PyRank

Sast Python Packages

Python packages with the GitHub topic sast. Sorted by relevance, with stars and monthly downloads.
semgrep
semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

40.2M 15K 936
ajinabraham
libsast

Generic SAST Library

352K 136 22
MobSF
mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

161K 754 121
ajinabraham
njsscan

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

150K 426 103
cycodehq
cycode

Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning

134K 98 64
duriantaco
skylos

Open-source PR gate for Python, TS/JS, Java, and Go. Stop merging dead code, secrets, security flows, and AI-code regressions.

88K 437 20
Pantheon-Security
medusa-security

AI-first security scanner with 76 analyzers, 9,600+ detection rules, and repo poisoning detection for AI/ML, LLM agents, and MCP servers. Scan any GitHub repo with: medusa scan --git user/repo

6K 489 85
salecharohit
semhound

Scan every repository across your GitHub organisations using Semgrep rules, with optional AI triage (Claude · Gemini · GPT · Bedrock)

5K 7 1
Peternasarah
permi

AI-powered vulnerability scanner for Nigerian developers and global SMBs

5K 5 1
shivasurya
codepathfinder

Static Code Analysis for security teams with Inter file taint analysis. Built for finding vulnerabilities, advanced structural search, derive insights and supports MCP

4K 130 16
Metbcy
securescan

Security scanning without the SaaS tax. Multi-scanner orchestration, baseline diffing, SBOM + SARIF, signed everything — runs in your terminal, your CI, or a dashboard you own.

4K 0 0
mattybellx
ansede-static

Ansede Static: Next-Gen SAST Engine — Fast, Offline, Security for Modern Codebases Detect critical security vulnerabilities and code quality issues in Python, JavaScript, and TypeScript projects with a single command. No dependencies, no cloud, no setup—just download, unzip, and scan any folder instantly.

3K 4 0
GagancM
arcis

Inside-the-app security middleware for Node.js, Python, and Go. 20+ attack vectors. One install, three languages, MIT.

3K 5 1
nocomplexity
codeaudit

Codeaudit - Modern Python source code security analyzer based on distrust.

3K 40 1
lumen-argus
crossfire-rules

Regex rule overlap analyzer for DLP, secret scanning, SAST, and IDS tools

2K 0 0
accurics
terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

2K 5K 551
securesauce
precli

Precaution CLI - command line static application security testing tool

1K 27 3
Threads-Beams
alnur

ALNUR — Open-source end-to-end security vulnerability scanner. Detects CVEs, hardcoded secrets, architecture flaws, and port risks across Node.js, Python, PHP, Go, Rust, Java, .NET, Ruby and more

1K 3 0
r0hi7
dockerent

A tool to analyse issues with running docker container(s)

1K 126 15
FiniteStateInc
finite-state-sdk

Python SDK for the Finite State Platform API

1K 4 1
KadirHarmanc
nazar

Autonomous testing tool - scans your project, understands architecture, plans and runs tests

1K 0 0
AliAmmar15
velonus

AI-native security copilot for Python developers. Scans for secrets, vulnerabilities, and dependency CVEs — then tells you how to fix them.

1K 32 2
srinivasan-sundaresan95
orihime

Cross-repo code knowledge graph for Java/Kotlin/JS/TS — MCP server, taint analysis, call graph, OWASP reports. 95% fewer tokens than source-reading.

689 0 0
AppThreat
joern-lib

Python library for code analysis with CPG and Joern

522 25 1