Code security testing tools
Tools
Popular code security testing tools
Cppcheck (static code analyzer)
code analysis
Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.
Shellharden (linting tool for shell scripts)
code analysis
Shellharden helps to detect flaws in shell scripts that may result in vulnerabilities. While being similar to Shellcheck, this tool can apply the suggested changes to a shell script.
WPSploit (scanner for WP themes and plugins)
code analysis
WPSploit helps developers and penetration testers to perform a code audit of WordPress themes and plugins. The tool runs a static code analysis on the systems itself for possible security flaws.
gauntlt (attack framework for developers)
code analysis
Gauntlt allows you to run different attacks on your code with the goal to build better software and withstand the biggest threats in existence.
gosec (Golang security checker)
code analysis, safe software development
Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. The scan is performed on the so-called abstract syntax tree (AST). Gosec checks for common flaws that may be part of the selected project.
graudit (static code analysis tool)
code analysis
Analysis of source code helps to find programming flaws including those that can lead to software vulnerabilities. Graudit helps to uncover these by searching through the files and discover possible flaws. The tool supports languages like ASP, C, Perl, PHP, Python, and others.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.