Port scanning and network discovery utility written in C, identifies open services and OS fingerprinting on IP networks.

Vulnerability scanner for container images, filesystems, Git repos, and Kubernetes in Go.

Go CLI tool that scans Git repositories for accidentally committed secrets and sensitive credentials.

Apache SkyWalking license compliance checker: verifies and fixes license headers in source files and resolves dependency licenses.

Static analysis tool written in OCaml that detects bugs and security issues via pattern matching rules.

Command-line code analyzer for SonarQube that runs static analysis in CI/CD pipelines and local projects.

Find security issues and misconfigurations in GitHub Actions workflows.

Python static analyzer for cloud infrastructure-as-code security misconfigurations.

Python CLI for scanning repositories with SAST, SCA, secrets detection, and IaC misconfiguration checks.

Scan files and git repos for leaked credentials, API keys, and secrets using pattern matching and verification.

Decompile Android APK/DEX files to Java source code via command-line or GUI.

Go CLI tool that generates Software Bill of Materials (SBOM) from container images and filesystems.

Go command-line vulnerability scanner for container images and filesystems with CVE detection.

Go command-line tool that scans project dependencies against the OpenSource Vulnerabilities (OSV) database for known security flaws.

Reverse engineering framework and disassembler for analyzing binaries across architectures.

Static analyzer for C and C++ code that detects memory leaks, buffer overruns, and other defects.

Static analysis security scanner for Terraform code, written in Go.

Python command-line tool for detecting and exploiting SQL injection vulnerabilities in web applications and databases.

Go-based vulnerability scanner using YAML templates for HTTP/DNS security testing.