fucking static analysis
1.0.0
Repositori ini mencantumkan alat analisis statis untuk semua bahasa pemrograman, membangun alat, file konfigurasi, dan lainnya. Fokusnya adalah pada alat yang meningkatkan kualitas kode seperti linter dan formatters. Situs web resmi ,? Analisis-Tools.dev didasarkan pada repositori ini dan menambahkan peringkat, komentar pengguna, dan sumber daya tambahan seperti video untuk setiap alat.
Proyek ini tidak akan mungkin terjadi tanpa dukungan murah hati dari sponsor kami.
Jika Anda juga ingin mendukung proyek ini, kunjungi kami ? ?? Halaman Sponsor GitHub).
Permintaan tarik sangat disambut!
Juga periksa proyek Sister, 958 106? Analisis-Dynamic-Analisis).
? ABAPLINT - LINTER UNTUK ABAP, Ditulis dalam TypeScript.
? ABAPOPENCHECKS - Meningkatkan Inspektur Kode SAP dengan cek baru dan dapat disesuaikan.
? Codepeer © ️-Mendeteksi kesalahan run-time dan logika.
? Polyspace untuk ADA © ️-memberikan verifikasi kode yang membuktikan tidak adanya akses array yang meluap, divide-by-nol, di luar batas, dan kesalahan run-time lainnya dalam kode sumber.
? Spark © ️ - Analisis Statis dan Toolset Verifikasi Formal untuk ADA.
749 75? MENCADANGKAN)? Astrée © ️ - Astrée secara otomatis membuktikan tidak adanya kesalahan runtime dan perilaku bersamaan yang tidak valid dalam aplikasi C/C ++. Ini suara untuk perhitungan titik mengambang, sangat cepat, dan sangat tepat. Penganalisa juga memeriksa aturan pengkodean Autosar MISRA/CERT/CWE/Adaptive Autosar dan mendukung kualifikasi untuk ISO 26262, DO-178C Level A, dan standar keselamatan lainnya. Tersedia plugin Jenkins dan Eclipse.
CBMC-Pemeriksaan model terikat untuk program C, pernyataan yang ditentukan pengguna, pernyataan standar, beberapa analisis metrik cakupan.
? CLANG-TIDY-Alat C ++ Linter berbasis dentang dengan kemampuan (terbatas) untuk memperbaiki masalah juga.
672 94? CLAZY)-Penganalisa kode statis yang berorientasi QT berdasarkan kerangka dentang. Clazy adalah plugin kompiler yang memungkinkan dentang untuk memahami semantik QT. Anda mendapatkan lebih dari 50 peringatan kompiler terkait QT, mulai dari alokasi memori yang tidak dibutuhkan hingga penyalahgunaan API, termasuk perbaikan untuk refactoring otomatis.
72 27? CMetrics) - Mengukur ukuran dan kompleksitas untuk file C.
? CPACHECKER - Alat untuk verifikasi perangkat lunak yang dapat dikonfigurasi dari program C. Nama CPACHECKER dipilih untuk mencerminkan bahwa alat ini didasarkan pada konsep CPA dan digunakan untuk memeriksa program perangkat lunak.
? CPPCHECK - Analisis statis kode C/C ++.
? CPPDepend © ️ - ukur, permintaan, dan visualisasikan kode Anda dan hindari masalah yang tidak terduga, hutang teknis dan kompleksitas.
37674 13306? CPPLINT) - Pemeriksa C ++ Otomatis yang mengikuti Panduan Gaya Google.
64 11? CQMetrics) - Metrik Kualitas untuk Kode C.
? CSCOUT - Metrik kompleksitas dan kualitas untuk kode preprocessor C dan C.
14 3? Enre-cpp)-enre (entitas hubungan ekstraktor) adalah alat untuk ekstraksi dependensi entitas kode atau hubungan dari kode sumber. ENRE-CPP adalah ekstraktor hubungan entitas untuk C/C ++ berdasarkan @Eclipse/CDT. (Sedang dikembangkan)
ESBMC-ESBMC adalah open source, yang dilisensikan secara permisi, pemeriksa model yang terikat konteks berdasarkan teori modulo kepuasan untuk verifikasi program C/C ++ multi-threaded.
Flawfinder
266 21? Flint ++)
? FRAMA-C-AMERSALZER SOUD dan EXTENSIBLE STATIC UNTUK KODE C.
? GCC - Kompiler GCC memiliki kemampuan analisis statis sejak versi 10. Opsi ini hanya tersedia jika GCC dikonfigurasi dengan dukungan penganalisis diaktifkan. Ini juga dapat mengeluarkan diagnostiknya ke file JSON dalam format Sarif (dari V13).
? Goblint-Penganalisa statis untuk analisis program C multi-threaded. Fokus utamanya adalah deteksi balapan data, tetapi juga melaporkan kesalahan runtime lainnya, seperti buffer overflows dan null-pointer dereferences.
? Helix QAC © ️-Analisis statis kelas perusahaan untuk perangkat lunak tertanam. Mendukung standar pengkodean Misra, Cert, dan Autosar.
2771 191? IKOS) - Penganalisa statis suara untuk kode C/C ++ berdasarkan LLVM.
? Joern-Platform Analisis Kode Sumber Terbuka untuk C/C ++ Berdasarkan Grafik Properti Kode
KLEE - Mesin eksekusi simbolik dinamis yang dibangun di atas infrastruktur kompiler LLVM. Ini dapat menghasilkan kasus uji secara otomatis untuk program sehingga kasus uji menjalankan sebanyak mungkin program.
? LDRA © ️ - Alat suite termasuk analisis statis (TBVision) ke berbagai standar termasuk Misra C & C ++, JSF ++ AV, CWE, CERT C, CERT C ++ & Aturan Kustom.
? PASANGAN
? PC-Lint © ️-Analisis Statis untuk C/C ++. Berjalan secara asli di bawah Windows/Linux/MacOS. Menganalisis kode untuk hampir semua platform, mendukung C11/C18 dan C ++ 17.
? PHASAR-Kerangka analisis statis berbasis LLVM yang hadir dengan analisis keadaan ternoda dan tipe.
? Polyspace Bug Finder © ️-Mengidentifikasi kesalahan run-time, masalah konkurensi, kerentanan keamanan, dan cacat lainnya pada perangkat lunak tertanam C dan C ++.
? POLYSPACE CODE PROVER © ️-Memberikan verifikasi kode yang membuktikan tidak adanya akses array overflow, divide-by-nol, di luar batas, dan kesalahan run-time lainnya dalam kode sumber C dan C ++.
? Scan-Build-Frontend untuk menggerakkan penganalisa statis dentang yang dibangun menjadi dentang melalui bangunan biasa.
Splint-Pemeriksa Program Statis Bantuan Anotasi.
? SVF - Alat statis yang memungkinkan analisis ketergantungan interprocedural yang dapat diskalakan dan tepat untuk program C dan C ++.
? Trustinsoft Analyzer © ️ - Deteksi lengkap kesalahan pengkodean dan kerentanan keamanan yang terkait. Ini mencakup deteksi perilaku yang tidak terdefinisi suara (buffer overflows, akses array di luar batas, dereferensi nol-pointer, penggunaan-setelah-bebas, divide-by-nol, akses memori yang tidak diinisialisasi, verifikasi yang ditandatangani serta fungsi pointer yang tidak valid. Semua versi C hingga C18 dan C ++ hingga C ++ 20 didukung. Trustinsoft Analyzer akan memperoleh kualifikasi ISO 26262 di Q2'2023 (TCL3). Pemeriksa Misra C juga dibundel.
? Vera ++
.NET Analyzers - Organisasi untuk pengembangan analisis (diagnostik dan perbaikan kode) menggunakan platform .NET Compiler.
949 61? ARCHUNITNET) - AC# Pustaka Tes Arsitektur Untuk menentukan dan menegaskan aturan arsitektur dalam C# untuk pengujian otomatis.
? Code-Cracker-Perpustakaan penganalisa untuk C# dan VB yang menggunakan Roslyn untuk menghasilkan refactorings, analisis kode, dan kebaikan lainnya.
160 26? Csharpessentials)
Designite © ️ - Designite mendukung deteksi berbagai arsitektur, desain, dan bau implementasi, perhitungan berbagai metrik kualitas kode, dan analisis tren.
? Gendarme - Gendarme memeriksa program dan perpustakaan yang berisi kode dalam format ECMA CIL (mono dan .net).
737 29? Menyimpulkan#)
965 51? Meziantou.analyzer) - Seorang penganalisa Roslyn untuk menegakkan beberapa praktik baik dalam C# dalam hal desain, penggunaan, keamanan, kinerja, dan gaya.
NDEPEND © ️ - Ukur, permintaan, dan visualisasikan kode Anda dan hindari masalah yang tidak terduga, hutang teknis dan kompleksitas.
? PUMA SCAN - PUMA SCAN menyediakan analisis kode aman waktu nyata untuk kerentanan umum (XSS, SQLI, CSRF, LDAPI, Crypto, Deserialization, dll.) Saat tim pengembangan menulis kode di Visual Studio.
3128 263? ROSLYNATOR) - Koleksi 190+ analisis dan 190+ refactorings untuk C#, ditenagai oleh Roslyn.
803 229? Sonaranalyzer.csharp) - Penganalisa Roslyn ini memungkinkan Anda untuk menghasilkan kode bersih yang aman, andal, dan dapat dipelihara dengan membantu Anda menemukan dan memperbaiki bug, kerentanan, dan bau kode dalam basis kode Anda.
65 16? Vsdiagnostics)
91 10? Wintellect.Analyzers) - .NET Compiler Platform ("" Roslyn ") diagnostik dan perbaikan kode.
? Astrée © ️ - Astrée secara otomatis membuktikan tidak adanya kesalahan runtime dan perilaku bersamaan yang tidak valid dalam aplikasi C/C ++. Ini suara untuk perhitungan titik mengambang, sangat cepat, dan sangat tepat. Penganalisa juga memeriksa aturan pengkodean Autosar MISRA/CERT/CWE/Adaptive Autosar dan mendukung kualifikasi untuk ISO 26262, DO-178C Level A, dan standar keselamatan lainnya. Tersedia plugin Jenkins dan Eclipse.
CBMC-Pemeriksaan model terikat untuk program C, pernyataan yang ditentukan pengguna, pernyataan standar, beberapa analisis metrik cakupan.
? CLANG-TIDY-Alat C ++ Linter berbasis dentang dengan kemampuan (terbatas) untuk memperbaiki masalah juga.
672 94? CLAZY)-Penganalisa kode statis yang berorientasi QT berdasarkan kerangka dentang. Clazy adalah plugin kompiler yang memungkinkan dentang untuk memahami semantik QT. Anda mendapatkan lebih dari 50 peringatan kompiler terkait QT, mulai dari alokasi memori yang tidak dibutuhkan hingga penyalahgunaan API, termasuk perbaikan untuk refactoring otomatis.
72 27? CMetrics) - Mengukur ukuran dan kompleksitas untuk file C.
? CPPCHECK - Analisis statis kode C/C ++.
? CPPDepend © ️ - ukur, permintaan, dan visualisasikan kode Anda dan hindari masalah yang tidak terduga, hutang teknis dan kompleksitas.
37674 13306? CPPLINT) - Pemeriksa C ++ Otomatis yang mengikuti Panduan Gaya Google.
64 11? CQMetrics) - Metrik Kualitas untuk Kode C.
? CSCOUT - Metrik kompleksitas dan kualitas untuk kode preprocessor C dan C.
14 3? Enre-cpp)-enre (entitas hubungan ekstraktor) adalah alat untuk ekstraksi dependensi entitas kode atau hubungan dari kode sumber. ENRE-CPP adalah ekstraktor hubungan entitas untuk C/C ++ berdasarkan @Eclipse/CDT. (Sedang dikembangkan)
ESBMC-ESBMC adalah open source, yang dilisensikan secara permisi, pemeriksa model yang terikat konteks berdasarkan teori modulo kepuasan untuk verifikasi program C/C ++ multi-threaded.
Flawfinder
266 21? Flint ++)
? FRAMA-C-AMERSALZER SOUD dan EXTENSIBLE STATIC UNTUK KODE C.
? Helix QAC © ️-Analisis statis kelas perusahaan untuk perangkat lunak tertanam. Mendukung standar pengkodean Misra, Cert, dan Autosar.
2771 191? IKOS) - Penganalisa statis suara untuk kode C/C ++ berdasarkan LLVM.
? Joern-Platform Analisis Kode Sumber Terbuka untuk C/C ++ Berdasarkan Grafik Properti Kode
KLEE - Mesin eksekusi simbolik dinamis yang dibangun di atas infrastruktur kompiler LLVM. Ini dapat menghasilkan kasus uji secara otomatis untuk program sehingga kasus uji menjalankan sebanyak mungkin program.
? LDRA © ️ - Alat suite termasuk analisis statis (TBVision) ke berbagai standar termasuk Misra C & C ++, JSF ++ AV, CWE, CERT C, CERT C ++ & Aturan Kustom.
