Learn to code securely while having fun through our popular open source in-editor experience, designed for developers, students, and anyone curious about security. Get started for free in under 2 minutes, playing right from your browser.

Static Value-Flow Analysis Framework for Source Code

The community's most comprehensive, continuously-updated index of research on Large Language Models for software vulnerability detection — papers across function-level, repository-level, agentic, and smart-contract detection, plus datasets, benchmarks, and surveys.

Lightweight, container-free sandbox for running commands with network and filesystem restrictions

Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter.

A blazingly fast security scanner, written in Rust. Batteries included, TUI for triage, secrets, post-quantum audits, diff-aware scans and more 𓃥

Security-native LLM system for AI-generated application security.

Prevent merging of malicious code in pull requests

Django application that performs SAST and Malware Analysis for Android APKs

Focused malicious code detection ruleset, with a high protection-to-noise ratio

AI-powered SAST scanner that finds auth bypass, IDOR, and logic bugs Semgrep/CodeQL miss. Free GitHub Action. Supports Python, JS/TS, Go, PHP, Ruby.

AISecOps (AI Security Operations) framework for deterministic verification of AI systems. QWED verifies LLM outputs using math, logic, and symbolic execution — creating an auditable trust boundary for agentic AI systems. Not generation. Verification.

OpenVul: An Open-Source Post-Training Framework for LLM-Based Vulnerability Detection

Codeaudit - Modern Python source code security analyzer based on distrust.

Detect and patch vulnerabilities in AI-generated Python code — VS Code extension

Multi-language static analysis with cross-file taint tracking. Scan your repo, triage findings in your browser, commit triage state with your code. No cloud, no account.

The purpose of this document is to outline the security risks and vulnerabilities that may arise when implementing ai in web applications and to provide best practices for mitigating these risks.

AI code generation and improvement

Security gate for AI-generated code - blocks the build until vulnerabilities are fixed

LLM <-- MCP --> CodeQL( AST | CFG | CLI | LSP )