Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

An easy-to-learn/use static analysis framework for Java

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

一款轻量级匹配Sink点的代码审计扫描器，为了帮助红队过程中快速代码审计的小工具

"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompile, custom rule, and is compatible with …

java代码审计学习笔记

Java web common vulnerabilities and security code which is base on springboot and spring security

JAVA安全SDK及编码规范

Jar Analyzer - 一个JAR包分析工具，批量分析，SCA漏洞分析，方法调用关系搜索，字符串搜索，Spring组件分析，信息泄露检查，CFG程序分析，JVM栈帧分析，进阶表达式搜索，字节码指令级的动态调试分析，反编译JAR包一键导出，一键提取序列化数据恶意代码，一键分析BCEL字节码

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security