🦙 MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues in your repository sources with a GitHub Action, other CI tools or locally.

Lint, format and auto-fix your Groovy / Jenkinsfile / Gradle files using command line

Telling tales on you for leaking secrets!

🔧 JetBrains Qodana’s official command line tool

Detect npm packages compromised in the Shai-Hulud 2.0 supply chain attack (Nov 2025). Scans for 790+ malicious packages, suspicious scripts, TruffleHog activity, SHA1HULUD runners, and secrets exfiltration. GitHub Action with SARIF support.

Go library for SARIF - Static Analysis Results Interchange Format

GitHub Action to check for vulnerabilities in your container image

This action uses govulncheck to perform a scan of the code, afterwards it will parse the output and transform it into an Sarif Report, which will be uploaded to Github using the code-scanning API.

Machine output for Mix tasks

Scan your project's dependencies with Code Ready Dependency Analytics

Run this GitHub action to validate your Kubernetes resources with the Monokle SARIF validator.

A GO package to create and manipulate SARIF logs

Validate your IAM Policies and SCPs with AWS Policy Validator, and convert those results into SARIF documents for reporting.

Converts Azure Container Scan Action output to SARIF, for an easier integration with tools like GitHub Code Scanning

Action that converts Azure Container Scan Action output to SARIF

A GitHub Action that automates the scanning of Java code, identifying the CWEs present in the vulnerable methods.

A simple, zero-dependency Node.js CLI that converts SARIF reports into interactive, shareable HTML reports with file explorer and collapsible issue details.

Imagecov GitHub Action

Push SARIF output to JIRA Cloud and track project progress in JIRA

An action for unit tests generation and SARIF report creation with the UTBotJava engine