PyPI Stats

Sast Python Packages

Python packages with the GitHub topic sast. Sorted by relevance, with stars and monthly downloads.
semgrep
semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

43.3M 15K 922
ajinabraham
libsast

Generic SAST Library

332K 136 22
MobSF
mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

154K 754 121
ajinabraham
njsscan

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

134K 425 103
cycodehq
cycode

Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning

130K 98 62
duriantaco
skylos

Open-source PR gate for Python, TS/JS, Java, and Go. Stop merging dead code, secrets, security flows, and AI-code regressions.

123K 428 19
Pantheon-Security
medusa-security

AI-first security scanner with 76 analyzers, 9,600+ detection rules, and repo poisoning detection for AI/ML, LLM agents, and MCP servers. Scan any GitHub repo with: medusa scan --git user/repo

8K 259 41
Peternasarah
permi

AI-powered vulnerability scanner for Nigerian developers and global SMBs

5K 5 1
shivasurya
codepathfinder

Static Code Analysis for security teams with Inter file taint analysis. Built for finding vulnerabilities, advanced structural search, derive insights and supports MCP

4K 128 15
lumen-argus
crossfire-rules

Regex rule overlap analyzer for DLP, secret scanning, SAST, and IDS tools

4K 0 0
nocomplexity
codeaudit

Codeaudit - Modern Python source code security analyzer based on distrust.

3K 37 1
Metbcy
securescan

Security scanning without the SaaS tax. Multi-scanner orchestration, baseline diffing, SBOM + SARIF, signed everything — runs in your terminal, your CI, or a dashboard you own.

3K 0 0
securesauce
precli

Precaution CLI - command line static application security testing tool

3K 27 3
KadirHarmanc
nazar

🧿 Autonomous Security & Quality Scanner - Zero-config, framework-aware, 197+ automated checks

2K 0 0
accurics
terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

1K 5K 552
FiniteStateInc
finite-state-sdk

Python SDK for the Finite State Platform API

1K 4 1
r0hi7
dockerent

The only open-source tool to analyze vulnerabilities and configuration issues with running docker container(s) and docker networks.

1K 126 15
momenbasel
vulnhawk

AI-powered code security scanner that finds vulnerabilities Semgrep and CodeQL miss

959 45 5
AppThreat
joern-lib

Python library for code analysis with CPG and Joern

952 25 1
Neelagiri65
authdrift

Find OAuth handlers that will break when users rename their Gmail.

669 0 1
latiotech
latio

Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini

605 175 20
georgealton
iam-sarif-report

No description available

450 6 1
GaboITB
mcp-shield-audit

Security audit framework for MCP (Model Context Protocol) servers

429 2 0
chuckorde
veracode-python

Python wrapper for the Veracode XML APIs

324 12 5