? PASANGAN
? PC-Lint © ️-Analisis Statis untuk C/C ++. Berjalan secara asli di bawah Windows/Linux/MacOS. Menganalisis kode untuk hampir semua platform, mendukung C11/C18 dan C ++ 17.
? PHASAR-Kerangka analisis statis berbasis LLVM yang hadir dengan analisis keadaan ternoda dan tipe.
? Polyspace Bug Finder © ️-Mengidentifikasi kesalahan run-time, masalah konkurensi, kerentanan keamanan, dan cacat lainnya pada perangkat lunak tertanam C dan C ++.
? POLYSPACE CODE PROVER © ️-Memberikan verifikasi kode yang membuktikan tidak adanya akses array overflow, divide-by-nol, di luar batas, dan kesalahan run-time lainnya dalam kode sumber C dan C ++.
? Scan-Build-Frontend untuk menggerakkan penganalisa statis dentang yang dibangun menjadi dentang melalui bangunan biasa.
Splint-Pemeriksa Program Statis Bantuan Anotasi.
? SVF - Alat statis yang memungkinkan analisis ketergantungan interprocedural yang dapat diskalakan dan tepat untuk program C dan C ++.
? Trustinsoft Analyzer © ️ - Deteksi lengkap kesalahan pengkodean dan kerentanan keamanan yang terkait. Ini mencakup deteksi perilaku yang tidak terdefinisi suara (buffer overflows, akses array di luar batas, dereferensi nol-pointer, penggunaan-setelah-bebas, divide-by-nol, akses memori yang tidak diinisialisasi, verifikasi yang ditandatangani serta fungsi pointer yang tidak valid. Semua versi C hingga C18 dan C ++ hingga C ++ 20 didukung. Trustinsoft Analyzer akan memperoleh kualifikasi ISO 26262 di Q2'2023 (TCL3). Pemeriksa Misra C juga dibundel.
? Vera ++
1726 293? CLJ-KONDO)-Sebuah linter untuk kode clojure yang memicu kegembiraan. Ini memberi tahu Anda tentang kesalahan potensial saat Anda mengetik. ? AMEBA - Alat analisis kode statis untuk kristal.
? Crystal-Crystal Compiler memiliki fungsionalitas serat bawaan.
? Metrik kode panah
? Effective_dart - Aturan linter yang sesuai dengan pedoman di panah yang efektif
277 82? serat)
? Linter untuk dart - style linter for dart.
100 16? DELPHILINT)-Paket Delphi IDE yang menyediakan analisis dan linting kode on-the-fly, ditenagai oleh Sonardelphi.
? Perbaiki Insight © ️ - Plugin IDE GRATIS untuk Analisis Kode Statis. Edisi Pro mencakup alat baris perintah untuk tujuan otomatisasi.
? Pascal Analyzer © ️ - Alat Analisis Kode Statis dengan banyak laporan. Versi Lite gratis tersedia dengan pelaporan terbatas.
? PASTER PASCAL © ️ - Plugin IDE untuk Analisis Kode. Termasuk subset kemampuan pelaporan Pascal Analyzer dan tersedia untuk Delphi Versions 2007 dan kemudian.
110 19? Sonardelphi) - Delphi Static Analyzer untuk Platform Kualitas Kode Sonarqube.
241 80? D-SCANNER)-D-SCANNER adalah alat untuk menganalisis kode sumber D. 4951 420? CREDO) - Alat analisis kode statis dengan fokus pada konsistensi dan pengajaran kode.
1720 142? Dialyxir) - Campurkan tugas untuk menyederhanakan penggunaan dialyzer dalam proyek elixir.
1693 96? Sobelow)-Analisis statis yang berfokus pada keamanan untuk kerangka phoenix.
? elm-analyse
? ELM-Review-Menganalisis seluruh proyek ELM, dengan fokus pada aturan yang dapat dibagikan dan khusus yang ditulis di ELM yang menambahkan jaminan kompiler ELM tidak memberi Anda.
? Dialyzer - Dialyzer, penganalisa perbedaan untuk program Erlang. Dialyzer adalah alat analisis statis yang mengidentifikasi perbedaan perangkat lunak, seperti kesalahan tipe yang pasti, kode yang telah menjadi mati atau tidak terjangkau karena kesalahan pemrograman, dan tes yang tidak perlu, dalam modul erlang tunggal atau seluruh aplikasi (set). Dialyzer memulai analisisnya dari bytecode balok yang dikompilasi debug atau dari kode sumber Erlang. Jumlah file dan garis perbedaan dilaporkan bersama dengan indikasi tentang apa perbedaan itu. Dialyzer mendasarkan analisisnya pada konsep pengetikan keberhasilan, yang memungkinkan peringatan suara (tidak ada positif palsu).
425 87? Elvis) - Peninjau gaya Erlang.
103 11? Alat Keamanan Erlang Primitive (Hama))
? Fantomas - F# Format Kode Sumber.
? Fsharplint - Alat lint untuk f#.
? Ionide-Analyzers-Koleksi F# Analyzers, dibangun dengan fsharp.analyzers.sdk.
? fprettify-Formatter otomatis untuk kode sumber Fortran modern, ditulis dalam Python. FPrettify adalah alat yang menyediakan spasi putih yang konsisten, lekukan, dan perataan pembatas dalam kode, termasuk kemampuan untuk mengubah case huruf dan menangani arahan preprocessor, semuanya sambil melestarikan riwayat revisi dan diuji untuk integrasi editor.
62 17? I-CODE CNES untuk FORTRAN)-Alat analisis kode statis open source untuk Fortran 77, Fortran 90 dan Shell.
? AlignCheck - Temukan struct yang dikemas secara tidak efisien.
314 33? Bodyclose) - Memeriksa apakah badan respons HTTP ditutup.
50 15? Deadcode) - Menemukan kode yang tidak digunakan.
316 28? Dingo-Hunter)
73 2? Dogled) - Menemukan tugas/deklarasi dengan terlalu banyak pengidentifikasi kosong.
346 25? dupl)
2365 138? errcheck) - Periksa bahwa nilai pengembalian kesalahan digunakan.
372 16? errwrap) - Bungkus dan perbaiki kesalahan GO dengan arahan %kata kerja %baru. Alat ini menganalisis panggilan FMT.Errorf () dan melaporkan panggilan yang berisi arahan kata kerja yang berbeda dari arahan kata kerja %baru yang diperkenalkan di GO V1.13. Ini juga mampu menulis ulang panggilan untuk menggunakan Arahan Kata Kerja Bungkus %W baru.
51 4? Flen) - Dapatkan info tentang lama fungsi dalam paket go.
3507 267? GO META LINTER)golangci-lint untuk proyek baru.
? GO Tool Vet -Shadow -Laporan variabel yang mungkin dibayangi secara tidak sengaja.
? Go Vet - Memeriksa Go Source Code dan melaporkan mencurigakan.
339 16? GO-Consistent)-Penganalisa yang membantu Anda membuat program GO Anda lebih konsisten.
1873 117? GO-CRITIC)-LINTER KODE SUMBER GO yang mempertahankan cek yang saat ini tidak diimplementasikan di linter lain.
? GO/AST - Paket AST menyatakan jenis yang digunakan untuk mewakili pohon sintaks untuk paket GO.
61 2? Goast)
105 12? gochecknoglobals)
296 17? GOCONST) - Menemukan string berulang yang dapat digantikan oleh konstan.
1388 83? GOCYCLO)
? gofmt -s -memeriksa apakah kode diformat dengan benar dan tidak dapat disederhanakan lebih lanjut.
3390 113? Gofumpt)-Menegakkan format yang lebih ketat daripada gofmt , sambil kompatibel dengan mundur. Artinya, gofumpt senang dengan subset dari format yang senang dengan gofmt . Alat ini adalah garpu gofmt saat go 1.19, dan membutuhkan go 1.18 atau lebih baru. Ini dapat digunakan sebagai pengganti drop-in untuk memformat kode GO Anda, dan menjalankan GoFMT setelah gofumpt tidak menghasilkan perubahan. gofumpt tidak akan pernah menambahkan aturan yang tidak setuju dengan format gofmt . Jadi kami memperluas gofmt daripada bersaing dengannya.
? goImports - cek impor paket yang hilang atau tidak direferensikan.
2181 110? GOKART) - Analisis Keamanan Golang dengan fokus pada meminimalkan positif palsu. Ini mampu melacak sumber variabel dan argumen fungsi untuk menentukan apakah sumber input aman.
? Golangci-Lint-Alternatif untuk Go Meta Linter : Golangci-Lint adalah agregator linter.
3973 491? Golint) - Mencetak kesalahan gaya pengkodean dalam kode sumber Go.
3130 271? Goreporter) - Bersamaan dengan banyak menjalankan banyak linter dan menormalkan output mereka ke sebuah laporan.
466 19? Goroutine-Inspect)-Alat interaktif untuk menganalisis dump Golang Goroutine.
? GOSEC (GAS) - Memeriksa kode sumber untuk masalah keamanan dengan memindai go ast.
? GOTYPE - Analisis sintaksis dan semantik mirip dengan kompiler GO.
? Govulncheck - Govulncheck Laporan Kerentanan yang Diketahui Yang Mempengaruhi Kode GO. Ini menggunakan analisis statis kode sumber atau tabel simbol biner untuk mempersempit laporan hanya pada yang dapat mempengaruhi aplikasi. Secara default, Govulncheck membuat permintaan ke database kerentanan GO di https://vuln.go.dev. Permintaan ke database kerentanan hanya berisi jalur modul, bukan kode atau properti lain dari program Anda.
404 25? tidak efisien)
689 17? Interferensi)
65 9? lll)
538 42? difitnah)
1354 115? Misspell) - Menemukan kata -kata bahasa Inggris yang sering salah eja.
127 15? Nakedret) - Menemukan pengembalian telanjang.
85 5? Nargs) - Menemukan argumen yang tidak digunakan dalam deklarasi fungsi.
643 24? Prealloc) - Menemukan deklarasi irisan yang berpotensi dapat ditentukan sebelumnya.
8053 427? ReviewDog) - Alat untuk memposting komentar ulasan dari linter mana pun di layanan hosting kode apa pun.
? Revive - linter cepat, dapat dikonfigurasi, dapat diperluas, fleksibel, dan indah untuk Go. Penggantian drop-in Golint.
564 47? Safesql)
369 15? Shisho)
? StaticCheck - GO Static Analysis yang berspesialisasi dalam menemukan bug, menyederhanakan kode dan meningkatkan kinerja.
? StructCheck - Temukan bidang struct yang tidak digunakan.
817 27? Structslop) - Analisis statis untuk GO yang merekomendasikan penataan ulang bidang struct untuk menyediakan efisiensi ruang/alokasi maksimum
? Tes - Tunjukkan lokasi kegagalan uji dari modul pengujian stdlib.
380 26? Unconvert) - Mendeteksi konversi jenis yang berlebihan.
533 28? UNPARAM) - Temukan parameter fungsi yang tidak digunakan.
? VarCheck - Temukan variabel dan konstanta global yang tidak digunakan.
267 41? WSL) - Menegakkan garis kosong di tempat yang tepat.
690 67? Brittany)
1484 197? HLINT) - HLint adalah alat untuk menyarankan kemungkinan perbaikan pada kode Haskell.
? Liquid Haskell - Liquid Haskell adalah pemeriksa jenis penyempurnaan untuk program Haskell.
? STAN-Stan adalah alat baris perintah untuk menganalisis proyek Haskell dan mengeluarkan kerentanan yang ditemukan dengan cara yang bermanfaat dengan kemungkinan solusi untuk masalah yang terdeteksi.
170 28? WEEDER) - Alat untuk mendeteksi ekspor mati atau impor paket dalam kode Haskell.
? Kerangka Pemeriksa-Pemeriksaan jenis pluggable untuk Java. Ini bukan hanya pembuat serangga, tetapi alat verifikasi yang memberikan jaminan kebenaran. Muncul dengan 27 sistem tipe pra-dibangun, dan memungkinkan pengguna untuk menentukan sistem tipe mereka sendiri; Manual mencantumkan lebih dari 30 sistem tipe yang dikendalikan pengguna.
? CheckStyle - Memeriksa kode sumber Java untuk kepatuhan terhadap standar kode atau set aturan validasi (praktik terbaik).
387 154? CK)-Menghitung metrik Chidamber dan Kemerer yang berorientasi objek dengan memproses file Java sumber.
CKJM-Menghitung metrik Chidamber dan Kemerer yang berorientasi objek dengan memproses bytecode file java yang dikompilasi.
? Cognicrypt - Memeriksa sumber Java dan kode byte untuk penggunaan API kriptografi yang salah.
1034 356? DataFlow Framework)-Kerangka Dataflow Kekuatan Industri untuk Java. Kerangka Dataflow digunakan dalam kerangka pemeriksa, rawan kesalahan Google, Nullaway Uber, Meta's Nullsafe, dan dalam konteks lainnya. Ini didistribusikan dengan kerangka kerja checker.
