10.12. 审计工具

10.12.1. 通用

  • Cobra

  • Semmle QL

  • Sourcetrail free and open-source cross-platform source explorer

  • trivy A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

  • fortify

  • joern Open-source code analysis platform for C/C++/Java/Binary/Javascript based on code property graphs

10.12.2. PHP

10.12.3. Python

10.12.4. Java

10.12.5. JavaScript

10.12.6. 供应链

  • Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components