PyPI Stats

Search Packages

Find Python packages by name, description, GitHub topic, or filter by metrics
semgrep
semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

43M 15K 922
ajinabraham
libsast

Generic SAST Library

322K 136 22
MobSF
mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

146K 754 121
duriantaco
skylos

Open-source PR gate for Python, TS/JS, Java, and Go. Stop merging dead code, secrets, security flows, and AI-code regressions.

135K 428 19
ajinabraham
njsscan

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

132K 425 103
cycodehq
cycode

Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning

128K 98 62
Pantheon-Security
medusa-security

AI-first security scanner with 76 analyzers, 9,600+ detection rules, and repo poisoning detection for AI/ML, LLM agents, and MCP servers. Scan any GitHub repo with: medusa scan --git user/repo

8K 259 41
Peternasarah
permi

AI-powered vulnerability scanner for Nigerian developers and global SMBs

4K 5 1
shivasurya
codepathfinder

Static Code Analysis for security teams with Inter file taint analysis. Built for finding vulnerabilities, advanced structural search, derive insights and supports MCP

4K 128 15
lumen-argus
crossfire-rules

Regex rule overlap analyzer for DLP, secret scanning, SAST, and IDS tools

4K 0 0
nocomplexity
codeaudit

Codeaudit - Modern Python source code security analyzer based on distrust.

3K 37 1
Metbcy
securescan

Security scanning without the SaaS tax. Multi-scanner orchestration, baseline diffing, SBOM + SARIF, signed everything — runs in your terminal, your CI, or a dashboard you own.

3K 0 0
securesauce
precli

Precaution CLI - command line static application security testing tool

3K 27 3
KadirHarmanc
nazar

🧿 Autonomous Security & Quality Scanner - Zero-config, framework-aware, 197+ automated checks

2K 0 0
FiniteStateInc
finite-state-sdk

Python SDK for the Finite State Platform API

1K 4 1
accurics
terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

1K 5K 552
r0hi7
dockerent

The only open-source tool to analyze vulnerabilities and configuration issues with running docker container(s) and docker networks.

1K 126 15
AppThreat
joern-lib

Python library for code analysis with CPG and Joern

1K 25 1
momenbasel
vulnhawk

AI-powered code security scanner that finds vulnerabilities Semgrep and CodeQL miss

917 45 5
Neelagiri65
authdrift

Find OAuth handlers that will break when users rename their Gmail.

645 0 1
latiotech
latio

Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini

630 175 20
GaboITB
mcp-shield-audit

Security audit framework for MCP (Model Context Protocol) servers

550 2 0
georgealton
iam-sarif-report

No description available

445 6 1
chuckorde
veracode-python

Python wrapper for the Veracode XML APIs

302 12 5