DesignItejava © ️ - DesignItJava mendukung deteksi berbagai arsitektur, desain, dan bau implementasi bersama dengan perhitungan berbagai metrik kualitas kode.
? DiffBlue © ️-DiffBlue adalah perusahaan perangkat lunak yang menyediakan analisis kode bertenaga AI dan solusi pengujian untuk tim pengembangan perangkat lunak. Tekanannya membantu pengembang mengotomatiskan pengujian, menemukan bug, dan mengurangi tenaga kerja manual dalam proses pengembangan perangkat lunak mereka. Produk utama perusahaan, DiffBlue Cover, menggunakan AI untuk menghasilkan dan menjalankan tes unit untuk kode Java, membantu menangkap kesalahan dan meningkatkan kualitas kode.
? DOOP - DOOP adalah kerangka deklaratif untuk analisis statis program Java/Android, berpusat pada algoritma analisis pointer. DOOP menyediakan berbagai macam analisis dan juga perancah di sekitarnya untuk menjalankan analisis end-to-end (pembuatan fakta, pemrosesan, statistik, dll.).
13 8? Enre-Java)-Enre (Entity Relationship Extractor) adalah alat untuk ekstraksi dependensi entitas kode atau hubungan dari kode sumber. ENRE-JAVA adalah ekstraktor hubungan entitas untuk proyek Java berdasarkan @eclipse JDT/Parser.
? Kesalahan rawan-Tangkap kesalahan Java yang umum sebagai kesalahan waktu kompilasi.
FB-Contrib-Plugin untuk FindBugs dengan detektor bug tambahan.
340 34? Forbidden-APIS)-Mendeteksi dan melarang doa metode/kelas/bidang tertentu (seperti membaca dari aliran teks tanpa charset). Kompatibel Maven/Gradle/Ant.
5674 864? Google-java-format)-memformat kode sumber java untuk mematuhi gaya google java
304 32? Huntbugs)
? Ide Intellij © ️ - Datang dibundel dengan banyak inspeksi untuk Java dan Kotlin dan termasuk alat untuk refactoring, format, dan banyak lagi.
? JArCHITECT © ️ - Ukur, permintaan, dan visualisasikan kode Anda dan hindari masalah yang tidak terduga, hutang teknis dan kompleksitas.
? JBMC-Model-checker terikat untuk Java (bytecode), memverifikasi pernyataan yang ditentukan pengguna, pernyataan standar, beberapa analisis metrik cakupan.
? MARIANA PRENCH - Alat analisis statis terfokus keamanan kami untuk aplikasi Android dan Java. Mariana Trench menganalisis dalvik bytecode dan dibangun untuk berjalan cepat pada basis kode besar (10s jutaan baris kode). Ini dapat menemukan kerentanan sebagai perubahan kode, sebelum pernah mendarat di repositori Anda.
3664 299? Nullaway)-Pemeriksa nol-pointer berbasis tipe dengan overhead waktu bangunan rendah; plugin rawan kesalahan.
? Pemeriksaan Ketergantungan OWASP - Pemeriksaan Ketergantungan untuk kerentanan yang diketahui, diungkapkan secara publik.
? Qulice-Menggabungkan beberapa alat analisis statis (pra-konfigurasi) (CheckStyle, PMD, FindBugs, ...).
460 42? RefactorFirst) - Mengidentifikasi dan memprioritaskan kelas -kelas Tuhan dan kelas yang sangat digabungkan dalam basis kode java Anda harus refactor terlebih dahulu.
? Soot - Kerangka kerja untuk menganalisis dan mengubah aplikasi Java dan Android.
? Spoon - Spoon adalah perpustakaan metaprogramming untuk menganalisis dan mengubah kode sumber java (termasuk Java 9, 10, 11, 12, 13, 14). Ini mem-parsing file sumber untuk membangun AST yang dirancang dengan baik dengan analisis yang kuat dan API transformasi. Dapat diintegrasikan dalam Maven dan Gradle.
? SPOTBUGS - Spotbugs adalah penerus Findbugs. Alat untuk analisis statis untuk mencari bug dalam kode java.
? stabil
148 39? Pelanggaran Lib) - Perpustakaan Java untuk Parsing Laporan File dari Analisis Kode Statis. Digunakan oleh sekelompok plugin Jenkins, Maven dan Gradle.
Aether
? Kompiler Penutupan - Alat kompiler untuk meningkatkan efisiensi, mengurangi ukuran, dan memberikan peringatan kode dalam file JavaScript.
111 29? Closurelinter)
209 27? Laporan Kompleksitas)
? DeepScan © ️ - Analyzer untuk JavaScript yang menargetkan kesalahan runtime dan masalah kualitas daripada pengkodean konvensi.
205 40? ES6-Plato)
266 25? Escomplex)
? Esprima
? Flow - Pemeriksa tipe statis untuk JavaScript.
? HEGEL - Pemeriksa tipe statis untuk JavaScript dengan bias pada inferensi tipe dan sistem tipe yang kuat.
? JShint - Mendeteksi kesalahan dan masalah potensial dalam kode JavaScript dan menegakkan konvensi pengkodean tim Anda.
3619 463? JSLINT) - Alat Kualitas Kode JavaScript.
? Jsprime
? NODEJSSCAN - Pemindai kode keamanan statis untuk aplikasi Node.js yang ditenagai oleh Libsast dan SEMGREP yang dibangun di atas alat NJSSCAN CLI. Ini fitur UI dengan berbagai dasbor tentang status keamanan aplikasi.
4561 321? plato)
431 201? POLYMER-ANALYZER)-Kerangka analisis statis untuk komponen web.
? Pensiunan.js - Pemindai Mendeteksi Penggunaan Perpustakaan JavaScript dengan kerentanan yang diketahui.
Rslint
Standar - Modul NPM yang memeriksa masalah styleGuide JavaScript.
? TERN-Penganalisa kode JavaScript untuk dukungan bahasa lintas-editor yang dalam.
? Typl
7718 292? XO) - Pembungkus ESLINT yang memiliki pendapat tetapi dapat dikonfigurasi dengan banyak barang termasuk. Menegakkan kode yang ketat dan dapat dibaca.
27 4? ukuran)
750 30? Jet) - Sistem inferensi tipe statis untuk mendeteksi bug dan mengetik ketidakstabilan.
148 29? StaticLint) - Analisis Kode Statis untuk Julia
? DETEKT - Analisis kode statis untuk kode Kotlin.
? Diktat-Standar pengkodean yang ketat untuk Kotlin dan linter yang mendeteksi dan mencium bau kode otomatis.
? KTFMT - Suatu program yang memformat ulang kode sumber Kotlin untuk mematuhi standar komunitas umum untuk konvensi kode Kotlin. Plugin KTFMT IntelliJ tersedia dari repositori plugin. Untuk menginstalnya, buka pengaturan IDE Anda dan pilih kategori plugin. Klik tab Marketplace, cari plugin KTFMT, dan klik tombol Instal.
? KTLINT-Kotlin linter anti-bikeshedding dengan formatter bawaan.
372 57? LUACHECK) - Alat untuk analisis linting dan statis kode LUA.
85 19? LualInt)-LualInt melakukan analisis statis berbasis LUAC dari penggunaan variabel global dalam kode sumber LUA.
? Luanalisis
? DRNIM - DRNIM menggabungkan frontend NIM dengan mesin bukti Z3 untuk memungkinkan perangkat lunak memverifikasi / memvalidasi yang ditulis dalam NIM.
85 6? NIMFMT) - NIM Code Formatter / Linter / Style Checker
224 41? SYS) - Alat statis/simbolik untuk menemukan bug di kode (browser). Ini menggunakan LLVM AST untuk menemukan bug seperti akses memori yang tidak diinisialisasi.
376 66? VERIFAST)-Alat untuk verifikasi formal modular dari sifat kebenaran dari program C dan Java multithreaded dan multithreaded dianotasi dengan prasyarat dan postkondisi yang ditulis dalam logika pemisahan. Untuk mengekspresikan spesifikasi yang kaya, programmer dapat mendefinisikan tipe data induktif, fungsi murni rekursif primitif atas tipe data ini, dan predikat logika pemisahan abstrak.
? CakeFuzzer-Alat Pengujian Keamanan Aplikasi Web untuk aplikasi web berbasis CakhP. CakeFuzzer menggunakan serangkaian serangan yang telah ditentukan sebelumnya yang dimodifikasi secara acak sebelum dieksekusi. Memanfaatkan pemahamannya yang mendalam tentang kerangka kerja PHP kue, kue fuzzer meluncurkan serangan pada semua titik masuk aplikasi potensial.
1362 56? Churn-PHP)-Membantu menemukan kandidat yang baik untuk refactoring.
465 10? Composer-Dependency-Analyser)-Deteksi cepat masalah ketergantungan komposer.
530 26? Dephpend) - Alat Analisis Ketergantungan.
393 40? DETEKTOR DESPRECATION)-Menemukan penggunaan kode yang sudah usang (Symfony).
2678 134? DEPTRAC) - Menegakkan aturan untuk dependensi antar lapisan perangkat lunak.
114 14? DesignPatternDetector) - Deteksi pola desain dalam kode PHP.
? EasyCodingStandard - Campurkan 10696 1478? Php_codesniffer) dan 12941 1583? Php-cs-fixer).
? PENGETAHUAN - Alat analisis statis dan dinamis untuk aplikasi Laravel yang memberikan rekomendasi untuk meningkatkan kinerja, keamanan, dan keandalan kode aplikasi Laravel. Berisi 120 cek otomatis.
? EXAKAT - Mesin peninjau kode otomatis untuk PHP.
4161 437? Grumphp) - Memeriksa kode pada setiap komit.
5639 424? LARASTAN) - Menambahkan analisis statis ke Laravel meningkatkan produktivitas pengembang dan kualitas kode. Ini adalah pembungkus di sekitar Phpstan.
? Mondrian
? Nitpick CI © ️ - Tinjauan Kode PHP Otomatis.
293 22? Parallel-Lint)-Alat ini memeriksa sintaksis file PHP lebih cepat daripada cek serial dengan output yang lebih baik.
368 41? Parse) - Pemindai keamanan statis.
? PDEPEND - Menghitung metrik perangkat lunak seperti kompleksitas siklomatik untuk kode PHP.
? ?? Phan) - Penganalisa statis modern dari Etsy.
1100 45? PHP Architecture Tester) - Alat pengujian arsitektur yang mudah digunakan untuk PHP.
158 10? Asumsi PHP) - Memeriksa asumsi yang lemah.
? PHP Coding Standard Fixer-Memperbaiki kode Anda sesuai dengan standar seperti PSR-1, PSR-2, dan standar Symfony.
? PHP Insights - Pemeriksaan kualitas PHP instan dari konsol Anda. Analisis kualitas kode dan gaya pengkodean serta tinjauan umum arsitektur kode dan kompleksitasnya.
? Inspeksi PHP (EA Extended) - Penganalisa kode statis untuk PHP.
? PHP Refactoring Browser - Refactoring Helper.
430 28? Pemeriksa Versi Semantik PHP)
17109 1102? PHP-Parser)-Parser PHP yang ditulis dalam PHP.
68 22? PHP-Speller)-Perpustakaan Periksa Ejaan PHP.
190 44? PHP-Token-Reflection)
1524 121? php7cc)
797 92? php7mar)
? Php_codesniffer
761 41? Phparkitect) - Phparkitect membantu Anda menjaga basis kode PHP Anda tetap koheren dan solid, dengan mengizinkan untuk menambahkan beberapa pemeriksaan kendala arsitektur ke alur kerja Anda. Anda dapat mengungkapkan kendala yang ingin Anda tegaskan, dalam kode PHP yang sederhana dan dapat dibaca.
97 8? phpca)
2214 191? phpcpd)
415 47? phpdcd)
? PHPDependencyanalysis
366 38? PHPDeprecationDetector) - Penganalisis kode PHP untuk mencari masalah dengan fungsionalitas yang sudah usang dalam versi interpreter yang lebih baru. Ia menemukan objek yang dihapus (fungsi, variabel, konstanta, dan disriksi ini), fungsionalitas fungsi yang sudah usang, dan penggunaan nama atau trik terlarang (misalnya pengidentifikasi yang dicadangkan dalam versi yang lebih baru).
226 15? phpdoc-to-typehint)
? PHPDOCUMENT - Menganalisis kode sumber PHP untuk menghasilkan dokumentasi.
2336 165? PhPLOC) - Alat untuk dengan cepat mengukur ukuran dan menganalisis struktur proyek PHP.
? PHPMD - Menemukan kemungkinan bug dalam kode Anda.
PHPMetrics - Menghitung dan memvisualisasikan berbagai metrik kualitas kode.
560 46? phpmnd) - membantu mendeteksi angka ajaib.
? Phpqa
1231 67? PHPQA - Jakzal) - Banyak alat untuk analisis statis PHP dalam satu wadah.
