PyRank
  • Insights
  • PyPI
  • GitHub
  • Search
  • Compare
  • Advisories
  • Ecosystem
  • About

Sast Python Packages

Python packages with the GitHub topic sast. Sorted by relevance, with stars and monthly downloads.
semgrep
semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

36.8M 16K 988
ajinabraham
libsast

Generic SAST Library

357K 138 22
ajinabraham
njsscan

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

157K 435 106
MobSF
mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

133K 766 121
duriantaco
skylos

Open source local-first PR scanner that finds dead code, security bugs, secrets, quality regressions, and AI-code mistakes before merge. For first timers refer to https://duriantaco.github.io/skylos/repo-map/

131K 464 23
cycodehq
cycode

Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning

130K 98 64
Pantheon-Security
medusa-security

AI-first security scanner. NEW in v2026.7: Claude Code compromise detection β€” vet .claude/ hooks, permissions & skills before you clone β€” plus an always-on AI attack-signature scanner and native Rust & PHP rules. Also: medusa scan --git to vet any repo, medusa secrets scan for leaked API keys. 40,000+ patterns, zero setup.

8K 893 150
cpeoples
ansible-security-scanner

πŸ›‘οΈ Static security scanner (SAST) for Ansible playbooks, roles, and collections. 1,000+ rules across 30+ categories detecting malicious code, RCE, hardcoded credentials, and supply-chain risk. Outputs SARIF, CycloneDX SBOM, and GitLab SAST. SLSA Build Level 3, Sigstore-signed.

8K 7 0
dmartinochoa
pipeline-check

CI/CD Security Posture Scanner

6K 7 1
Moonsehwan
aina-scan

Enterprise SAST β€” Python/Java/C/C++/TypeScript/C#/Go/Rust β€” tree-sitter AST, 7-language support, interprocedural taint (3-hop BFS), AINA L3 causal chains, i18n (en/ko), 6-report output

5K 2 0
mattybellx
ansede-static

Offline SAST that detects IDOR, missing authentication, and ownership bypass. OWASP recall 62%, CVE recall 96.3% across 5 languages. Beats Semgrep OSS on recall.

5K 9 0
Hookwarden
hookwarden

Find every webhook-verification bug in your codebase in under five minutes. Three-state verdicts across 21 providers in JS/TS, Python, PHP, and Go. Zero off-machine traffic.

4K 1 0
getarcis
arcis

Inside-the-app security middleware for Node.js, Python, and Go. 20+ attack vectors. One install, three languages, MIT.

4K 6 2
huntridge-labs
argus-security

Argus brings β€œa hundred eyes” to your project, combining leading open source security tools into a scalable, automated, continuous security pipeline.

4K 29 4
daedalus
impactguard

ImpactGuard β€” Lightweight multi-language API impact analyzer

3K 111 19
shivasurya
codepathfinder

Static Code Analysis for security teams with Inter file taint analysis. Built for finding vulnerabilities, advanced structural search, derive insights and supports MCP

3K 138 16
m0rvayne
redteam-mcp

Active red-teaming for MCP servers. Source analysis + live exploitation + auto-fix. Claude Code plugin.

3K 2 0
nocomplexity
codeaudit

Codeaudit - Modern Python source code security analyzer based on distrust.

2K 43 1
openhackai
openhack

Open Source Agentic Security Scanner

2K 175 18
m14r41
scan4secrets

Find credentials and secret with 170+ rules covering across source code, Web URL, and CI/CD, verifies them against vendor APIs, and generates SARIF, JSONL, HTML, PDF, or Excel reports.

2K 113 33
securesauce
precli

Precaution CLI - command line static application security testing tool

2K 27 3
CopperSunDev
brasscoders

The bug scanner for AI coders. Local-first, deterministic CLI that catches the bugs your AI coding assistant misses. 12 scanners in one tool. Apache 2.0.

2K 1 0
accurics
terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

2K 5K 553
HrushiYadav
ragsec

Static security scanner for RAG pipelines. Detects injection, secret logging, auth gaps, SSRF, and more in Python codebases.

2K 0 0
    • Data from PyPI, GitHub, ClickHouse, and BigQuery