Also strong
Static analysis engine matching AST patterns—rules for OWASP classes, secrets, and custom policies.
sastdevsecopsstatic-analysisowasp
Browse & filter
Filter by platform, license text, maturity, maintenance cadence, and editorial tags like privacy-focused or self-hosted. Search matches names, summaries, tags, and use cases.
10 tools match your filters
Top pick
All-in-one scanner for container images, IaC, Kubernetes manifests, SBOMs, and VM OS packages with CI integrations.
devsecopscontainersiacvulnerabilityscanner
Also strong
Application vulnerability management: ingest findings from scanners, dedupe, risk scoring, metrics, and Jira/CI hooks.
appsecvulnerability-managementdevsecopsself-hosted
Top pick
Static analysis for Terraform, CloudFormation, Kubernetes, Docker, and more—hundreds of built-in policy checks.
iacterraformpolicydevsecopsci
Also strong
IaC scanner detecting security issues across Terraform, Kubernetes, Helm, Docker, and cloud APIs via OPA/Rego policies.
iacregopolicykubernetesdevsecops
Top pick
Kubernetes-native policy engine using YAML (no Rego) for validate, mutate, generate, and image verification rules.
kubernetespolicyadmissioncncfdevsecops
Also strong
Google tool to find known vulnerabilities in open source dependencies from lockfiles, SBOMs, or directories using the OSV database.
scadependenciescvedevsecopssbom
Top pick
Kubernetes security scanner for misconfigurations, RBAC, compliance frameworks (NSA/CIS), and image vulnerabilities.
kubernetescompliancedevsecopsscannercncf
Honorable mention
CLI to audit Kubernetes manifests and clusters for security misconfigurations (capabilities, read-only root, privileged, etc.).
kubernetesmanifestsdevsecopsaudit
Top pick
Secret scanner for git history, CI, and filesystems with verified credential checks against live APIs where safe.
secretsgitdevsecopsscannercredentials