Question

10.12. 审计工具

10.12.1. 通用

• Cobra
• Semmle QL
• Sourcetrail free and open-source cross-platform source explorer
• trivy A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
• fortify
• joern Open-source code analysis platform for C/C++/Java/Binary/Javascript based on code property graphs

10.12.2. PHP

• RIPS
• prvd
• phpvulhunter
• chip a simple tool to detect potential security threat in php code

10.12.3. Python

• pyvulhunter
• pyt

10.12.4. Java

• find sec bugs
• Gadget Inspector A byte code analyzer for finding deserialization gadget chains in Java applications

10.12.5. JavaScript

• NodeJsScan

10.12.6. 供应链

• Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components

10.12.7. 小程序

• unveilr