Endor Labs and seven other organizations have launched Opengrep, a new open-source project aimed at ensuring accessibility and innovation in static code analysis for application security. The ...

When it needed a static code analysis tool for Python, OpenStack found no commercial products. Necessity being the mother of invention, OpenStack developed its own open source tool.

To help demonstrate the types of coding errors that can be efficiently detected and prevented using static source code analysis, we consider a case study of three popular, security-critical open ...

Open-source application from SEI CERT, SCALe, uses multiple static analysis tools to find security flaws in source code.

It also includes other open source plugins -- such as Cobertura -- along with a good deal of custom code, to provide a static code analysis tool dashboard. SonarQube adds a number of reporting ...

About CheckovCheckov is an open-source static analysis and policy-as-code engine for Terraform, CloudFormation, Kubernetes, Azure Resource Manager, and Serverless Framework.

The project is called STAMP, or Static Tool Analysis Modernization Project, and is designed to bring neglected open-source static analysis tools up-to-date.