# Security Scanners At AquilaX, we believe a top-notch Application Security and DevSecOps program should leverage the best of today’s trusted, mature open-source scanners. We openly showcase each scanner we use, allowing our clients to see exactly how we’re protecting their code. And for those needing more, we also integrate and offer a full range of both private and open-source scanners to cover all bases in application security.
LogoLicenseUsed for
https://github.com/bridgecrewio/checkovApache 2.0Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://github.com/securego/gosecApache 2.0Go security checker
https://github.com/aquasecurity/trivyApache 2.0Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
https://github.com/finos/CatchITApache 2.0Source code secret scanner by Goldman Sachs and FINOS
https://github.com/anchore/syftApache 2.0CLI tool and library for generating a Software Bill of Materials from container images and filesystems
https://docs.npmjs.com/cli/v9/commands/npm-auditThe audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities.
https://github.com/gitleaks/gitleaksMITProtect and discover secrets using Gitleaks 🔑
https://github.com/Yelp/detect-secretsApache 2.0An enterprise friendly way of detecting and preventing secrets in code.
https://github.com/prowler-cloud/prowlerApache 2.0Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
https://github.com/aquasecurity/chain-benchApache 2.0An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
https://github.com/Checkmarx/kicsApache 2.0Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
https://github.com/PyCQA/banditApache 2.0Bandit is a tool designed to find common security issues in Python code.
https://github.com/facebook/pyre-checkMITPerformant and security type-checking for python.
https://github.com/controlplaneio/kubesecApache 2.0Security risk analysis for Kubernetes resources
https://github.com/jeremylong/DependencyCheckApache 2.0OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://github.com/ZupIT/horusecApache 2.0Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
https://github.com/nccgroup/sobelowApache 2.0Sobelow is a security-focused static analysis tool for Elixir & the Phoenix framework.
https://github.com/Nullify-Platform/attack-surface-scannerMITWeb application attack surface scanner by Nullify
https://google.github.io/osv-scanner/Apache 2.0Vulnerability scanner written in Go which uses the data provided by https://osv.dev

https://vulnix0.com/Proprietary Offensive Security Platform
https://vulnix0.com/

https://github.com/opengrep/opengrepLGPL-2.1 licenseStatic code analysis engine to find security issues in code.