#1
A vulnerability scanner for container images and filesystems
12K starsJun 12, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add anchore/grypeAlternatives
Vet alternatives for AI agents.
Compare similar skills by workflow fit, trust score, quality, GitHub adoption, maintenance, and install readiness.
Current skill
Vet
Protect against malicious open source packages 🤖
100
Quality
92
Trust
1.1K
Stars
#2
Go security checker
8.9K starsJun 15, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add securego/gosec#3
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
9.1K starsJun 15, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add anchore/syft#4
🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
5.5K starsJun 11, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add mgechev/revive#5
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
1.3K starsMay 24, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add ZupIT/horusec#6
Security risk analysis for Kubernetes resources
1.5K starsJun 15, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add controlplaneio/kubesec#7
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
1.1K starsMay 15, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add XmirrorSecurity/OpenSCA-cli#8
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
2.4K starsMar 26, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add find-sec-bugs/find-sec-bugs#9
Interactive architecture diagrams for codebases
2.2K starsJun 15, 2026 pushdevelopmentPythonStatic Analysis
$ npx skills add CodeBoarding/CodeBoarding#10
Tfsec is now part of Trivy
7.0K starsMar 25, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add aquasecurity/tfsec#11
KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
3.5K starsJun 10, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add stackrox/kube-linter#12
Scan the world (for secrets)
1.2K starsJun 12, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add betterleaks/betterleaks#13
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
21K starsMay 19, 2026 pushdevelopmentJavaScriptStatic Analysis
$ npx skills add MobSF/Mobile-Security-Framework-MobSF#14
A tool to enforce Swift style and conventions.
20K starsJun 13, 2026 pushdevelopmentSwiftStatic Analysis
$ npx skills add realm/SwiftLint#15
Program for determining types of files for Windows, Linux and MacOS.
11K starsJun 14, 2026 pushdevelopmentJavaScriptStatic Analysis
$ npx skills add horsicq/Detect-It-Easy#16
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
8.9K starsJun 16, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add checkstyle/checkstyleHow to choose
When should you switch?
Use an alternative when it has a clearer install path, higher trust score, fresher maintenance, or better platform fit for your current agent stack. Keep Vet if it already passes your workflow test and repository review.
Next step
Compare top candidates side by side
Open the compare page, test the install commands in a sandbox, and check each repository before using a skill in production.