86/100 G Gitleaks for secret scanning in repositories Scan repositories and working trees for leaked secrets before agents commit or open PRs. jsonsarifcsv 検証済み 継続的にメンテナンス中 $ brew install gitleaks
84/100 T Trivy for dependency, container, IaC, and SBOM scanning Scan code, containers, dependencies, Kubernetes manifests, and SBOMs with machine-readable reports. jsonsariftable 検証済み 継続的にメンテナンス中 $ brew install trivy
82/100 S Semgrep CLI for static analysis and policy checks Run code pattern checks and policy scans with JSON or SARIF output that agents can summarize. jsonsariftext 検証済み 継続的にメンテナンス中 $ pipx install semgrep