327 29? PHPQA-JMOLIVAS)-PHPQA All-in-One Analyzer CLI Tool.
639 77? phpsa)
? PHPSTAN - Alat Analisis Statis PHP - Temukan bug di kode Anda tanpa menjalankannya!
333 61? Progpilot) - Alat analisis statis untuk tujuan keamanan.
? Mazmur - Alat analisis statis untuk menemukan kesalahan jenis dalam aplikasi PHP.
494 31? Qafoo Quality Analyzer)
? Rektor - Peningkatan instan dan refactoring otomatis dari kode PHP 5.3+ apa pun. Ini meningkatkan kode Anda untuk PHP 7.4, 8.0 dan seterusnya. Rektor menjanjikan tingkat positif palsu yang rendah karena mencari pola AST (sintaks abstrak) yang didefinisikan secara sempit. Kasus penggunaan utama adalah menangani utang teknis dalam kode warisan Anda dan menghapus kode mati. Rektor memberikan seperangkat aturan khusus untuk Symfony, Doktrin, Phpunit, dan banyak lagi.
119 51? Refleksi) - Perpustakaan Refleksi untuk melakukan analisis statis untuk proyek PHP
? Symfony Insight © ️ - Mendeteksi risiko keamanan, temukan bug dan berikan metrik yang dapat ditindaklanjuti untuk proyek PHP.
171 7? Tuli) - Mesin analisis statis.
118 32? Twig-lint)-Twig-Lint adalah alat serat untuk file ranting Anda.
? WAP - Alat untuk mendeteksi dan memperbaiki kerentanan validasi input dalam aplikasi web PHP (4.0 atau lebih tinggi) dan memprediksi positif palsu dengan menggabungkan analisis statis dan penambangan data.
? Perl :: Analyzer-Perl-Analyzer adalah serangkaian program dan modul yang memungkinkan pengguna untuk menganalisis dan memvisualisasikan basis kode Perl dengan memberikan informasi tentang ruang nama dan hubungan mereka, ketergantungan, warisan, dan metode yang diterapkan, diwariskan, dan didefinisikan ulang dalam paket, serta panggilan untuk metode dari paket orang tua melalui Super.
? Perl :: kritik-kritik kode sumber perl untuk praktik terbaik.
? Perltidy - Perltidy adalah skrip Perl yang mengindir dan memformat skrip Perl untuk membuatnya lebih mudah dibaca. Pemformatan dapat dikontrol dengan parameter baris perintah. Pengaturan parameter default kira -kira mengikuti saran dalam panduan gaya Perl. Selain memformat ulang skrip, Perltidy dapat sangat membantu dalam melacak kesalahan dengan kawat gigi yang hilang atau ekstra, tanda kurung, dan kurung persegi karena sangat baik dalam melokalisasi kesalahan.
47 10? ZARN) - Alat analisis keamanan statis ringan untuk aplikasi Perl modern
909 82? Autoflake) - Autoflake menghapus impor yang tidak digunakan dan variabel yang tidak digunakan dari kode Python.
? AUTOPEP8 - Alat yang secara otomatis memformat kode Python agar sesuai dengan panduan gaya PEP 8. Ini menggunakan utilitas pycodestyle untuk menentukan bagian mana dari kode yang perlu diformat.
? Bandit - Alat untuk menemukan masalah keamanan umum dalam kode Python.
265 14? BELLYBUTTON)-Mesin berbaris yang mendukung aturan khusus proyek khusus.
? Hitam - Formatter Kode Python tanpa kompromi.
? Bowler - Kode aman refactoring untuk Python modern. Bowler adalah alat refactoring untuk memanipulasi ular sanca di tingkat pohon sintaksis. Ini memungkinkan modifikasi kode skala besar yang aman sambil menjamin bahwa kode yang dihasilkan mengkompilasi dan berjalan. Ini menyediakan antarmuka baris perintah sederhana dan API yang lancar dalam python untuk menghasilkan modifikasi kode kompleks dalam kode.
26 10? Ciocheck)pep8 , pydocstyle , flake8 , dan pylint .
237 4? Cohesion) - Alat untuk mengukur kohesi kelas Python.
? Kesepakatan - Desain dengan kontrak untuk Python. Tulis kode bebas bug. Dengan menambahkan beberapa dekorator ke kode Anda, Anda mendapatkan tes gratis, analisis statis, verifikasi formal, dan banyak lagi.
163 15? DLINT) - Alat untuk memastikan kode Python aman.
121 18? Dodgy) - Dodgy adalah alat yang sangat mendasar untuk menjalankan basis kode Anda untuk mencari nilai yang terlihat "cerdik". Ini adalah serangkaian ekspresi reguler sederhana yang dirancang untuk mendeteksi hal -hal seperti checkin Diff SCM yang tidak disengaja, atau kata sandi atau kunci rahasia yang dikodekan ke dalam file.
13 2? Enre-py)
? FIXIT-Kerangka kerja untuk membuat aturan serat dan perbaikan otomatis yang sesuai untuk kode sumber.
3488 310? Flake8) - Pembungkus di sekitar pyflakes , pycodestyle dan mccabe .
? Flakeheaven - Flakeheaven adalah linter ular piton yang dibangun di sekitar Flake8 untuk memungkinkan konfigurasi toml yang dapat diwariskan dan kompleks.
? Griffe - Tanda tangan untuk seluruh program Python. Ekstrak struktur, bingkai, kerangka proyek Anda, untuk menghasilkan dokumentasi API atau temukan perubahan dalam API Anda.
80 3? Inspectortiger)
? Jedi - Perpustakaan Analisis Autocompletion/Statis untuk Python.
185 26? Linty Fresh) - Parse kesalahan serat dan laporkan ke Github sebagai komentar pada permintaan tarik.
? McCabe
28 6? multilint)flake8 , isort dan modernize .
Mypy - Pemeriksa tipe statis yang bertujuan untuk menggabungkan manfaat pengetikan bebek dan pengetikan statis, sering digunakan dengan 4809 176? MonkeyType).
1964 172? Prospector) - Pembungkus di sekitar pylint , pep8 , mccabe dan lainnya.
127 29? injeksi py-find)
? Pyanalyze - Alat untuk secara terprogram mendeteksi kesalahan umum dalam kode Python, seperti referensi ke variabel yang tidak ditentukan dan jenis kesalahan. Dapat diperluas untuk menambahkan aturan tambahan dan melakukan pemeriksaan khusus untuk fungsi tertentu.
? PyCodequal © ️ - PyCodequal memberi Anda wawasan tentang kompleksitas dan risiko bug. Ini menambahkan ulasan otomatis ke permintaan tarik Anda.
? Pycodestyle - (sebelumnya pep8 ) Periksa kode Python terhadap beberapa konvensi gaya di Pep 8.
Pydocstyle
? Pyflakes - Periksa file sumber Python untuk kesalahan.
Pylint - Mencari kesalahan pemrograman, membantu menegakkan standar pengkodean dan mengendus untuk beberapa kode bau. Selain itu termasuk pyreverse (generator diagram UML) dan symilar (pemeriksa kesamaan).
? Pylyzers - Penganalisa kode statis / server bahasa untuk Python, ditulis dalam karat, berfokus pada pemeriksaan jenis dan output yang dapat dibaca.
? PETRE-CHECK-Pemeriksa tipe yang cepat dan dapat diskalakan untuk basis kode python besar.
13613 1514? Pyright) - Pemeriksa tipe statis untuk python, dibuat untuk mengatasi celah dalam alat yang ada seperti mypy.
212 21? Pyroma)
? PYSA-Alat yang didasarkan pada pemeriksaan pyre Facebook untuk mengidentifikasi masalah keamanan potensial dalam kode Python yang diidentifikasi dengan analisis ternoda.
2181 244? PYT - Python Noda)
? PyType - Analisis tipe statis untuk kode Python.
? pyupgrade-alat (dan kait pra-komit) untuk secara otomatis meningkatkan sintaks untuk versi bahasa yang lebih baru.
111 23? Kode quantified)
? Radon - Alat Python yang menghitung berbagai metrik dari kode sumber.
2492 54? Refurb) - Alat untuk memperbarui dan memodernisasi basis kode Python. Refurb sangat terinspirasi oleh Clippy, linter bawaan untuk karat.
? Ruff - linter python cepat, ditulis dengan karat. 10-100x lebih cepat dari linter yang ada. Kompatibel dengan Python 3.10. Mendukung File Watcher.
? Unimport - linter, formatter untuk menemukan dan menghapus pernyataan impor yang tidak digunakan.
3579 156? vulture) — Find unused classes, functions and variables in Python code.
? wemake-python-styleguide — The strictest and most opinionated python linter ever.
1215 60? cerdik)
? xenon — Monitor code complexity using 1755 119? radon ).
13811 890? yapf) — A formatter for Python files created by Google YAPF follows a distinctive methodology, originating from the 'clang-format' tool created by Daniel Jasper. Essentially, the program reframes the code to the most suitable formatting that abides by the style guide, even if the original code already follows the style guide. This concept is similar to the Go programming language's 'gofmt' tool, which aims to put an end to debates about formatting by having the entire codebase of a project pass through YAPF whenever changes are made, thereby maintaining a consistent style throughout the project and eliminating the need to argue about style in every code review.
49 7? cyclocomp) — Quantifies the cyclomatic complexity of R functions / expressions.
? goodpractice — Analyses the source code for R packages and provides best-practice recommendations.
1206 186? lintr) — Static Code Analysis for R.
? styler — Formatting of R source code files and pretty-printing of R code.
269 37? Regal) — Regal is a linter for the policy language Rego. Regal aims to catch bugs and mistakes in policy code, while at the same time helping people learn the language, best practices and idiomatic constructs. ? brakeman — A static analysis security vulnerability scanner for Ruby on Rails applications.
2690 229? bundler-audit) — Audit Gemfile.lock for gems with security vulnerabilities reported in 1025 221? Ruby Advisory Database).
1314 75? tebu)
407 33? Churn) — A Project to give the churn file, class, and method for a project for a given checkin. Over time the tool adds up the history of churns to give the number of times a file, class, or method is changing during the life of a project.
737 86? dawnscanner) — A static analysis security scanner for ruby written web applications. Ini mendukung kerangka kerja Sinatra, Padrino dan Ruby di Rails.
682 123? ERB Lint) — Lint your ERB or HTML files
1810 75? Fasterer) — Common Ruby idioms checker.
? flay — Flay analyzes code for structural similarities.
? mencambuk
31 7? Fukuzatsu) — A tool for measuring code complexity in Ruby class files. Its analysis generates scores based on cyclomatic complexity algorithms with no added "opinions".
340 59? htmlbeautifier) — A normaliser/beautifier for HTML that also understands embedded Ruby. Ideal for tidying up Rails templates.
386 17? laser)
626 96? MetricFu)
439 17? pelusa) — Static analysis Lint-type tool to improve your OO Ruby code.
155 18? kualitas)
250 20? Querly)
? Pegawai kereta api
? rails_best_practices
4052 280? reek) — Code smell detector for Ruby.
277 37? Roodi)
? RuboCop — A Ruby static code analyzer, based on the community Ruby style guide.
641 29? Rubrowser) — Ruby classes interactive dependency graph generator.
ruby-lint
3368 225? rubycritic) — A Ruby code quality reporter.
901 56? rufo) — An opinionated ruby formatter, intended to be used via the command line as a text-editor plugin, to autoformat files on save or on demand.
? Saikuro
? SandiMeter
? Sorbet — A fast, powerful type checker designed for Ruby.
2749 213? Standard Ruby) — Ruby Style Guide, with linter & automatic code fixer
1378 90? Steep) — Gradual Typing for Ruby.
? C2Rust — C2Rust helps you migrate C99-compliant code to Rust. The translator (or transpiler) produces unsafe Rust code that closely mirrors the input C code.
1784 46? cargo udeps) — Find unused dependencies in Cargo.toml. It either prints out a "unused crates" line listing the crates, or it prints out a line saying that no crates were unused.
? cargo-audit — Audit Cargo.lock for crates with security vulnerabilities reported to the ? ?? RustSec Advisory Database).
2398 51? cargo-bloat) — Find out what takes most of the space in your executable. supports ELF (Linux, BSD), Mach-O (macOS) and PE (Windows) binaries.
112 7? cargo-breaking) — cargo-breaking compares a crate's public API between two different branches, shows what changed, and suggests the next version according to semver.
586 52? cargo-call-stack) — Whole program static stack analysis The tool produces the full call graph of a program as a dot file.
? cargo-deny — A cargo plugin for linting your dependencies. It can be used either as a command line too, a Rust crate, or a Github action for CI. It checks for valid license information, duplicate crates, security vulnerabilities, and more.
2723 67? cargo-expand) — Cargo subcommand to show result of macro expansion and #[derive] expansion applied to the current crate. This is a wrapper around a more verbose compiler command.
