We use the following tools within the Omega Analyzer (in no particular order):
- DevSkim
- NodeJsScan
- CppCheck
- Radare2
- CodeQL
- Lizard
- ShhGit
- SecretScanner
- Detect-Secrets
- SCC
- Brakeman
- Graudit
- Application Inspector
- Manalyze
- binwalk
- ClamAV
- Bandit
- Semgrep with many rules
- Yara with many rules
- tbv
- ILSpy
- strace
- OSS Gadget (oss-download, oss-detect-cryptography, oss-detect-backdoor, oss-defog, oss-find-source)
- npm audit
You can view these tools within the Dockerfile and/or the runtools.sh script.