that lives in your codebase.

Graduated security gates for DevSecOps pipelines - A developer-centric approach to security enforcement with configurable severity thresholds and productivity analytics

Security scanner for Node.js projects checking for OWASP Top 10 risks

Risk Audit MCP server that scans projects for security issues (XSS, injections, etc.)

Advanced SAST security analysis with multi-tool integration and comprehensive compliance verification

Qryon - Ultra-fast code intelligence and security analyzer for polyglot projects

AI code vulnerability scanner — catches hallucinated packages, phantom APIs, and insecure patterns before you commit. Zero-config, offline, under 2 seconds.

DevSecOps MCP server integrating SAST, DAST, IAST, and SCA tools

Claude Code skill for Application Security Posture Management — runs Semgrep SAST and optional Shannon pentesting, generates ASPM_SCAN.md reports

DepSentry CLI (prebuilt binaries)

A lightweight, offline-first security scanner for npm projects.

Guardrail CLI - Enterprise security scanning with interactive menu, arrow navigation, and auto-installation

A command-line tool for cross-language dependency vulnerability scanning and analysis by x2y dev tools.

Official CLI for CyRook - Developer-first web & API security scanning platform

ProbeX Security Agent — 9 scan engines, one command. Local-first DevSecOps scanning with cloud upload.

Fast, beautiful CLI security scanner for React Native and Expo bundles. Detects API keys, secrets, and 60+ mobile security vulnerabilities.

Security scanner for AI-generated code - detects vulnerabilities in vibe-coded projects

Pluggable DevSecOps Security Scanner with 10+ scanners and multiple reporting channels

ClaudeScan Security Scanner CLI

Backstage plugin for ZeroPath security scanning integration

SAST + LLM Security Scanner that filters false positives and auto-fixes issues

An Obsidian security scanner for community plugins.

A security scanner with an attitude

deliver SAST results to gitlab merge request discussions

Static analysis CLI for C# codebases. Detects AI-generated code, hardcoded secrets, and quality issues.

Hybrid (AST + LLM) security scanner with multi-provider support for OpenAI, Anthropic, Google Gemini, and local Ollama

Multi-framework compliance orchestrator (OSS-license, OWASP ASVS, ISO 27001, SOC 2, GDPR) for repo and CI/CD.

BASILE CLI — multi-stack audit runner

Local-first security scanner. Finds secrets, misconfigs, and unsafe code patterns. Runs in CI. Free, MIT-licensed, no telemetry.

AI-powered security scanner CLI — scans codebases for OWASP Top 10 vulnerabilities using LLMs