Prevent merging of malicious code in pull requests

Focused malicious code detection ruleset, with a high protection-to-noise ratio

AISecOps (AI Security Operations) framework for deterministic verification of AI systems. QWED verifies LLM outputs using math, logic, and symbolic execution — creating an auditable trust boundary for agentic AI systems. Not generation. Verification.

OpenVul: An Open-Source Post-Training Framework for LLM-Based Vulnerability Detection

AI code generation and improvement

Codeaudit - Modern Python source code security analyzer based on distrust.

Contexi let you interact with entire codebase or data with context using a local LLM on your system.

Automatically monitors GitHub for code similarities and potential plagiarism using GitHub API. Includes Slack & Email alerts and an AI-based scanning skeleton for advanced code similarity detection.

GoBfuscator is a professional-grade obfuscation tool specifically designed for Go (Golang) source code. It provides multiple layers of protection to make reverse engineering difficult while maintaining 100% runtime functionality.

PyGitGuard is a Git security scanner designed to prevent accidental commits of sensitive data by scanning for:

SAST Scanner Modified - Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!

AI-powered SAST scanner that finds auth bypass, IDOR, and logic bugs Semgrep/CodeQL miss. Free GitHub Action. Supports Python, JS/TS, Go, PHP, Ruby.

Universal security scanning skill for AI agents - finds hardcoded secrets, API keys, and vulnerabilities in any codebase. 44 patterns validated against GitLeaks, OWASP Top 10 mapping, Markdown/SARIF/JSON reports. Works across Claude Code, Cursor, Windsurf, and any agentic platform.

Scan code for invisible bidirectional Unicode characters (Trojan Source attack prevention, CVE-2021-42574)

Calculate context-aware confidence scores for security findings. Prioritize vulnerabilities based on actual exploitability in your codebase.

Static Python code vulnerability scanner powered by LLMs.

A Python-based AI agent for detecting insecure code patterns in Python projects and providing context-based remediation suggestions.

Triagem automatizada de vulnerabilidades SAST integrada ao GitHub via API, com uso de LLM local (DeepSeek-R1 & Ollama)

Multi-agent AI security pipeline for GitHub Action. AI agents that think like AppSec engineers, backed by a deterministic gate that no prompt injection can bypass.

Lightweight, DevSecOps-friendly secret scanner with SARIF & Pre-commit support. Detects API keys, tokens, and passwords with entropy analysis.