1417 67? cargo-geiger) — A cargo plugin for analysing the usage of unsafe Rust code Provides statistical output to aid security auditing
380 13? cargo-inspect)
? cargo-semver-checks — Scan your Rust crate releases for semver violations. It can be used either directly via the CLI, as a GitHub Action in CI, or via release managers like release-plz . It found semver violations in ? more than 1 in 6 of the top 1000 most-downloaded crates on crates.io.
728 37? cargo-show-asm) — cargo subcommand showing the assembly, LLVM-IR and MIR generated for Rust code
332 35? cargo-spellcheck) — Checks all your documentation for spelling and grammar mistakes with hunspell (ready) and languagetool (preview)
252 9? cargo-unused-features)
? clippy — A code linter to catch common mistakes and improve your Rust code.
? diff.rs — Web application (WASM) to render a diff between Rust crate versions.
? dylint — A tool for running Rust lints from dynamic libraries. Dylint makes it easy for developers to maintain their own personal lint collections.
? elektrolisa
174 5? herbie)
2300 97? kani) — The Kani Rust Verifier is a bit-precise model checker for Rust. Kani is particularly useful for verifying unsafe code blocks in Rust, where the "unsafe superpowers" are unchecked by the compiler. Kani verifies:
40 22? linter-rust)
486 29? lockbud) — Statically detects Rust deadlocks bugs. It currently detects two common kinds of deadlock bugs: doublelock and locks in conflicting order. It will print bugs in JSON format together with the source code location and an explanation of each bug.
1002 86? MIRAI) — And abstract interpreter operating on Rust's mid-level intermediate language, and providing warnings based on taint analysis.
132 4? prae)
? Prusti — A static verifier for Rust, based on the Viper verification infrastructure. By default Prusti verifies absence of panics by proving that statements such as unreachable!() and panic!() are unreachable.
1323 45? Rudra) — Rust Memory Safety & Undefined Behavior Detection. It is capable of analyzing single Rust packages as well as all the packages on crates.io.
3510 256? Rust Language Server)
? rust-analyzer — Supports functionality such as 'goto definition', type inference, symbol search, reformatting, and code completion, and enables renaming and refactorings.
688 30? rust-audit) — Audit Rust binaries for known bugs or security vulnerabilities. This works by embedding data about the dependency tree (Cargo.lock) in JSON format into a dedicated linker section of the compiled executable.
853 62? rustfix) — Read and apply the suggestions made by rustc (and third-party lints, like those offered by clippy).
6104 898? rustfmt) — A tool for formatting Rust code according to style guidelines.
2729 72? RustViz) — RustViz is a tool that generates visualizations from simple Rust programs to assist users in better understanding the Rust Lifetime and Borrowing mechanism. It generates SVG files with graphical indicators that integrate with mdbook to render visualizations of data-flow in Rust programs.
94 4? warnalyzer) — Show unused code from multi-crate Rust projects
173 2? dbcritic) — dbcritic finds problems in a database schema, such as a missing primary key constraint in a table.
? holistic — More than 1,300 rules to analyze SQL queries. Takes an SQL schema definition and the query source code to generate improvement recommendations. Detects code smells, unused indexes, unused tables, views, materialized views, and more.
81 8? pgspot) — Spot vulnerabilities in postgres extension scripts. Finds unsafe search_path usage and unsafe object creation in PostgreSQL extension scripts or any other PostgreSQL SQL code.
181 14? sleek) — Sleek is a CLI tool for formatting SQL. It helps you maintain a consistent style across your SQL code, enhancing readability and productivity. The heavy lifting is done by the sqlformat crate.
2437 120? sqlcheck) — Automatically identify anti-patterns in SQL queries.
? SQLFluff — Multiple dialect SQL linter and formatter.
420 27? sqlint) — Simple SQL linter.
? squawk — Linter for PostgreSQL, focused on migrations. Prevents unexpected downtime caused by database migrations and encourages best practices around Postgres schemas and SQL.
214 74? tsqllint) — T-SQL-specific linter.
29 8? TSqlRules)
? Visual Expert ©️ — Code analysis for PowerBuilder, Oracle, and SQL Server Explores, analyzes, and documents Code
268 34? linter)
Scalastyle — Scalastyle examines your Scala code and indicates potential problems with it.
534 92? scapegoat) — Scala compiler plugin for static code analysis.
? WartRemover — A flexible Scala code linting tool.
348 22? bashate) — Code style enforcement for bash programs. The output format aims to follow pycodestyle (pep8) default output format.
62 17? i-Code CNES for Shell) — An open source static code analysis tool for Shell and Fortran (77 and 90).
17 0? kmdr) — CLI tool for learning commands from your terminal. kmdr delivers a break down of commands with every attribute explained.
? sh — A shell parser, formatter, and interpreter with bash support; includes shfmt
? shellcheck — ShellCheck, a static analysis tool that gives warnings and suggestions for bash/sh shell scripts.
4640 130? shellharden) — A syntax highlighter and a tool to semi-automate the rewriting of scripts to ShellCheck conformance, mainly focused on quoting.
8001 638? SwiftFormat) — A library and command-line formatting tool for reformatting Swift code.
? SwiftLint — A tool to enforce Swift style and conventions.
? Menyesuaikan
Frink — A Tcl formatting and static check program (can prettify the program, minimise, obfuscate or just sanity check it).
? Nagelfar — A static syntax checker for Tcl.
69 36? tclchecker) — A static syntax analysis module (as part of 69 36? TDK)).
1666 230? Angular ESLint) — Linter for Angular projects
Codelyzer
9 5? ENRE-ts) — ENRE (ENtity Relationship Extractor) is a tool for extraction of code entity dependencies or relationships from source code. ENRE-ts is a ENtity Relationship Extractor for ECMAScript and TypeScript based on @babel/parser.
? fta — Rust-based static analysis for TypeScript projects
? stc
? tslint? ?? this issue) for more details. typescript-eslint is now your best option for linting TypeScript. TSLint is an extensible static analysis tool that checks TypeScript code for readability, maintainability, and functionality errors. It is widely supported across modern editors & build systems and can be customized with your own lint rules, configurations, and formatters.
? tslint-clean-code — A set of TSLint rules inspired by the Clean Code handbook.
701 198? tslint-microsoft-contrib)
240 20? TypeScript Call Graph) — CLI to generate an interactive graph of functions and calls from your TypeScript files
15391 2750? TypeScript ESLint) — TypeScript language extension for eslint.
? zod — TypeScript-first schema validation with static type inference. The goal is to eliminate duplicative type declarations. With Zod, you declare a validator once and Zod will automatically infer the static TypeScript type. It is easy to compose simpler types into complex data structures.
2894 534? Icarus Verilog) — A Verilog simulation and synthesis tool that operates by compiling source code written in IEEE-1364 Verilog into some target format
478 31? svls) — A Language Server Protocol implementation for Verilog and SystemVerilog, including lint capabilities.
29 13? verible-linter-action) — Automatic SystemVerilog linting in github actions with the help of Verible Used to lint Verilog and SystemVerilog source files and comment erroneous lines of code in Pull Requests automatically.
? Verilator — A tool which converts Verilog to a cycle-accurate behavioral model in C++ or SystemC. Performs lint code-quality checks.
302 79? vscode-verilog-hdl-support) — Verilog HDL/SystemVerilog/Bluespec SystemVerilog support for VS Code. Provides syntax highlighting and Linting support from Icarus Verilog, Vivado Logical Simulation, Modelsim and Verilator
704 33? vint) 13612 1441? ale) — Asynchronous Lint Engine for Vim and NeoVim with support for many languages.
? Android Studio — Based on IntelliJ IDEA, and comes bundled with tools for Android including Android Lint.
? AppChecker ©️ — Static analysis for C/C++/C#, PHP and Java.
? Application Inspector ©️ — Commercial Static Code Analysis which generates exploits to verify vulnerabilities.
4263 357? ApplicationInspector) — Creates reports of over 400 rule patterns for feature detection (eg the use of cryptography or version control in apps).
? ArchUnit — Unit test your Java or Kotlin architecture.
? Atom-Beautify
? autocorrect — A linter and formatter to help you to improve copywriting, correct spaces, words, punctuations between CJK (Chinese, Japanese, Korean).
? Axivion Bauhaus Suite ©️ — Tracks down error-prone code locations, style violations, cloned or dead code, cyclic dependencies and more for C/C++, C#/.NET, Java and Ada 83/Ada 95.
2120 113? Bearer) — Open-Source static code analysis tool to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). Highly configurable and easily extensible, built for security and engineering teams.
? Better Code Hub ©️ — Better Code Hub checks your GitHub codebase against 10 engineering guidelines devised by the authority in software quality, Software Improvement Group.
832 96? Betterscan CE) — Checks your code and infra (various Git repositories supported, cloud stacks, CLI, Web Interface platform, integrationss available) for security and quality issues. Code Scanning/SAST/Linting using many tools/Scanners deduplicated with One Report (AI optional).
? biome — A toolchain for web projects, aimed to provide functionalities to maintain them. Biome formats and lints code in a fraction of a second. It is the successor to Rome. It is designed to eventually replace Biome is designed to eventually replace Babel, ESLint, webpack, Prettier, Jest, and others.
? BugProve ©️ — BugProve is a firmware analysis platform featuring both static and dynamic analysis techniques to discover memory corruptions, command injections and other classes or common weaknesses in binary code. It also detects vulnerable dependencies, weak cryptographic parameters, misconfigurations, and more.
254 28? callGraph) — Statically generates a call graph image and displays it on screen.
? CAST Highlight ©️ — Commercial Static Code Analysis which runs locally, but uploads the results to its cloud for presentation.
? Checkmarx CxSAST ©️ — Commercial Static Code Analysis which doesn't require pre-compilation.
2783 290? ClassGraph) — A classpath and module path scanner for querying or visualizing class metadata or class relatedness.
? Clayton ©️ — AI-powered code reviews for Salesforce. Secure your developments, enforce best practice and control your technical debt in real-time.
? coala
? Cobra ©️ — Structural source code analyzer by NASA's Jet Propulsion Laboratory.
? Codacy ©️ — Code Analysis to ship Better Code, Faster.
? Code Intelligence ©️ — CI/CD-agnostic DevSecOps platform which combines industry-leading fuzzing engines for finding bugs and visualizing code coverage
? Codeac ©️ — Automated code review tool integrates with GitHub, Bitbucket and GitLab (even self-hosted). Available for JavaScript, TypeScript, Python, Ruby, Go, PHP, Java, Docker, and more. (open-source free)
? codeburner — Provides a unified interface to sort and act on the issues it finds.
? codechecker — A defect database and viewer extension for the Clang Static Analyzer with web GUI.
? CodeFactor ©️ — Automated Code Analysis for repos on GitHub or BitBucket.
? CodeFlow ©️ — Automated code analysis tool to deal with technical depth. Integrates with Bitbucket and Gitlab. (free for Open Source Projects)
? CodeIt.Right ©️ — CodeIt.Right™ provides a fast, automated way to ensure that your source code adheres to (your) predefined design and style guidelines as well as best coding practices.
? Codemodder — Codemodder is a pluggable framework for building expressive codemods. Use Codemodder when you need more than a linter or code formatting tool. Use it to fix non-trivial security issues and other code quality problems.
? CodePatrol ©️ — Automated SAST code reviews driven by security, supports 15+ languages and includes security training.
7855 1576? codeql) — Deep code analysis - semantic queries and dataflow for several languages with VSCode plugin support.
? CodeQue — Ecosystem for structural matching JavaScript and TypeScript code. Offers search tool that understands code structure. Available as CLI tool and Visual Studio Code extension. It helps to search code faster and more accurately making you workflow more effective. Soon it will offer ESLint plugin to create your own rules in minutes to help with assuring codebase quality.
? CodeRush ©️ — Code creation, debugging, navigation, refactoring, analysis and visualization tools that use the Roslyn engine in Visual Studio 2015 and up.
? CodeScan ©️ — Code Quality and Security for Salesforce Developers. Made exclusively for the Salesforce platform, CodeScan's code analysis solutions provide you with total visibility into your code health.
? CodeScene ©️ — CodeScene is a quality visualization tool for software. Prioritize technical debt, detect delivery risks, and measure organizational aspects. Sepenuhnya otomatis.
? CodeSee ©️ — CodeSee is mapping and automating your app's services, directories, file dependencies, and code changes. It's like Google Map, but for code.t
? CodeSonar from GrammaTech ©️ — Advanced, whole program, deep path, static analysis of C, C++, Java and C# with easy-to-understand explanations and code and path visualization.
? Codety ©️ — Codety Scanner is a comprehensive source code scanner that embeds 5000+ static code analysis rules, which aim to detect code issues for 20+ programming languages and IaC tools.
? Codiga ©️ — Automated Code Reviews and Technical Debt management platform that supports 12+ languages.
2164 116? Merusak)
? Coverity ©️ — Synopsys Coverity supports 20 languages and over 70 frameworks including Ruby on rails, Scala, PHP, Python, JavaScript, TypeScript, Java, Fortran, C, C++, C#, VB.NET.
