QuliceQuality Police for Java projects
FordAutomatically generates FORtran Documentation from comments within the code.
Pepper An open source script to perform malware static analysis on Portable Executable
Mobileapp Pentest CheatsheetThe Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Dg[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.
RecafThe modern Java bytecode editor
Revive🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
CheckA set of utilities for checking Go sources. This repository has migrated to https://gitlab.com/opennota/check
Codeql GoThe CodeQL extractor and libraries for Go.
InsiderStatic Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Protoc Gen LintA plug-in for Google's Protocol Buffers (protobufs) compiler to lint .proto files for style violations.
TfsecSecurity scanner for your Terraform code
BoltBolt is a language with in-built data-race freedom!
LibscoutLibScout: Third-party library detector for Java/Android apps
SpotbugsSpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
SyftCLI tool and library for generating a Software Bill of Materials from container images and filesystems
BellybuttonCustom Python linting through AST expressions
DiktatStrict coding standard for Kotlin and a custom set of rules for detecting code smells, code style issues and bugs
CheckovPrevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Woke✊ Detect non-inclusive language in your source code.
CkCode metrics for Java code by means of static analysis
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Detect It EasyProgram for determining types of files for Windows, Linux and MacOS.
BodycloseAnalyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.
SyntFind similar functions and classes in your JavaScript/TypeScript code
Securify[DEPRECATED] Security Scanner for Ethereum Smart Contracts
Rubysonaran advanced semantic indexer for Ruby
CrepeDatalog compiler in Rust as a procedural macro
PytA Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
InferA static analyzer for Java, C, C++, and Objective-C
JpeekJava Code Static Metrics (Cohesion, Coupling, etc.)
R2frida WikiThis repo aims at providing practical examples on how to use r2frida
PhpmdPHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.
CflintStatic code analysis for CFML (a linter)
ApkleaksScanning APK file for URIs, endpoints & secrets.
NgastParser for Angular projects.
Perl CriticThe leading static analyzer for Perl. Configurable, extensible, powerful.
Ts MorphTypeScript Compiler API wrapper for static analysis and programmatic code changes.
SysSys: A Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code
Crab LlvmStatic Analyzer for LLVM bitcode based on Abstract Interpretation
SootSoot - A Java optimization framework