10.12. Audit Tools

10.12.1. General

• Cobra

• Semmle QL

• Sourcetrail free and open-source cross-platform source explorer

• trivy A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

• fortify

• joern Open-source code analysis platform for C/C++/Java/Binary/Javascript based on code property graphs

10.12.2. PHP

• RIPS

• prvd

• phpvulhunter

• chip a simple tool to detect potential security threat in php code

10.12.3. Python

• pyvulhunter

• pyt

10.12.4. Java

• find sec bugs

• Gadget Inspector A byte code analyzer for finding deserialization gadget chains in Java applications

10.12.5. JavaScript

• NodeJsScan

10.12.6. Supply Chain

• Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components