PyPI Stats

Sarif Python Packages

Python packages with the GitHub topic sarif. Sorted by relevance, with stars and monthly downloads.
justinchuby
lintrunner-adapters

Adapters and tools for lintrunner

1.1M 6 6
msaad00
agent-bom

Open security scanner for AI supply chain and infrastructure: agents, MCP, containers, cloud, GPU, and runtime with blast-radius analysis.

22K 19 6
trusera
ai-bom

AI Bill of Materials — discover every AI agent, model, and API in your infrastructure

17K 212 57
tmatens
compose-lint

Security-focused linter for Docker Compose files. Catches dangerous misconfigurations before they reach production. Grounded in OWASP and CIS Docker Benchmark.

7K 1 0
sattyamjjain
agent-audit-kit

Security scanner for MCP-connected AI agent pipelines — 77 rules, 13 scanners, OWASP Agentic 10/10, GitHub Action, SARIF, compliance mapping

6K 5 0
Cope-Labs
selvo

Linux dependency blast-radius ranker — surfaces highest-value CVE patch opportunities

3K 0 0
Metbcy
securescan

Security scanning without the SaaS tax. Multi-scanner orchestration, baseline diffing, SBOM + SARIF, signed everything — runs in your terminal, your CI, or a dashboard you own.

3K 0 0
ThreeMoonsLab
agents-shipgate

Static release-readiness gate for AI agent tool surfaces. CLI + GitHub Action. Scans MCP, OpenAPI, OpenAI Agents SDK, Anthropic, Google ADK, LangChain, CrewAI. Apache-2.0.

3K 2 0
lacausecrypto
mcp-wallfacer

Runtime testing harness for MCP servers: fuzz tools, validate schemas, run YAML invariants and multi-step sequences, ship SARIF to CI. 17 embedded packs · stdio + HTTP · 5 install paths.

2K 0 0
AvixoSec
codesight

Code analysis CLI - code review, bugs, security, docs, refactoring. Multi-provider LLM, SARIF output, CI-ready.

1K 4 0
dev-ugurkontel
surface-audit

Deterministic security smoke tests for preview, staging, and pre-deploy web URLs.

1K 1 1
FHPythonUtils
simplesecurity

Combine multiple popular python security tools and generate reports or output into different formats

1K 11 1
momenbasel
vulnhawk

AI-powered code security scanner that finds vulnerabilities Semgrep and CodeQL miss

959 45 5
Meru143
graveyard

Find dead code across Python, JS/TS, Go, and Rust with git-aware confidence scoring.

950 1 0
EliahKagan
pylint-sarif-unofficial

Pylint output as SARIF

630 0 0
diplomat-ai
diplomat-agent

What can your AI agent do to the real world? Scan your code. See which tool calls have zero checks

565 7 2
crabsatellite
dockerfile-doctor

The only Dockerfile linter that fixes what it finds. 80 rules, 51 auto-fixers, SARIF output, zero dependencies. Pure Python.

459 0 0
georgealton
iam-sarif-report

No description available

450 6 1
Cope-Labs
selvo-client

Linux dependency risk scanner — distro-aware CVE prioritisation with blast-radius scoring

416 0 0
Trusera
trusera-sdk

AI Bill of Materials — discover every AI agent, model, and API in your infrastructure

416 214 59
Ap6pack
malwar

Malware detection engine for agentic skills (SKILL.md)

225 0 2
DevGreick
vulnhunter

Offline vulnerability scanner with AI triage — your dependencies have secrets, VulnHunter finds them.

176 0 0
KGT24k
mcp-config-guard

Zero-dependency MCP security linter — 54 OWASP-mapped checks, 56 malicious packages, 28 CVEs. pip install mcp-config-guard

96 2 0