find-sec-bugs
Security auditor
A plugin for static analysis of Java web applications and Android applications to identify potential security vulnerabilities.
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
2k stars
89 watching
475 forks
Language: Java
last commit: 12 months ago
Linked from 3 awesome lists
bytecodecode-analysiscwefindbugshacktoberfestjavaowaspsecuritysecurity-auditstatic-analysistaint-analysis
vaib25vicky/awesome-mobile-security
jakobthedev/awesome-devsecops
guardrailsio/awesome-java-securityRelated projects:
| Repository | Description | Stars |
|---|---|---|
 spotbugs/spotbugs | An open-source tool for identifying potential bugs in Java code during development and analysis. | 3,533 |
 semgrep/semgrep | A tool for detecting bugs and enforcing coding standards in source code across multiple programming languages. | 10,803 |
 secdec/attack-surface-detector-burp | Identifies web app endpoints and parameters to help detect vulnerabilities | 98 |
 jenkinsci/warnings-ng-plugin | Automatically detects and reports coding issues in source code | 341 |
 yelp/detect-secrets | An enterprise-friendly tool for identifying and preventing sensitive data in code repositories. | 3,860 |
 wogscpar/szzunleashed | An implementation of an algorithm to identify bug-introducing commits in software projects | 111 |
 edoverflow/bugbounty-cheatsheet | A comprehensive resource for bug bounty hunters and security professionals. | 5,986 |
 ngalongc/bug-bounty-reference | A curated list of publicly disclosed bug bounty write-ups organized by vulnerability type | 3,770 |
 google/oss-fuzz | An automated testing framework that uses random data to find errors in software | 10,671 |
 insidersec/insider | A tool that analyzes source code to identify security vulnerabilities and provides reporting on compliance with the OWASP Top 10 | 519 |
 zupit/horusec | Identifies security flaws in software projects through static code analysis | 1,154 |
 secrary/findloop | Automates identification of frequently executed code blocks in executables using DynamoRIO to generate breakpoints for analysis | 26 |
 sonatype-nexus-community/auditjs | Tools to scan npm packages for known vulnerabilities and outdated dependencies. | 223 |
 boostsecurityio/poutine | Detects misconfigurations and vulnerabilities in software supply chains during build pipelines. | 239 |
 jorijn/laravel-security-checker | Automates vulnerability detection and reporting in Laravel applications | 199 |