Combine all available linters to automatically validate your sources without configuration

mobsfscan is a SAST that can find insecure code patterns in your Android and iOS source code

Scan your project for AI agent security risks. Detects secrets, misconfigurations, and generates a tailored security config

Execute Flawfinder to scan source code for vulnerabilities

Scan project dependencies for restrictive and incompatible licenses

checks if your Node.js installation is vulnerable to known security vulnerabilities

Scan your projects with Qodana on GitHub. Docs: https://jb.gg/qodana-github-action

Run security analyzers

Security scanning with Code Pathfinder - open source, type-aware SAST with cross-file dataflow analysis

Runs Semgrep with all rules from semgrep-rules-manager

Run rules in a GitHub repository

Secure your AI supply chain. Scans Models, Notebooks, and RAG documents for malware, secrets, and PII

Check for vulnerabilities in your container image

An AI Supply Chain security tool that that detects Pickle bombs and generates CycloneDX SBOMs for ML models

Add flair to your infrastructure repositories with Terrafetch

Scalable and interprocedural C# code analyzer for detecting race condition, null pointer derefs and resource leaks

GitHub Action for performing differential scans using ShellCheck linter

Scans your code for violations using Salesforce Code Analyzer, uploads results as an artifact, and creates a job summary

Run tfsec against terraform code base and upload the sarif output to the github repo

Runs tfsec and outputs any failures