? cpp-linter-action — A Github Action for linting C/C++ code integrating clang-tidy and clang-format to collect feedback provided in the form of thread comments and/or annotations.
323 17? cqc)
? DeepCode
? DeepSource ©️ — In-depth static analysis to find issues in verticals of bug risks, security, anti-patterns, performance, documentation and style. Native integrations with GitHub, GitLab and Bitbucket. Less than 5% false positives.
201 55? Depends) — Analyses the comprehensive dependencies of code elements for Java, C/C++, Ruby.
? DerScanner ©️ — Multi-language Static Application Security Testing (SAST) platform that detects critical vulnerabilities, including hardcoded secrets, weak cryptography, backdoors, SQL injections, insecure configurations, etc.
921 114? DevSkim) — Regex-based static analysis tool for Visual Studio, VS Code, and Sublime Text - C/C++, C#, PHP, ASP, Python, Ruby, Java, and others.
1936 172? dotenet-format) — A code formatter for .NET. Preferences will be read from an .editorconfig file, if present, otherwise a default set of preferences will be used. At this time dotnet-format is able to format C# and Visual Basic projects with a subset of supported .editorconfig options.
? Embold ©️ — Intelligent software analytics platform that identifies design issues, code issues, duplication and metrics. Supports Java, C, C++, C#, JavaScript, TypeScript, Python, Go, Kotlin and more.
846 48? emerge) — Emerge is a source code and dependency visualizer that can be used to gather insights about source code structure, metrics, dependencies and complexity of software projects. After scanning the source code of a project it provides you an interactive web interface to explore and analyze your project by using graph structures.
25359 4594? ESLint) — An extensible linter for JS, following the ECMAScript standard.
? ezno — A JavaScript compiler and TypeScript checker written in Rust with a focus on static analysis and runtime performance. Ezno's type checker is built from scratch. The checker is fully compatible with TypeScript type annotations and can work without any type annotations at all.
? Find Security Bugs — The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
? Fortify ©️ — A commercial static analysis platform that supports the scanning of C/C++, C#, VB.NET, VB6, ABAP/BSP, ActionScript, Apex, ASP.NET, Classic ASP, VB Script, Cobol, ColdFusion, HTML, Java, JS, JSP, MXML/Flex, Objective-C, PHP, PL/SQL, T-SQL, Python (2.6, 2.7), Ruby (1.9.3), Swift, Scala, VB, and XML.
? Freeplane Code Explorer — The Code Explorer mode in Freeplane is designed for analyzing the structure and dependencies of code compiled to JVM class files. It also allows displaying ArchUnit test results directly in Freeplane, if Freeplane is running and ArchUnit detects rule violations during the tests.
? Goodcheck — Regexp based customizable linter.
52 3? goone)
graudit — Grep rough audit - source code auditing tool.
? HCL AppScan Source ©️ — Commercial Static Code Analysis.
57 11? Hopper)
? Hound CI
223 42? imhotep)
77 28? include-gardener)#include relations of a given set of files.
? Infer — A static analyzer for Java, C and Objective-C
? Kiuwan ©️ — Identify and remediate cyber threats in a blazingly fast, collaborative environment, with seamless integration in your SDLC. Python, CC++, Java, C#, PHP and more.
? Klocwork ©️ — Quality and Security Static analysis for C/C++, Java and C#.
? LGTM ©️ — Find security vulnerabilities, variants, and critical code quality issues using CodeQL queries over source code. Automatic PR code review; free for open source. Formerly semmle. It supports public Git repositories hosted on Bitbucket Cloud, GitHub.com, GitLab.com.
1878 252? lizard) — Lizard is an extensible Cyclomatic Complexity Analyzer for many programming languages including C/C++ (doesn't require all the header files or Java imports). It also does copy-paste detection (code clone detection/code duplicate detection) and many other forms of static code analysis. Counts lines of code without comments, CCN (cyclomatic complexity number), token count of functions, parameter count of functions.
? Mega-Linter — Mega-Linter can handle any type of project thanks to its 70+ embedded Linters, its advanced reporting, runnable on any CI system or locally, with assisted installation and configuration, able to apply formatting and fixes
? Mobb ©️ — Mobb is a trusted, automatic vulnerability fixer that secures applications, reduces security backlogs, and frees developers to focus on innovation. Mobb is free for open-source projects.
? MOPSA — A static analyzer designed to easily reuse abstract domains across widely different languages (such as C and Python).
oclint — A static source code analysis tool to improve quality and reduce defects for C, C++ and Objective-C.
? Offensive 360 ©️ — Commercial Static Code Analysis system doesn't require building the source code or pre-compilation.
? OpenRewrite — OpenRewrite ? fixes common static analysis issues reported through Sonar and other tools using a Maven and Gradle plugin or the Moderne CLI.
44 16? OpenStaticAnalyzer) — OpenStaticAnalyzer is a source code analyzer tool, which can perform deep static analysis of the source code of complex systems.
12888 472? oxc) — The Oxidation Compiler is creating a suite of high-performance tools for the JavaScript / TypeScript language re-written in Rust.
? parasoft ©️ — Automated Software Testing Solutions for unit-, API-, and web UI testing. Complies with MISRA, OWASP, and others.
? ?? pfff)
? Pixee ©️ — Pixeebot finds security and code quality issues in your code and creates merge-ready pull requests with recommended fixes.
? PMD — A source code analyzer for Java, Salesforce Apex, Javascript, PLSQL, XML, XSL and others.
? pre-commit — A framework for managing and maintaining multi-language pre-commit hooks.
? Precaution — Precaution is a static analysis security tool (SAST) designed to find potentially critical vulnerabilities in source code prior to production. It is available as a CLI, GitHub Action, and GitHub App.
? Prettier — An opinionated code formatter.
2628 246? Pronto) — Quick automated code review of your changes. Supports more than 40 runners for various languages, including Clang, Elixir, JavaScript, PHP, Ruby and more.
60 12? PT.PM)
715 40? Putout) — Pluggable and configurable code transformer with built-in eslint, babel plugins support for js, jsx typescript, flow, markdown, yaml and json.
? PVS-Studio ©️ — A ? conditionally free for FOSS and individual developers) static analysis of C, C++, C# and Java code. For advertising purposes 29 41? you can propose a large FOSS project for analysis by PVS employees). Supports CWE mapping, OWASP ASVS, MISRA, AUTOSAR and SEI CERT coding standards.
? pylama — Code audit tool for Python and JavaScript. Wraps pycodestyle, pydocstyle, PyFlakes, Mccabe, Pylint, and more
? Qwiet AI ©️ — Identify vulnerabilities that are unique to your code base before they reach production. Leverages the Code Property Graph (CPG) to run its analyses concurrently in a single graph of graphs. Automatically finds business logic flaws in dev like hardcoded secrets and logic bombs
? Refactoring Essentials — The free Visual Studio 2015 extension for C# and VB.NET refactorings, including code best practice analyzers.
59 12? relint) — A static file linter that allows you to write custom rules using regular expressions (RegEx).
? ReSharper ©️ — Extends Visual Studio with on-the-fly code inspections for C#, VB.NET, ASP.NET, JavaScript, TypeScript and other technologies.
? RIPS ©️ — A static source code analyser for vulnerabilities in PHP scripts.
1600 466? Roslyn Analyzers) — Roslyn-based implementation of FxCop analyzers.
? Roslyn Security Guard — Project that focuses on the identification of potential vulnerabilities such as SQL injection, cross-site scripting (XSS), CSRF, cryptography weaknesses, hardcoded passwords and many more.
? SafeQL — Validate and auto-generate TypeScript types from raw SQL queries in PostgreSQL. SafeQL is an ESLint plugin for writing SQL queries in a type-safe way.
? SAST Online ©️ — Check the Android Source code thoroughly to uncover and address potential security concerns and vulnerabilities. Static application security testing (Static Code Analysis) tool Online
? Scrutinizer ©️ — A proprietary code quality checker that can be integrated with GitHub.
? Security Code Scan — Security code analyzer for C# and VB.NET. Detects various security vulnerability patterns: SQLi, XSS, CSRF, XXE, Open Redirect, etc. Integrates into Visual Studio 2015 and newer. Detects various security vulnerability patterns: SQLi, XSS, CSRF, XXE, Open Redirect, etc.
? Semgrep — A fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. Its rules look like the code you already write; no abstract syntax trees or regex wrestling. Supports 17+ languages.
? Semgrep Supply Chain ©️ — Quickly find and remediate high-priority security issues. Semgrep Supply Chain prioritizes the 2% of vulnerabilities that are reachable from your code.
815 113? ShiftLeft Scan) — Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines.
270 35? rapi)
? Sigrid ©️ — Sigrid helps you to improve your software by measuring your system's code quality, and then compares the results against a benchmark of thousands of industry systems to give you concrete advice on areas where you can improve.
? Similarity Tester — A tool that finds similarities between or within files to support you encountering DRY principle violations.
? Snyk Code ©️ — Snyk Code finds security vulnerabilities based on AI. Its speed of analysis allow us to analyse your code in real time and deliver results when you hit the save button in your IDE. Supported languages are Java, JavaScript, Python, PHP, C#, Go and TypeScript. Integrations with GitHub, BitBucket and Gitlab. It is free to try and part of the Snyk platform also covering SCA, containers and IaC.
? SonarQube Cloud ©️ — SonarQube Cloud enables your team to deliver clean code consistently and efficiently with a code review tool that easily integrates into the cloud DevOps platforms and extend your CI/CD workflow. SonarQube Cloud provides a free plan.
? SonarQube for IDE — SonarQube for IDE (formerly SonarLint) is a free IDE extension available for IntelliJ, VS Code, Visual Studio, and Eclipse, to find and fix coding issues in real-time, flagging issues as you code, just like a spell-checker. More than a linter, it also delivers rich contextual guidance to help developers understand why there is an issue, assess the risk, and educate them on how to fix it.
? SonarQube Server — SonarQube empowers development teams with a code quality and security solution that deeply integrates into your enterprise environment; enabling you to deploy clean code consistently and reliably. SonarQube provides a free and open source Community Build.
? Sonatype ©️ — Reports known vulnerabilities in common dependencies and recommends updated packages to minimize breaking changes
? Soto Platform ©️ — Suite of static analysis tools consisting of the three components Sotoarc (Architecture Analysis), Sotograph (Quality Analysis), and Sotoreport (Quality report). Helps find differences between architecture and implementation, interface violations (eg external access of private parts of subsystems, detection of all classes, files, packages and subsystems which are strongly coupled by cyclical relationships and more. The Sotograph product family runs on Windows and Linux.
? SourceMeter ©️ — Static Code Analysis for C/C++, Java, C#, Python, and RPG III and RPG IV versions (including free-form).
493 25? sqlvet) — Performs static analysis on raw SQL queries in your Go code base to surface potential runtime errors. It checks for SQL syntax error, identifies unsafe queries that could potentially lead to SQL injections makes sure column count matches value count in INSERT statements and validates table- and column names.
? StaticReviewer ©️ — Static Reviewer executes code checks according to the most relevant Secure Coding Standards, OWASP, CWE, CVE, CVSS, MISRA, CERT, for 40+ programming languages, using 1000+ built-in validation rules for Security, Deadcode & Best Practices Available a module for Software Composition Analysis (SCA) to find vulnerabilities in open source and third party libraries.
113 17? Super-Linter) — Combination of multiple linters to install as a GitHub Action.
? Svace ©️ — Static code analysis tool for Java,C,C++,C#,Go.
? Synopsys ©️ — A commercial static analysis platform that allows for scanning of multiple languages (C/C++, Android, C#, Java, JS, PHP, Python, Node.JS, Ruby, Fortran, and Swift).
? Teamscale ©️ — Static and dynamic analysis tool supporting more than 25 languages and direct IDE integration. Free hosting for Open Source projects available on request. Free academic licenses available.
? TencentCodeAnalysis — Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It integrates of a number of self-developed tools, and also supports dynamic integration of code analysis tools in various programming languages.
4873 592? ThreatMapper) — Vulnerability Scanner and Risk Evaluation for containers, serverless and hosts at runtime. ThreatMapper generates runtime BOMs from dependencies and operating system packages, matches against multiple threat feeds, scans for unprotected secrets, and scores issues based on severity and risk-of-exploit.
429 42? todocheck) — Linter for integrating annotated TODOs with your issue trackers
24121 2379? trivy) — A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Checks containers and filesystems.
? trunk ©️ — Modern repositories include many technologies, each with its own set of linters. With 30+ linters and counting, Trunk makes it dead-simple to identify, install, configure, and run the right linters, static analyzers, and formatters for all your repos.
2015 594? TscanCode) — A fast and accurate static analysis solution for C/C++, C#, Lua codes provided by Tencent. Using GPLv3 license.
1633 64? Undebt) — Language-independent tool for massive, automatic, programmable refactoring based on simple pattern definitions.
? Understand ©️ — Code visualization tool that provides code analysis, standards testing, metrics, graphing, dependency analysis and more for Ada, VHDL, and others.
