PyRank

Sarif Python Packages

Python packages with the GitHub topic sarif. Sorted by relevance, with stars and monthly downloads.
justinchuby
lintrunner-adapters

Adapters and tools for lintrunner

1.3M 6 6
duriantaco
ca9

Open source Python CVE reachability analysis for evidence-backed SCA triage. Turn Snyk, Dependabot, Trivy, pip-audit, and OSV alerts into fix, suppress, or investigate decisions.

69K 5 0
msaad00
agent-bom

Open security scanner for AI supply chain and infrastructure: agents, MCP, containers, cloud, GPU, and runtime with blast-radius analysis.

20K 20 7
trusera
ai-bom

AI Bill of Materials — discover every AI agent, model, and API in your infrastructure

18K 228 62
tmatens
compose-lint

Security-focused linter for Docker Compose files. Catches dangerous misconfigurations before they reach production. Grounded in OWASP and CIS Docker Benchmark.

9K 1 0
sattyamjjain
agent-audit-kit

Static scanner for MCP-connected AI agent pipelines — 200 rules across 11 categories, 12 compliance frameworks, OWASP Agentic 10/10 + MCP 10/10, GitHub Action, SARIF, 48h CVE-to-rule SLA.

8K 5 0
Metbcy
securescan

Security scanning without the SaaS tax. Multi-scanner orchestration, baseline diffing, SBOM + SARIF, signed everything — runs in your terminal, your CI, or a dashboard you own.

4K 0 0
ThreeMoonsLab
agents-shipgate

Static release-readiness gate for AI agent tool surfaces. CLI + GitHub Action. Scans MCP, OpenAPI, OpenAI Agents SDK, Anthropic, Google ADK, LangChain, CrewAI. Apache-2.0.

3K 2 0
lacausecrypto
mcp-wallfacer

Runtime fuzzing and invariant-testing harness for MCP servers.

2K 0 0
AvixoSec
codesight

Semantic security verification CLI for scanner alerts and AI-written code

1K 4 1
AliAmmar15
velonus

AI-native security copilot for Python developers. Scans for secrets, vulnerabilities, and dependency CVEs — then tells you how to fix them.

1K 32 2
FHPythonUtils
simplesecurity

Combine multiple popular python security tools and generate reports or output into different formats

893 11 1
AvixoSec
sarix

Code analysis CLI - code review, bugs, security, docs, refactoring. Multi-provider LLM, SARIF output, CI-ready.

722 4 1
duriantaco
red-widow

VSIX, IDE extension, and AI developer workflow security scanner.

646 1 0
Cope-Labs
selvo

Linux dependency blast-radius ranker — surfaces highest-value CVE patch opportunities

641 0 0
EliahKagan
pylint-sarif-unofficial

Pylint output as SARIF

562 0 0
aiexponenthq
litmus-screener

LitmusAI — Free CLI screener for EU AI Act Article 5 prohibited AI practices. 8 categories, Red/Amber/Clear verdicts, SARIF output. PyPI: litmus-screener. Apache 2.0.

550 0 0
Meru143
graveyard

Find dead code across Python, JS/TS, Go, and Rust with git-aware confidence scoring.

527 1 0
crabsatellite
dockerfile-doctor

Lint, analyze, and auto-fix Dockerfiles for best practices, security, and performance

462 0 0
momenbasel
vulnhawk

AI-powered SAST scanner that finds auth bypass, IDOR, and logic bugs Semgrep/CodeQL miss. Free GitHub Action. Supports Python, JS/TS, Go, PHP, Ruby.

446 55 6
dev-ugurkontel
surface-audit

Deterministic web security smoke tests for preview, staging, and pre-deploy URLs.

411 1 1
mkbhardwas12
pwned-deps

Drop your lockfile in, find out if you're pwned. Compromised-package scanner backed by OSV.dev.

340 64 64
georgealton
iam-sarif-report

Validate your IAM Policies and SCPs with AWS Policy Validator, and convert those results into SARIF documents for reporting.

338 6 1
Trusera
trusera-sdk

AI Bill of Materials — discover every AI agent, model, and API in your infrastructure

337 233 62