审计工具
========================================

通用
----------------------------------------
- `Cobra <https://github.com/FeeiCN/cobra>`_
- `Semmle QL <https://github.com/Semmle/ql>`_
- `Sourcetrail <https://github.com/CoatiSoftware/Sourcetrail>`_ free and open-source cross-platform source explorer
- `trivy <https://github.com/knqyf263/trivy>`_ A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
- `fortify <http://www.fortify.net/>`_
- `joern <https://github.com/joernio/joern>`_ Open-source code analysis platform for C/C++/Java/Binary/Javascript based on code property graphs

PHP
----------------------------------------
- `RIPS <http://rips-scanner.sourceforge.net/>`_
- `prvd <https://github.com/fate0/prvd>`_
- `phpvulhunter <https://github.com/OneSourceCat/phpvulhunter>`_
- `chip <https://github.com/phith0n/chip>`_ a simple tool to detect potential security threat in php code

Python
----------------------------------------
- `pyvulhunter <https://github.com/shengqi158/pyvulhunter>`_
- `pyt <https://github.com/python-security/pyt>`_

Java
----------------------------------------
- `find sec bugs <https://github.com/find-sec-bugs/find-sec-bugs>`_
- `Gadget Inspector <https://github.com/JackOfMostTrades/gadgetinspector>`_  A byte code analyzer for finding deserialization gadget chains in Java applications

JavaScript
----------------------------------------
- `NodeJsScan <https://github.com/ajinabraham/NodeJsScan>`_

供应链
----------------------------------------
- `Dependency-Track <https://github.com/DependencyTrack/dependency-track>`_ is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components