Learn to code securely while having fun through our popular open source in-editor experience, designed for developers, students, and anyone curious about security. Get started for free in under 2 minutes, playing right from your browser.
Static Value-Flow Analysis Framework for Source Code
The community's most comprehensive, continuously-updated index of research on Large Language Models for software vulnerability detection — papers across function-level, repository-level, agentic, and smart-contract detection, plus datasets, benchmarks, and surveys.
Lightweight, container-free sandbox for running commands with network and filesystem restrictions
Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter.
A blazingly fast security scanner, written in Rust. Batteries included, TUI for triage, secrets, post-quantum audits, diff-aware scans and more 𓃥
Security-native LLM system for AI-generated application security.
Prevent merging of malicious code in pull requests
Django application that performs SAST and Malware Analysis for Android APKs
Focused malicious code detection ruleset, with a high protection-to-noise ratio
DianXing - AI-Driven End-to-End Code Security Auditing
AI-powered SAST scanner that finds auth bypass, IDOR, and logic bugs Semgrep/CodeQL miss. Free GitHub Action. Supports Python, JS/TS, Go, PHP, Ruby.
A deterministic verification layer for AI systems. QWED verifies AI outputs using mathematics, symbolic reasoning, and formal methods (Z3, SMT, SymPy), creating an auditable trust boundary for agentic AI. Not generation. Verification.
OpenVul: An Open-Source Post-Training Framework for LLM-Based Vulnerability Detection
Codeaudit - Modern Python source code security analyzer based on distrust.
Detect and patch vulnerabilities in AI-generated Python code — VS Code extension
Multi-language static analysis with cross-file taint tracking. Scan your repo, triage findings in your browser, commit triage state with your code. No cloud, no account.
The purpose of this document is to outline the security risks and vulnerabilities that may arise when implementing ai in web applications and to provide best practices for mitigating these risks.
AI code generation and improvement
Security gate for AI-generated code - blocks the build until vulnerabilities are fixed
Add a description, image, and links to the code-security topic page so that developers can more easily learn about it.
To associate your repository with the code-security topic, visit your repo's landing page and select "manage topics."