Open Source Tools

Open Source Code Scanning

Static analysis only works when it reads your whole source tree, which is why routing it through a hosted scanner is an awkward trade - the most sensitive thing you own, including the secrets it's meant to catch, gets uploaded to a third party just to be told what's wrong with it. The open source scanners here run inside your own CI, so the source, findings, and any keys they surface never leave your pipeline, and you can tune the rules that decide what counts as a vulnerability rather than trust hidden defaults.

14 code scanning100% OSI-approved licensesUpdated June 2026
Showing 1-9 of 14
Cypress logo

Cypress

Automation Tools
50.1k

JavaScript testing framework for end-to-end and component testing in the browser

MITTypeScript
Trivy logo

Trivy

Code Scanning
36.4k

All-in-one security scanner for containers, code, and Kubernetes

Apache-2.0GoSelf-host
Selenium logo

Selenium

Automation Tools
34.2k

Browser automation framework and ecosystem built around the W3C WebDriver specification

Apache-2.0JavaSelf-host
Gitleaks logo

Gitleaks

Code Scanning
27.7k

Detect secrets in git repos, files, and piped input

MITGoSelf-host
TruffleHog logo

TruffleHog

Code Scanning
26.8k

Find, verify, and analyze leaked credentials

AGPL-3.0GoSelf-host
Semgrep logo

Semgrep

Code Scanning
15.5k

Fast static analysis with rules that look like the code itself

LGPL-2.1OCamlSelf-host
Grype logo

Grype

Code Scanning
12.4k

Vulnerability scanner for container images, filesystems, and SBOMs

Apache-2.0GoSelf-host
SonarQube logo

SonarQube

Code Scanning
10.7k

Self-hosted server for continuous code quality and security inspection

LGPL-3.0JavaSelf-host
OSV-Scanner logo

OSV-Scanner

Code Scanning
10.5k

Scans dependencies against the OSV vulnerability database

Apache-2.0GoSelf-host

Related categories

API Gateway12QR Code Generator3Automation Tools52IDE10Web Crawler15