diff --git a/README.md b/README.md index 4bc7bd1a8..6bd0acfc2 100644 --- a/README.md +++ b/README.md @@ -1471,6 +1471,8 @@ It supports multiple languages and is designed to be extensible, allowing you to - [Codiga](https://www.codiga.io) :copyright: — Automated Code Reviews and Technical Debt management platform that supports 12+ languages. +- [cognium](https://cognium.dev) — Semantic taint-tracking SAST engine with a 36-pass analysis pipeline covering security (SQL injection, XSS, SSRF, command injection, path traversal, and 15 more CWEs), reliability, performance, and maintainability. Supports Java, JavaScript, TypeScript, Python, Rust, and Bash. Outputs text, JSON, and SARIF 2.1.0. OWASP Benchmark: 100% TPR, 0% FPR across 1415 test cases. + - [Corgea](https://corgea.com/) :copyright: — Corgea is an AI-powered SAST scanner that helps developers find and fix insecure code. It finds business logic flaws, broken authentication, API vulnerabilities, and more with little false positives. Additionally, it automatically writes security fixes for them to approve. Corgea integrates with GitHub, GitLab, Azure DevOps, IDEs and CLI. It is free to try it. - **Corrode** :warning: — Semi-automatic translation from C to Rust. Could reveal bugs in the original implementation by showing Rust compiler warnings and errors. Superseded by C2Rust. diff --git a/data/api/tools.json b/data/api/tools.json index af1ff6539..16a5b3805 100644 --- a/data/api/tools.json +++ b/data/api/tools.json @@ -4256,6 +4256,49 @@ "demos": null, "wrapper": null }, + "cognium": { + "name": "cognium", + "categories": [ + "linter" + ], + "languages": [ + "java", + "javascript", + "python", + "rust", + "shell", + "typescript" + ], + "other": [ + "security" + ], + "licenses": [ + "MIT" + ], + "types": [ + "cli" + ], + "homepage": "https://cognium.dev", + "source": "https://github.com/cogniumhq/cognium", + "pricing": null, + "plans": null, + "description": "Semantic taint-tracking SAST engine with a 36-pass analysis pipeline covering security (SQL injection, XSS, SSRF, command injection, path traversal, and 15 more CWEs), reliability, performance, and maintainability. Supports Java, JavaScript, TypeScript, Python, Rust, and Bash. Outputs text, JSON, and SARIF 2.1.0. OWASP Benchmark: 100% TPR, 0% FPR across 1415 test cases.", + "discussion": null, + "deprecated": null, + "resources": [ + { + "title": "OWASP Benchmark Results", + "url": "https://github.com/cogniumhq/cognium#benchmark-results" + }, + { + "title": "GitHub Action", + "url": "https://github.com/marketplace/actions/cognium-security-scan" + } + ], + "reviews": null, + "demos": null, + "wrapper": null + }, "cohesion": { "name": "cohesion", "categories": [ diff --git a/data/tools/cognium.yml b/data/tools/cognium.yml new file mode 100644 index 000000000..dbcfadced --- /dev/null +++ b/data/tools/cognium.yml @@ -0,0 +1,27 @@ +name: cognium +categories: + - linter +tags: + - java + - javascript + - typescript + - python + - rust + - shell + - security +license: MIT +types: + - cli +source: https://github.com/cogniumhq/cognium +homepage: https://cognium.dev +description: >- + Semantic taint-tracking SAST engine with a 36-pass analysis pipeline covering + security (SQL injection, XSS, SSRF, command injection, path traversal, and 15 + more CWEs), reliability, performance, and maintainability. Supports Java, + JavaScript, TypeScript, Python, Rust, and Bash. Outputs text, JSON, and SARIF + 2.1.0. OWASP Benchmark: 100% TPR, 0% FPR across 1415 test cases. +resources: + - title: OWASP Benchmark Results + url: https://github.com/cogniumhq/cognium#benchmark-results + - title: GitHub Action + url: https://github.com/marketplace/actions/cognium-security-scan