Code security testing tools
Cppcheck (static code analyzer)
Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.
gauntlt (attack framework for developers)
Gauntlt allows you to run different attacks on your code with the goal to build better software and withstand the biggest threats in existence.
gosec (Golang security checker)
code analysis, safe software development
Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. The scan is performed on the so-called abstract syntax tree (AST). Gosec checks for common flaws that may be part of the selected project.
graudit (static code analysis tool)
Analysis of source code helps to find programming flaws including those that can lead to software vulnerabilities. Graudit helps to uncover these by searching through the files and discover possible flaws. The tool supports languages like ASP, C, Perl, PHP, Python, and others.
Shellharden (linting tool for shell scripts)
Shellharden helps to detect flaws in shell scripts that may result in vulnerabilities. While being similar to Shellcheck, this tool can apply the suggested changes to a shell script.
WPSploit (scanner for WP themes and plugins)
WPSploit helps developers and penetration testers to perform a code audit of WordPress themes and plugins. The tool runs a static code analysis on the systems itself for possible security flaws.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.