9.11. 审计工具

9.11.1. 通用

• Cobra

• Semmle QL

• Sourcetrail free and open-source cross-platform source explorer

• trivy A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

• fortify

9.11.2. PHP

• RIPS

• prvd

• phpvulhunter

• chip a simple tool to detect potential security threat in php code

9.11.3. Python

• pyvulhunter

• pyt

9.11.4. Java

• find sec bugs

• Gadget Inspector A byte code analyzer for finding deserialization gadget chains in Java applications

9.11.5. JavaScript

• NodeJsScan

9.11.6. 供应链

• Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components