? Unibeautify — Universal code beautifier with a GitHub app. Supports HTML, CSS, JavaScript, TypeScript, JSX, Vue, C++, Go, Objective-C, Java, Python, PHP, GraphQL, Markdown, and more.
? Upsource ©️ — Code review tool with static code analysis and code-aware navigation for Java, PHP, JavaScript and Kotlin.
? Veracode ©️ — Find flaws in binaries and bytecode without requiring source. Support all major programming languages: Java, .NET, JavaScript, Swift, Objective-C, C, C++ and more.
769 225? WALA) — Static analysis capabilities for Java bytecode and related languages and for JavaScript.
2354 131? weggli) — A fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.
? WhiteHat Application Security Platform ©️ — WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10.
281 23? Wotan)
? XCode ©️ — XCode provides a pretty decent UI for ? Clang's static code analyzer (C/C++, Obj-C).
? kics — Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible
? Steampunk Spotter ©️ — Ansible Playbook Scanning Tool that analyzes and offers recommendations for your playbooks.
21 4? alquitran) — Inspects tar archives and tries to spot portability issues in regard to POSIX 2017 pax specification and common tar implementations. This project is intended to be used by maintainers of projects who want to offer portable source code archives for as many systems as possible. Checking tar archives with alquitran before publishing them should help spotting issues before they reach distributors and users.
? packj — Packj (pronounced package) is a command line (CLI) tool to vet open-source software packages for "risky" attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports.
238 7? murni)
7659 1088? angr) — Binary code analysis tool that also supports symbolic execution.
508 56? binbloom) — Analyzes a raw binary firmware and determines features like endianness or the loading address. The tool is compatible with all architectures. Loading address: binbloom can parse a raw binary firmware and determine its loading address. Endianness: binbloom can use heuristics to determine the endianness of a firmware. UDS Database: binbloom can parse a raw binary firmware and check if it contains an array containing UDS command IDs.
785 156? BinSkim) — A binary static analysis tool that provides security and correctness results for Windows portable executables.
? Black Duck ©️ — Tool to analyze source code and binaries for reusable code, necessary licenses and potential security aspects.
4831 348? bloaty) — Ever wondered what's making your binary big? Bloaty McBloatface will show you a size profile of the binary so you can understand what's taking up space inside. Bloaty performs a deep analysis of the binary. Using custom ELF, DWARF, and Mach-O parsers, Bloaty aims to accurately attribute every byte of the binary to the symbol or compileunit that produced it. It will even disassemble the binary looking for references to anonymous data. F
2398 51? cargo-bloat) — Find out what takes most of the space in your executable. supports ELF (Linux, BSD), Mach-O (macOS) and PE (Windows) binaries.
1164 122? cwe_checker) — cwe_checker finds vulnerable patterns in binary executables.
? Ghidra — A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission
? Hopper ©️ — macOS and Linux reverse engineering tool that lets you disassemble, decompile and debug applications. Hopper displays the code using different representations, eg the Control Flow Graph, and the pseudo-code of a procedure. Supports Apple Silicon.
? IDA Free ©️ — Binary code analysis tool.
158 24? Jakstab) — Jakstab is an Abstract Interpretation-based, integrated disassembly and static analysis framework for designing analyses on executables and recovering reliable control flow graphs.
? JEB Decompiler ©️ — Decompile and debug binary code. Break down and analyze document files. Android Dalvik, MIPS, ARM, Intel x86, Java, WebAssembly & Ethereum Decompilers.
? ktool — Fully cross-platform toolkit and library for MachO+Obj-C editing/analysis. Includes a cli kit, a curses GUI, ObjC header dumping, and much more.
1025 161? Manalyze) — A static analyzer, which checks portable executables for malicious content.
2670 341? mcsema)
533 80? Nauz File Detector) — Static Linker/Compiler/Tool detector for Windows, Linux and MacOS.
688 30? rust-audit) — Audit Rust binaries for known bugs or security vulnerabilities. This works by embedding data about the dependency tree (Cargo.lock) in JSON format into a dedicated linker section of the compiled executable.
? Twiggy — Analyzes a binary's call graph to profile code size. The goal is to slim down wasm binary size.
367 42? VMware chap) — chap analyzes un-instrumented ELF core files for leaks, memory growth, and corruption. It is sufficiently reliable that it can be used in automation to catch leaks before they are committed. As an interactive tool, it helps explain memory growth, can identify some forms of corruption, and supplements a debugger by giving the status of various memory locations.
? zydis — Fast and lightweight x86/x86-64 disassembler library
1048 45? checkmake)
? portlint — A verifier for FreeBSD and DragonFlyBSD port directories.
? CSS Stats — Potentially interesting stats on stylesheets.
3291 458? CSScomb) — A coding style formatter for CSS. Supports own configurations to make style sheets beautiful and consistent.
CSSLint — Does basic syntax checking and finds problematic patterns or signs of inefficiency.
? GraphMyCSS.com — CSS Specificity Graph Generator.
? Nu Html Checker — Helps you catch problems in your HTML/CSS/SVG
2471 72? Parker)
? PostCSS — A tool for transforming styles with JS plugins. These plugins can lint your CSS, support variables and mixins, transpile future CSS syntax, inline images, and more.
? Project Wallace CSS Analyzer — Analytics for CSS, part of ? Project Wallace.
1767 529? sass-lint)
3659 465? scsslint) — Linter for SCSS files.
? Specificity Graph — CSS Specificity Graph Generator.
Stylelint — Linter for SCSS/CSS files.
? dotenv-linter — Linting dotenv files like a charm.
? dotenv-linter (Rust) — Lightning-fast linter for .env files. Written in Rust
8300 397? gixy) — A tool to analyze Nginx configuration. The main goal is to prevent misconfiguration and automate flaw detection.
? ansible-lint — Checks playbooks for practices and behaviour that could potentially be improved.
1308 183? AWS CloudFormation Guard) — Check local CloudFormation templates against policy-as-code rules and generate rules from existing templates.
? AzSK — Secure DevOps kit for Azure (AzSK) provides security IntelliSense, Security Verification Tests (SVTs), CICD scan vulnerabilities, compliance issues, and infrastructure misconfiguration in your infrastructure-as-code. Supports Azure via ARM.
2470 597? cfn-lint) — AWS Labs CloudFormation linter.
1258 211? cfn_nag) — A linter for AWS CloudFormation templates.
? checkov — Static analysis tool for Terraform files (tf>=v0.12), preventing cloud misconfigs at build time.
? cookstyle — Cookstyle is a linting tool based on the RuboCop Ruby linting tool for Chef cookbooks.
foodcritic — A lint tool that checks Chef cookbooks for common problems.
? kics — Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible
31 25? metadata-json-lint) — Tool to check the validity of Puppet metadata.json files.
818 205? Puppet Lint)
? Steampunk Spotter ©️ — Ansible Playbook Scanning Tool that analyzes and offers recommendations for your playbooks.
? terraform-compliance — A lightweight, compliance- and security focused, BDD test framework against Terraform.
4786 507? terrascan) — Collection of security and best practice tests for static code analysis of Terraform templates.
5017 358? tflint) — A Terraform linter for detecting errors that can not be detected by terraform plan .
6739 541? tfsec) — Terraform static analysis tool that prevents potential security issues by checking cloud misconfigurations at build time and directly integrates with the HCL parser for better results. Checks for violations of AWS, Azure and GCP security best practice recommendations.
? anchore — Discover, analyze, and certify container images. A service that analyzes Docker images and applies user-defined acceptance policies to allow automated container image validation and certification
10425 1167? clair) — Vulnerability Static Analysis for Containers.
290 23? pengumpul)
1163 164? dagda)
79 5? Docker Label Inspector)
? GitGuardian ggshield — ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase.
10559 422? Haskell Dockerfile Linter) — A smarter Dockerfile linter that helps you build best practice Docker images.
? kics — Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible
687 34? krane) — Krane is a simple Kubernetes RBAC static analysis tool. Ini mengidentifikasi potensi risiko keamanan dalam desain K8S RBAC dan membuat saran tentang cara mengurangi mereka. Krane dashboard presents current RBAC security posture and lets you navigate through its definition.
? OpenSCAP — Suite of automated audit tools to examine the configuration and known vulnerabilities following the NIST-certified Security Content Automation Protocol (SCAP).
? Qualys Container Security ©️ — Container native application protection to provide visibility and control of containerized applications.
? sysdig ©️ — A secure DevOps platform for cloud and container forensics. Built on an open source stack, Sysdig provides Docker image scanning and created Falco, the open standard for runtime threat detection for containers, Kubernetes and cloud.
? Vuls — Agent-less Linux vulnerability scanner based on information from NVD, OVAL, etc. It has some container image support, although is not a container specific tool.
? actionlint — Static checker for GitHub Actions workflow files. Provides an online version.
? AzSK — Secure DevOps kit for Azure (AzSK) provides security IntelliSense, Security Verification Tests (SVTs), CICD scan vulnerabilities, compliance issues, and infrastructure misconfiguration in your infrastructure-as-code. Supports Azure via ARM.
? Code Climate — The open and extensible static analysis platform, for everyone.
? Codecov ©️ — Codecov is a company that provides code coverage tools for developers and engineering leaders to gain visibility into their code coverage. They offer flexible and unified reporting, seamless coverage insights, and robust coverage controls. Codecov supports over 20 languages and is CI/CD agnostic. Over 29,000 organizations and 1 million developers use Codecov. Codecov has recently joined Sentry.
? CodeRabbit ©️ — AI-powered code review tool that helps developers write better code faster. CodeRabbit provides automated code reviews, identifies security vulnerabilities, and suggests code improvements. It integrates with GitHub and GitLab.
465 10? composer-dependency-analyser) — Fast detection of composer dependency issues.
? Diffblue ©️ — Diffblue is a software company that provides AI-powered code analysis and testing solutions for software development teams. Its technology helps developers automate testing, find bugs, and reduce manual labor in their software development processes. The company's main product, Diffblue Cover, uses AI to generate and run unit tests for Java code, helping to catch errors and improve code quality.
? EXAKAT - Mesin peninjau kode otomatis untuk PHP.
? GitGuardian ggshield — ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase.
? Goblint — A static analyzer for the analysis of multi-threaded C programs. Its primary focus is the detection of data races, but it also reports other runtime errors, such as buffer overflows and null-pointer dereferences.
? Nitpick CI ©️ — Automated PHP code review.
? PullRequest ©️ — Code review as a service with built-in static analysis. Increase velocity and reduce technical debt through quality code review by expert engineers backed by best-in-class automation.
155 18? kualitas)
111 23? QuantifiedCode)
460 42? RefactorFirst) — Identifies and prioritizes God Classes and Highly Coupled classes in Java codebases you should refactor first.
8053 427? Reviewdog) — A tool for posting review comments from any linter in any code hosting service.
? Symfony Insight © ️ - Mendeteksi risiko keamanan, temukan bug dan berikan metrik yang dapat ditindaklanjuti untuk proyek PHP.
148 39? Violations Lib) — Java library for parsing report files from static code analysis. Used by a bunch of Jenkins, Maven and Gradle plugins.
1552 173? deno_lint) — Official linter for Deno. 59 29? oelint-adv) — Linter for bitbake recipes used in open-embedded and YOCTO 682 123? ERB Lint) — Lint your ERB or HTML files
340 59? htmlbeautifier) — A normaliser/beautifier for HTML that also understands embedded Ruby. Ideal for tidying up Rails templates.
179 75? gherkin-lint) — A linter for the Gherkin-Syntax written in Javascript. 1666 230? Angular ESLint) — Linter for Angular projects
2395 311? Bootlint)
682 123? ERB Lint) — Lint your ERB or HTML files
66 22? grunt-bootlint)2395 311? Bootlint), the HTML linter for Bootstrap projects.
42 8? gulp-bootlint)2395 311? Bootlint), the HTML linter for Bootstrap projects.
2318 145? HTML Inspector)
HTML Tidy — Corrects and cleans up HTML and XML documents by fixing markup errors and upgrading legacy code to modern standards.
? HTML-Validate — Offline HTML5 validator.
340 59? htmlbeautifier) — A normaliser/beautifier for HTML that also understands embedded Ruby. Ideal for tidying up Rails templates.
? HTMLHint — A Static Code Analysis Tool for HTML.
? Nu Html Checker — Helps you catch problems in your HTML/CSS/SVG
431 201? Polymer-analyzer) — A static analysis framework for Web Components.
? jsonlint — A JSON parser and validator with a CLI. Standalone version of jsonlint.com
? Spectral — A flexible JSON/YAML linter, with out-of-the-box support for OpenAPI v2/v3 and AsyncAPI v2.
1377 218? chart-testing) — ct is the tool for testing Helm charts. It is meant to be used for linting and testing pull requests. It automatically detects charts changed against the target branch.
