User-friendly documentation for the SARIF file format.
-
Updated
Dec 15, 2023
#
sarif
Here are 80 public repositories matching this topic...
⚙️ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle
javascript kotlin python java go php typescript static-code-analysis dotnet static-analysis actions code-review code-quality sarif devsecops code-scanning azure-pipelines github-actions azure-extensions qodana
-
Updated
Nov 25, 2025 - JavaScript
Corax for Java: A general static analysis framework for java code checking.
java security security-audit static-code-analysis static-analysis code-analysis owasp vulnerability software-analysis program-analysis taint-analysis soot abstract-interpretation cwe sarif sast flowdroid
-
Updated
Dec 3, 2024 - Kotlin
Lint, format and auto-fix your Groovy / Jenkinsfile / Gradle files using command line
lint groovy gradle nextflow ci groovy-language linter codenarc jenkinsfile hacktoberfest sarif code-quality-analyzer sarif-report megalinter
-
Updated
Nov 23, 2025 - JavaScript
🔧 JetBrains Qodana’s official command line tool
javascript kotlin python java cli php typescript static-code-analysis ci code-review code-quality sarif devsecops code-scanning qodana sarif-report
-
Updated
Nov 25, 2025 - Go
Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
-
Updated
Sep 4, 2020 - Python
♿ Suite of open and standards-based tools for performing reliable accessibility conformance testing at scale
testing typescript accessibility a11y aria monorepo wcag json-ld earl data-processing customer-facing act sarif horizon2020
-
Updated
Nov 25, 2025 - HTML
A React-based component for viewing SARIF files.
-
Updated
Nov 12, 2024 - TypeScript
Go library for SARIF - Static Analysis Results Interchange Format
-
Updated
Oct 22, 2025 - Go
🐚 GitHub Action for running ShellCheck differentially
shell bash docker linter shellcheck sarif sast github-action shellcheck-action differential-scans full-scans
-
Updated
Nov 20, 2025 - Shell
vexctl is a tool to attest VEX impact statements
-
Updated
Mar 27, 2023 - Go
SARIF Explorer: A VSCode extension that helps you visualize and triage static analysis results
-
Updated
Nov 15, 2025 - TypeScript
GitHub Action for filtering Code Scanning alerts by path and id
-
Updated
Oct 16, 2024 - Java
GitHub issue manager from vulnerability scan results for private repositories
-
Updated
Jan 23, 2024 - Go
Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.
nodejs npm security sarif devsecops vulnerability-scanner malware-detection credential-theft github-actions open-source-security supply-chain-security sarif-report package-security shai-hulud shai-hulud-detector shai-hulud-attack shai-hulud2-detector shai-hulud2 shai-hulud2-inspector sha1-hulud
-
Updated
Nov 25, 2025 - TypeScript
JS/TS library to easily build valid SARIF output from your javascript based SAST tools
-
Updated
Nov 24, 2025 - TypeScript
Machine output for Mix tasks
-
Updated
Mar 23, 2023 - Elixir
☕️ Java library for working with SARIF files by Qodana team
-
Updated
Oct 8, 2025 - Java
Improve this page
Add a description, image, and links to the sarif topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the sarif topic, visit your repo's landing page and select "manage topics."