Skip to main content
Topic: Automated Dependancy and Code Scanning Tools (Read 181 times) previous topic - next topic

Automated Dependancy and Code Scanning Tools

Snyk
https://snyk.io/

Open source, free - paid
Integrates into IDEs, GitLab, GitHub, BitBucket, CI/CD and more.

Supported languages:
  • JavaScript
  • jQuery
  • Java Maven
  • Java Gradle
  • Python
  • Ruby
  • Go
  • PHP
  • .NET
  • Elixir
  • Scala
  • Swift and Objective-C



GuardRails
https://guardrails.io/

Closed source, free - paid

Supported languages:
  • Apex
  • C
  • C++
  • [Paid] .NET
  • Elixir
  • Golang
  • [Paid] Java
  • JavaScript
  • Mobile
  • PHP
  • Python
  • Ruby
  • Rust
  • Solidity
  • TypeScript



WhiteSource Renovate
https://www.whitesourcesoftware.com/free-developer-tools/renovate

Open source
Officially integrates into GitHub only.

Supported languages:
  • NodeJS
  • JavaScript
  • C#
  • Java
  • C++
  • .NET
  • Ruby
  • Python



DependaBot
https://dependabot.com/

Closed source, owned by Github
Only updates dependencies.

Supported languages:
  • Ruby
  • JavaScript
  • Python
  • PHP
  • Elixir
  • Rust
  • Java Maven (Beta)
  • Java Gradle (Beta)
  • .NET (Beta)
  • Go (Beta)
  • Elm


 

Re: Automated Dependancy and Code Scanning Tools

Reply #1
SepGrep
https://semgrep.dev

Open source
Integrate into GitHub, GitLab, Bitbucket, CircleCI, VSCode + more

Supported languages:
  • Go
  • Java
  • JavaScirpt
  • JSON
  • Python
  • Ruby
  • Typescript
  • JSX
  • TSX
  • OCaml (Beta)
  • PHP (Beta)
  • C (Beta)
  • YAML (Beta)
  • Generic (ERB, Jinja, etc.) (Beta)