White Box Scanning Tools for Website Coding
| Tool Name | Description | URL |
|---|---|---|
| WhiteBox (Cryeye) | A combination of different source code scanner tools that work automatically to scan your project’s source code. | WhiteBox (Cryeye) |
| Prettier | A code formatting tool that enforces consistent style, eliminating potential errors related to formatting. | Prettier |
| ESLint | A widely used JavaScript linter that helps identify and fix problems in JavaScript code. | ESLint |
| Flow | A static type checker for JavaScript that helps catch common errors. | Flow |
| stylelint | A linter for CSS that helps avoid errors and enforce conventions in stylesheets. | stylelint |
| JSHint | A JavaScript linter that detects errors and potential problems in JavaScript code. | JSHint |
| Acorn | A fast, small JavaScript parser used as a foundation for many other tools. | Acorn |
| JSCodeShift | A toolkit for running codemods over multiple JavaScript or TypeScript files, ensuring consistency across projects. | JSCodeShift |
| retire.js | A tool that scans JavaScript libraries and Node.js dependencies for known vulnerabilities. | retire.js |
| SonarJS | Part of the SonarQube ecosystem, this tool performs static analysis on JavaScript and TypeScript to detect bugs and vulnerabilities. | SonarJS |
| Semgrep | An open-source static analysis tool used to scan code for security vulnerabilities and issues. It supports custom configurations and can be integrated into CI/CD pipelines. | Semgrep |
| Snyk | A security tool that identifies vulnerabilities in open-source dependencies and container images. It integrates with development workflows to provide real-time alerts. | Snyk |
| Burp Suite | A popular web vulnerability scanner used for dynamic analysis, capable of finding SQL injection, XSS, and other vulnerabilities in web applications. | Burp Suite |
| ZAP (Zed Attack Proxy) | An open-source penetration testing tool developed by OWASP, used for finding security vulnerabilities in web applications during development and testing phases. | ZAP |
| SonarQube | An open-source platform for continuous inspection of code quality, performing static analysis to detect bugs and security vulnerabilities across multiple languages. | SonarQube |
This table lists popular white box scanning tools used in website coding to ensure code quality and security through static analysis, linting, and vulnerability detection.