550 45? clusterlint) — Clusterlint queries live Kubernetes clusters for resources, executes common and platform specific checks against these resources and provides actionable feedback to cluster operators. It is a non invasive tool that is run externally. Clusterlint does not alter the resource configurations.
? Datree — A CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization's policies
? kics — Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible
42 10? klint) — A tool that listens to changes in Kubernetes resources and runs linting rules against them. Identify and debug erroneous objects and nudge objects in line with the policies as both change over time. Klint helps us encode checks and proactively alert teams when they need to take action.
687 34? krane) — Krane is a simple Kubernetes RBAC static analysis tool. Ini mengidentifikasi potensi risiko keamanan dalam desain K8S RBAC dan membuat saran tentang cara mengurangi mereka. Krane dashboard presents current RBAC security posture and lets you navigate through its definition.
? kube-hunter — Hunt for security weaknesses in Kubernetes clusters.
157 12? kube-lint) — A linter for Kubernetes resources with a customizable rule set. You define a list of rules that you would like to validate against your resources and kube-lint will evaluate those rules against them.
3011 239? kube-linter) — KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
? kube-score — Static code analysis of your Kubernetes object definitions.
2334 126? kubeconform) — A fast Kubernetes manifests validator with support for custom resources.
It is inspired by, contains code from and is designed to stay close to ? Kubeval, but with the following improvements:
3011 239? KubeLinter) — KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
? kubeval — Validates your Kubernetes configuration files and supports multiple Kubernetes versions.
ChkTeX — A linter for LaTex which catches some typographic errors LaTeX oversees.
? lacheck — A tool for finding common mistakes in LaTeX documents.
? TeXLab — A Language Server Protocol implementation for TeX/LaTeX, including lint capabilities.
? PENGETAHUAN - Alat analisis statis dan dinamis untuk aplikasi Laravel yang memberikan rekomendasi untuk meningkatkan kinerja, keamanan, dan keandalan kode aplikasi Laravel. Contains 120 automated checks.
5639 424? larastan) — Adds static analysis to Laravel improving developer productivity and code quality. It is a wrapper around PHPStan.
1048 45? checkmake)
? portlint — A verifier for FreeBSD and DragonFlyBSD port directories.
4891 740? markdownlint) — Node.js -based style checker and lint tool for Markdown/CommonMark files.
? mdformat — CommonMark compliant Markdown formatter
1837 230? mdl) — A tool to check Markdown files and flag style issues.
28 0? mdsf) — Format markdown code blocks using your favorite code formatters.
? remark-lint — Pluggable Markdown code style linter written in JavaScript.
? textlint — textlint is an open source text linting utility written in JavaScript.
26 10? ciocheck)pep8 , pydocstyle , flake8 , dan pylint .
3488 310? flake8) — A wrapper around pyflakes , pycodestyle and mccabe .
? flakeheaven — flakeheaven is a python linter built around flake8 to enable inheritable and complex toml configuration.
3507 267? Go Meta Linter)golangci-lint for new projects.
3130 271? goreporter) — Concurrently runs many linters and normalises their output to a report.
28 6? multilint)flake8 , isort dan modernize .
1964 172? prospector) — A wrapper around pylint , pep8 , mccabe and others.
Android Lint — Run static analysis on Android projects.
? android-lint-summary
1084 300? FlowDroid) — Static taint analysis tool for Android applications.
? iblessing
? Mariana Trench — Our security focused static analysis tool for Android and Java applications. Mariana Trench analyzes Dalvik bytecode and is built to run fast on large codebases (10s of millions of lines of code). It can find vulnerabilities as code changes, before it ever lands in your repository.
? Oversecured ©️ — Enterprise vulnerability scanner for Android and iOS apps. It allows app owners and developers to secure each new version of a mobile app by integrating Oversecured into the development process.
74 17? paprika)
3215 644? qark)
? redex — Redex provides a framework for reading, writing, and analyzing .dex files, and a set of optimization passes that use this framework to improve the bytecode. An APK optimized by Redex should be smaller and faster.
525 13? deadnix) — Scan Nix files for dead code (unused variable bindings)
? statix — Lints and suggestions for the Nix programming language. "statix check" highlights antipatterns in Nix code. "statix fix" can fix several such occurrences.
788 35? lockfile-lint) — Lint an npm or yarn lockfile to analyze and detect security issues
? njsscan — A static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep.
? NODEJSSCAN - Pemindai kode keamanan statis untuk aplikasi Node.js yang ditenagai oleh Libsast dan SEMGREP yang dibangun di atas alat NJSSCAN CLI. It features a UI with various dashboards about an application's security status.
standard — An npm module that checks for Javascript Styleguide issues.
465 10? composer-dependency-analyser) — Fast detection of composer dependency issues.? lintian — Static analysis tool for Debian packages.
135 117? rpmlint) — Tool for checking common errors in rpm packages.
35 8? promformat)
4 7? promval) — PromQL validator written in Python. It can be used to validate that PromQL expressions are written as expected.
? buf — Provides a CLI linter that enforces good API design choices and structure
588 52? protolint) — Pluggable linter and fixer to enforce Protocol Buffer style and conventions.
31 25? metadata-json-lint) — Tool to check the validity of Puppet metadata.json files. 737 86? dawnscanner) — A static analysis security scanner for ruby written web applications. Ini mendukung kerangka kerja Sinatra, Padrino dan Ruby di Rails. ? AzSK — Secure DevOps kit for Azure (AzSK) provides security IntelliSense, Security Verification Tests (SVTs), CICD scan vulnerabilities, compliance issues, and infrastructure misconfiguration in your infrastructure-as-code. Supports Azure via ARM.
? brakeman — A static analysis security vulnerability scanner for Ruby on Rails applications.
328 49? Credential Digger) — Credential Digger is a GitHub scanning tool that identifies hardcoded credentials (Passwords, API Keys, Secret Keys, Tokens, personal information, etc), and filtering the false positive data through a machine learning model called ? Password Model. This scanner is able to detect passwords and non structured tokens with a low false positive rate.
? Datree — A CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization's policies
3869 481? detect-secrets) — An enterprise friendly way of detecting and preventing secrets in code. It does this by running periodic diff outputs against heuristically crafted regex statements, to identify whether any new secret has been committed. This way, it avoids the overhead of digging through all git history, as well as the need to scan the entire repository every time.
? PENGETAHUAN - Alat analisis statis dan dinamis untuk aplikasi Laravel yang memberikan rekomendasi untuk meningkatkan kinerja, keamanan, dan keandalan kode aplikasi Laravel. Contains 120 automated checks.
? GitGuardian ggshield — ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase.
18218 1492? Gitleaks) — A SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos.
2181 110? gokart) — Golang security analysis with a focus on minimizing false positives. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe.
? HasMySecretLeaked ©️ — HasMySecretLeaked is a project from GitGuardian that aims to help individual users and organizations search across 20 million exposed secrets to verify if their developer secrets have leaked on public repositories, gists, and issues on GitHub projects.
? iblessing
2300 97? kani) — The Kani Rust Verifier is a bit-precise model checker for Rust. Kani is particularly useful for verifying unsafe code blocks in Rust, where the "unsafe superpowers" are unchecked by the compiler. Kani verifies:
? kics — Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible
? ktool — Fully cross-platform toolkit and library for MachO+Obj-C editing/analysis. Includes a cli kit, a curses GUI, ObjC header dumping, and much more.
? kube-hunter — Hunt for security weaknesses in Kubernetes clusters.
788 35? lockfile-lint) — Lint an npm or yarn lockfile to analyze and detect security issues
? LunaSec — Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service.
? njsscan — A static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep.
? NODEJSSCAN - Pemindai kode keamanan statis untuk aplikasi Node.js yang ditenagai oleh Libsast dan SEMGREP yang dibangun di atas alat NJSSCAN CLI. It features a UI with various dashboards about an application's security status.
? Oversecured ©️ — Enterprise vulnerability scanner for Android and iOS apps. It allows app owners and developers to secure each new version of a mobile app by integrating Oversecured into the development process.
? PT Application Inspector ©️ — Identifies code flaws and detects vulnerabilities to prevent web attacks. Demonstrates remote code execution by presenting possible exploits.
? Qualys Container Security ©️ — Container native application protection to provide visibility and control of containerized applications.
111 23? QuantifiedCode)
? Rezilion ©️ — Discovers vulnerabilities for all components in your environment, filters out 85% non-exploitable vulnerabilities and creates a remediation plan and open tickets to upgrade components that violate your security policy and/or patch automatically in CI.
4672 508? scorecard) — Security Scorecards - Security health metrics for Open Source
? SearchDiggity ©️ — Identifies vulnerabilities in open source code projects hosted on Github, Google Code, MS CodePlex, SourceForge, and more. The tool comes with over 130 default searches that identify SQL injection, cross-site scripting (XSS), insecure remote and local file includes, hard-coded passwords, etc.
? Steampunk Spotter ©️ — Ansible Playbook Scanning Tool that analyzes and offers recommendations for your playbooks.
? Symfony Insight © ️ - Mendeteksi risiko keamanan, temukan bug dan berikan metrik yang dapat ditindaklanjuti untuk proyek PHP.
6739 541? tfsec) — Terraform static analysis tool that prevents potential security issues by checking cloud misconfigurations at build time and directly integrates with the HCL parser for better results. Checks for violations of AWS, Azure and GCP security best practice recommendations.
? trufflehog — Find credentials all over the place TruffleHog is an open source secret-scanning engine that resolves exposed secrets across your company's entire tech stack.
8299 896? Tsunami Security Scanner) — A general purpose network security scanner with an extensible plugin system for detecting high severity RCE-like vulnerabilities with high confidence. Custom detectors for finding vulnerabilities (eg open APIs) can be added.
3904 744? mythril) — A symbolic execution framework with batteries included, can be used to find and exploit vulnerabilities in smart contracts automatically.
? MythX ©️ — MythX is an easy to use analysis platform which integrates several analysis methods like fuzzing, symbolic execution and static analysis to find vulnerabilities with high precision. It can be integrated with toolchains like Remix or VSCode or called from the command-line.
5406 982? slither) — Static analysis framework that runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses.
? solhint — Solhint is an open source project created by https://protofire.io. Its goal is to provide a linting utility for Solidity code.
? solium — Solium is a linter to identify and fix style and security issues in Solidity smart contracts.
23 7? LibVCS4j) — A Java library that allows existing tools to analyse the evolution of software systems by providing a common API for different version control systems and issue trackers.
460 42? RefactorFirst) — Identifies and prioritizes God Classes and Highly Coupled classes in Java codebases you should refactor first.
148 39? Violations Lib) — Java library for parsing report files from static code analysis. Used by a bunch of Jenkins, Maven and Gradle plugins.
267 237? ember-template-lint) — Linter for Ember or Handlebars templates.
318 101? haml-lint) — Tool for writing clean and consistent HAML.
210 60? slim-lint) — Configurable tool for analyzing Slim templates.
? yamllint — Checks YAML files for syntax validity, key repetition and cosmetic problems such as lines length, trailing spaces, and indentation.
? GitGuardian ggshield — ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase.
? kics — Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible
369 15? shisho)
50 10? dennis) — A set of utilities for working with PO files to ease development and improve quality. ? HTML-Validate — Offline HTML5 validator.
? Vetur
? After the Deadline
? alex — Catch insensitive, inconsiderate writing
1964 472? codespell) — Check code for common misspellings.
? languagetool — Style and grammar checker for 25+ languages. It finds many errors that a simple spell checker cannot detect.
193 23? misspell-fixer)
? Misspelled Words In Context — A spell-checker that groups possible misspellings and shows them in their contexts.
4368 179? proselint) — A linter for English prose with a focus on writing style instead of grammar.
? vale — A syntax-aware linter for prose built with speed and extensibility in mind.
4966 190? write-good) — A linter with a focus on eliminating "weasel words".
? Spectral — A flexible JSON/YAML linter, with out-of-the-box support for OpenAPI v2/v3 and AsyncAPI v2.
? yamllint — Checks YAML files for syntax validity, key repetition and cosmetic problems such as lines length, trailing spaces, and indentation.
? commitlint — checks if your commit messages meet the conventional commit format
? GitGuardian ggshield — ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase.
? HasMySecretLeaked ©️ — HasMySecretLeaked is a project from GitGuardian that aims to help individual users and organizations search across 20 million exposed secrets to verify if their developer secrets have leaked on public repositories, gists, and issues on GitHub projects.
? ?? Clean code linters) — A collection of linters in github collections? ?? Code Quality Checker Tools For PHP Projects) — A collection of PHP linters in github collections6262 377? go-tools) — A collection of tools and libraries for working with Go code, including linters and static analysis342 31? linters) — An introduction to static code analysis2827 245? php-static-analysis-tools) — A reviewed list of useful PHP static analysis toolsTo the extent possible under law, ? Matthias Endler has waived all copyright and related or neighboring rights to this work. The underlying source code used to format and display that content is licensed under the MIT license.
Title image Designed by Freepik.
13455 1361? analysis-tools-dev/static-analysis)
