gauntlt alternatives

Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. The scan is performed on the so-called abstract syntax tree (AST). Gosec checks for common flaws that may be part of the selected project.

Analysis of source code helps to find programming flaws including those that can lead to software vulnerabilities. Graudit helps to uncover these by searching through the files and discover possible flaws. The tool supports languages like ASP, C, Perl, PHP, Python, and others.

This tools allows you to store your secrets (such as keys or passwords) in the same repository as your code.

You would most likely use git-secrets in development teams or as an individual developer. The primary goal is to prevent accidentally submitting authentication details or otherwise sensitive information to your software repositories.

Shellharden helps to detect flaws in shell scripts that may result in vulnerabilities. While being similar to Shellcheck, this tool can apply the suggested changes to a shell script.

Yosai is a security framework for Python applications and adds authentication, authorization, and session management capabilities. Features include Role-Based Access Control (RBAC), two-factor authentication, and Time-based One-Time Passwords (TOTP). Besides a focus on the authentication and authorization, Yosai enables an audit trail of all relevant events.

As each framework comes with some overhead, Yosai aims to leverage caching and serialization where possible.

Bandit is a tool that can be used during development or afterward. Typically this is used by developers to find common security issues in Python code before putting the code in production. Another use-case would be to use this tool to analyze existing projects and find possible flaws.