Top 42 static-analyzer open source projects

[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.

Clang's scan-build re-implementation in python

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Beautiful and understandable static analysis tool for PHP

PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.

Type Analyzer for JavaScript

Static program analysis for TIP

☕️ PMD Plugin for SonarQube

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

A regex based source code scanner.

PHP Static Analysis Tool - discover bugs in your code without running it!

Cross-platform static analyzer and linter for Swift.

The Sparrow Static Analyzer

A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy

Pyc-cfg is a pure python control flow graph builder for almost all Ansi C programming language.

cfmt is a tool to wrap Go comments over a certain length to a new line.

🐳 📡 Docker way of running SonarQube + any DB

SonarQube Java Properties Analyzer

☕️ SonarSource Static Analyzer for Java Code Quality and Security

SonarSource Static Analyzer for JavaScript and TypeScript

Next-gen phpDoc parser with support for intersection types and generics

Code analyzer for C# and VB.NET projects https://redirect.sonarsource.com/plugins/vbnet.html

prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated.

🕵️ Haskell STatic ANalyser

cwe_checker finds vulnerable patterns in binary executables

Doctrine extensions for PHPStan

Mirror kept for legacy. Moved to https://github.com/llvm/llvm-project

Static verification tool for DNS zone files

SonarQube Cucumber Gherkin Analyzer

OPEM (Open Source PEM Fuel Cell Simulation Tool)

Statically detect double-lock & conflicting-lock bugs on MIR

EBA is a static bug finder for C.

nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.

identypo is a Go static analysis tool to find typos in identifiers (functions, function calls, variables, constants, type declarations, packages, labels).

Million-scale code analysis and refactoring toolkit for Java

unimport is a Go static analysis tool to find unnecessary import aliases.

SonarLint integration for Apache Netbeans

Nette Framework class reflection extension for PHPStan & framework-specific rules

SonarQube CSS / SCSS / Less Analyzer

Fortran compilers, preprocessors, static analyzers, transpilers, IDEs, build systems, etc.

Lint all your JavaScript, CSS, HTML, Markdown and Dockerfiles with a single command