Sarif Collection

◆

◆

◆

◆

📦Normal

★

“User-friendly documentation for the SARIF file format.”

◆

◆

◆

◆

⚡Electric

★

“⚙️ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle”

◆

◆

◆

◆

⚙️Steel

★

“A blazingly fast security scanner, written in Rust. Batteries included, TUI for triage, secrets, post-quantum audits, diff-aware scans and more 𓃥”

◆

◆

◆

◆

🔮Psychic

★

“AI Bill of Materials — discover every AI agent, model, and API in your infrastructure”

◆

◆

◆

◆

🐉Dragon

★

“Corax for Java: A general static analysis framework for java code checking.”

◆

◆

◆

◆

🔮Psychic

★

“Enterprise AI Red Team Platform | 企业级AI红队平台 | 132 MCP Tools | Pure Python Engines | SDK+CLI+MCP | Auto-Download sqlmap/nuclei/ffuf | Production C2 | LLM Enhanced | Docker Sandbox | SARIF CI/CD | 1980 Tests”

◆

◆

◆

◆

⚡Electric

★

“Lint, format and auto-fix your Groovy / Jenkinsfile / Gradle files using command line”

◆

◆

◆

◆

🌊Water

★

“🔧 JetBrains Qodana’s official command line tool”

◆

◆

◆

◆

⚙️Steel

★

“Semantic SBOM/CBOM diff, quality scoring, and TUI analysis tool for CycloneDX/SPDX — covering component changes, dependency shifts, license conflicts, vulnerabilities, cryptographic inventory grading, and PQC compliance (CNSA 2.0, NIST IR 8547).”

◆

◆

◆

◆

🔮Psychic

★

“AI-native code security auditor on AgentField that proves exploitability with verdicts, traces, and actionable evidence.”

◆

◆

◆

◆

🔮Psychic

★

“Lockfile-first scanner for compromised npm/PyPI/Maven/Cargo/Go/RubyGems packages — OSV + curated extras feed, SLSA L3, locked-container CI”

◆

◆

◆

◆

🔮Psychic

★

“Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!”

◆

◆

◆

◆

💎Aqua

★

“Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.”

◆

◆

◆

◆

⚙️Steel

★

“A group of Rust projects for interacting with the SARIF format”

◆

◆

◆

◆

🔥Flame

★

“:wheelchair: Suite of open and standards-based tools for performing reliable accessibility conformance testing at scale”

◆

◆

◆

◆

🔮Psychic

★

“ImpactGuard — Lightweight multi-language API impact analyzer”

◆

◆

◆

◆

💎Aqua

★

“ A React-based component for viewing SARIF files.”

◆

◆

◆

◆

🔮Psychic

★

“The deterministic merge gate for AI-generated agent capability changes — a local-first, static Tool-Use Readiness review for MCP, OpenAPI, and SDK tool surfaces. Open-source CLI + GitHub Action.”