PyRank
  • Insights
  • PyPI
  • GitHub
  • Search
  • Compare
  • Advisories
  • Ecosystem
  • About

Sarif Python Packages

Python packages with the GitHub topic sarif. Sorted by relevance, with stars and monthly downloads.
justinchuby
lintrunner-adapters

Adapters and tools for lintrunner

1.2M 6 6
duriantaco
ca9

CA9 is a local evidence engine for Python AppSec triage. It sits after scanners and before engineers waste time, proving which findings matter.

60K 5 0
BambooGap
skills-orchestrator

Open-source SkillOps / instruction-supply-chain control plane for AI-agent teams: policy packs, registry diff, evidence bundles, SARIF/SBOM, adapters, and MCP runtime.

39K 4 1
tmatens
compose-lint

Security-focused linter for Docker Compose files. Catches dangerous misconfigurations before they reach production. Grounded in OWASP and CIS Docker Benchmark.

29K 2 0
trusera
ai-bom

AI Bill of Materials — discover every AI agent, model, and API in your infrastructure

27K 276 75
pezhik
skilltotal

Scan AI components (MCP servers, agent skills, npm/PyPI packages) for malware & risky capabilities. Local, deterministic, evidence-anchored. Free & OSS.

16K 1 0
msaad00
agent-bom

AI supply-chain & cloud security scanner and self-hosted control plane — agents, MCP, packages, cloud estate, non-human identities, and LLM cost. SBOM/SARIF, graph attack-paths, runtime enforcement, and compliance evidence.

13K 25 7
cpeoples
ansible-security-scanner

🛡️ Static security scanner (SAST) for Ansible playbooks, roles, and collections. 1,000+ rules across 30+ categories detecting malicious code, RCE, hardcoded credentials, and supply-chain risk. Outputs SARIF, CycloneDX SBOM, and GitLab SAST. SLSA Build Level 3, Sigstore-signed.

8K 7 0
NonniGB
godot-mobile-ui-doctor

Godot CI and release evidence tools for maintainers.

6K 2 0
NonniGB
godot-release-dashboard-kit

Godot CI and release evidence tools for maintainers.

6K 2 0
NonniGB
godot-export-preset-doctor

Godot CI and release evidence tools for maintainers.

5K 2 0
raccioly
docguard-cli

The enforcement tool for Canonical-Driven Development (CDD). Audit, generate, and guard your project documentation. Zero dependencies.

5K 19 0
NonniGB
godot-scenario-report-kit

Godot CI and release evidence tools for maintainers.

5K 2 0
mattybellx
ansede-static

Offline SAST that detects IDOR, missing authentication, and ownership bypass. OWASP recall 62%, CVE recall 96.3% across 5 languages. Beats Semgrep OSS on recall.

5K 9 0
NonniGB
godot-asset-pipeline-doctor

Godot CI and release evidence tools for maintainers.

5K 2 0
Dennis-J-Carroll
glassport

Wire-level observability and enforcement for MCP servers: passive stdio tap, behavioral detectors, drift watch, and static audit — with SARIF for the GitHub Security tab. Zero dependencies, Python 3.10+.

4K 0 0
daedalus
impactguard

ImpactGuard — Lightweight multi-language API impact analyzer

3K 111 19
apisec-inc
apisec-ai-surface

Find and govern AI attack surfaces in application code at PR time. Free, OSS, runs offline.

3K 44 8
NonniGB
godot-mobile-perf-doctor

Godot CI and release evidence tools for maintainers.

3K 2 0
sattyamjjain
agent-audit-kit

Static scanner for MCP-connected AI agent pipelines — 225 rules across 11 categories, 12 compliance frameworks, OWASP Agentic 10/10 + MCP 10/10, GitHub Action, SARIF, public CVE-to-rule ledger.

3K 9 0
m0rvayne
redteam-mcp

Active red-teaming for MCP servers. Source analysis + live exploitation + auto-fix. Claude Code plugin.

3K 2 0
NonniGB
godot-runtime-telemetry-lab

Godot CI and release evidence tools for maintainers.

3K 2 0
NonniGB
godot-pack-mod-doctor

Godot CI and release evidence tools for maintainers.

3K 2 0
NonniGB
godot-save-schema-guard

Godot CI and release evidence tools for maintainers.

3K 2 0
    • Data from PyPI, GitHub, ClickHouse, and BigQuery