SAST Scanners
Semgrep
Static analysis for 30+ languages
e.g., p/security-audit, p/owasp-top-ten
njsscan
Node.js security scanner
SonarQube
Code quality & security analysis — runs as a built-in service, managed automatically.
Claude Security Scanner
AI security review of the whole codebase using Anthropic Claude.
Stored encrypted on the server. Used by the “Claude Security” scanner on the project page.
SCA Scanner Tokens
API tokens for the Snyk and Socket dependency scanners (required to run them).
Stored encrypted on the server. Used by the Snyk and Socket SCA scanners.
DAST Scanners
OWASP ZAP
Dynamic application security testing