User-friendly documentation for the SARIF file format.
-
Updated
Dec 15, 2023
#
sarif
Here are 250 public repositories matching this topic...
⚙️ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle
javascript kotlin python java go php typescript static-code-analysis dotnet static-analysis actions code-review code-quality sarif devsecops code-scanning azure-pipelines github-actions azure-extensions qodana
-
Updated
Apr 9, 2026 - JavaScript
Corax for Java: A general static analysis framework for java code checking.
java security security-audit static-code-analysis static-analysis code-analysis owasp vulnerability software-analysis program-analysis taint-analysis soot abstract-interpretation cwe sarif sast flowdroid
-
Updated
Dec 3, 2024 - Kotlin
Lint, format and auto-fix your Groovy / Jenkinsfile / Gradle files using command line
lint groovy gradle nextflow ci groovy-language linter codenarc jenkinsfile hacktoberfest sarif code-quality-analyzer sarif-report megalinter
-
Updated
Apr 17, 2026 - JavaScript
🔧 JetBrains Qodana’s official command line tool
javascript kotlin python java cli php typescript static-code-analysis ci code-review code-quality sarif devsecops code-scanning qodana sarif-report
-
Updated
Apr 17, 2026 - Go
A security scanner as fast as a linter, written in Rust.
rust cli security tree-sitter linter static-analysis pre-commit sarif vulnerability-scanner sast code-security semgrep opengrep
-
Updated
Apr 18, 2026 - Rust
Enterprise AI Red Team Platform | 企业级AI红队平台 | 132 MCP Tools | Pure Python Engines | SDK+CLI+MCP | Auto-Download sqlmap/nuclei/ffuf | Production C2 | LLM Enhanced | Docker Sandbox | SARIF CI/CD | 1980 Tests
python cli automation sdk mcp active-directory knowledge-graph penetration-testing mcts kerberos nuclei vulnerability-scanners red-team sarif security-tools c2 docker-sandbox lateral-movement ai-powered llm
-
Updated
Apr 9, 2026 - Python
AI Bill of Materials — discover every AI agent, model, and API in your infrastructure
-
Updated
Apr 13, 2026 - Python
Semantic SBOM/CBOM diff, quality scoring, and TUI analysis tool for CycloneDX/SPDX — covering component changes, dependency shifts, license conflicts, vulnerabilities, cryptographic inventory grading, and PQC compliance (CNSA 2.0, NIST IR 8547).
vex spdx appsec post-quantum-cryptography vulnerability-management sarif oss-compliance licence-management security-compliance sbom pqc cyclonedx software-supply-chain-security sbom-tool sbom-quality cbom cryptographic-inventory cyber-resilience-act
-
Updated
Apr 16, 2026 - Rust
Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
-
Updated
Sep 4, 2020 - Python
♿ Suite of open and standards-based tools for performing reliable accessibility conformance testing at scale
testing typescript accessibility a11y aria monorepo wcag json-ld earl data-processing customer-facing act sarif horizon2020
-
Updated
Apr 17, 2026 - HTML
Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.
nodejs npm security sarif devsecops vulnerability-scanner malware-detection credential-theft github-actions open-source-security supply-chain-security sarif-report package-security shai-hulud shai-hulud-detector shai-hulud-attack shai-hulud2-detector shai-hulud2 shai-hulud2-inspector sha1-hulud
-
Updated
Apr 18, 2026 - TypeScript
A React-based component for viewing SARIF files.
-
Updated
Nov 12, 2024 - TypeScript
Go library for SARIF - Static Analysis Results Interchange Format
-
Updated
Oct 22, 2025 - Go
🐚 GitHub Action for running ShellCheck differentially
shell bash docker linter shellcheck sarif sast github-action shellcheck-action differential-scans full-scans
-
Updated
Apr 17, 2026 - Shell
PHP static analysis for architecture & maintainability — 60+ metrics, complexity analysis, dependency graphs, git churn hotspots, and AI-ready MCP server. Alternative to PHPMetrics.
php metrics mcp architecture static-analysis code-analysis ast complexity developer-tools php-static-analysis code-quality quality-assurance technical-debt code-metrics sarif maintainability
-
Updated
Apr 10, 2026 - PHP
SARIF Explorer: A VSCode extension that helps you visualize and triage static analysis results
-
Updated
Apr 15, 2026 - TypeScript
Automated threat modeling toolkit — STRIDE + AI-specific threats in one command
security cybersecurity threat-modeling attack-trees sarif devsecops stride ai-security llm-security claude-code agentic-security
-
Updated
Apr 18, 2026 - Python
vexctl is a tool to attest VEX impact statements
-
Updated
Mar 27, 2023 - Go
Improve this page
Add a description, image, and links to the sarif topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the sarif topic, visit your repo's landing page and select "manage topics."