MutantAutomated code reviews via mutation testing - semantic code coverage.
CscoutC code refactoring browser
I18n TasksManage translation and localization with static analysis, for Ruby i18n
Dependency CruiserValidate and visualize dependencies. Your rules. JavaScript, TypeScript, CoffeeScript. ES6, CommonJS, AMD.
TypestatConverts JavaScript to TypeScript and TypeScript to better TypeScript.
Nodejsscannodejsscan is a static security code scanner for Node.js applications.
MazewalkerToolkit for enriching and speeding up static malware analysis
RstcheckChecks syntax of reStructuredText and code blocks nested within it
Frama C SnapshotRelease snapshots of the Frama-C platform for source code analysis
Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Find Sec BugsThe SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
ZpaA parser and source code analyzer for PL/SQL and Oracle SQL.
ReadingA list of computer-science readings I recommend
Config LintCommand line tool to validate configuration files
Php Cs FixerA tool to automatically fix PHP Coding Standards issues
Setup PhpGitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and various tools.
StingrayIDAPython plugin for finding function strings recursively
Analyzer🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more
PhpstanPHP Static Analysis Tool - discover bugs in your code without running it!
GopherciGopherCI was a project to help you maintain high-quality Go projects, by checking each GitHub Pull Request, for backward incompatible changes, and a suite of other third party static analysis tools.
Sast ScanFully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!
BapBinary Analysis Platform
CrabCoRnucopia of ABstractions: a library for building abstract interpretation-based analyses
IkosStatic analyzer for C/C++ based on the theory of Abstract Interpretation.
SquealerTelling tales on you for leaking secrets!
UnimportA linter, formatter for finding and removing unused import statements.
AmdhAndroid Mobile Device Hardening
Sea DsaA new context, field, and array-sensitive heap analysis for LLVM bitcode based on DSA.
Pest🐞 Primitive Erlang Security Tool
CodecheckerCodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy
Php codesnifferPHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent.
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
RadonVarious code metrics for Python code
Anchore EngineA service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification
Kube LinterKubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
Sonar Swiftsonar-swift.SonarQube iOS Plugin, Support Objective-C And Swift, Support Infer (SonarQube iOS 代码扫描插件,支持 Objective-C 和 Swift ,支持 Infer 结果导入 ) base on https://github.com/Idean/sonar-swift
Static Analysis⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
Flake8The official GitHub mirror of https://gitlab.com/pycqa/flake8
SobelowSecurity-focused static analysis for the Phoenix Framework