Dg[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.
Revive🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
CodelyzerStatic analysis for Angular projects.
WhispersIdentify hardcoded secrets and dangerous behaviours
SpotbugsSpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
SputnikStatic code review for your Gerrit patchsets. Runs Checkstyle, PMD, FindBugs, Scalastyle, CodeNarc, JSLint for you!
PytA Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
TombstoneDead code detection with tombstones for PHP 🪦🧟
InferA static analyzer for Java, C, C++, and Objective-C
CflintStatic code analysis for CFML (a linter)
Walkmod Corewalkmod: an open source tool to fix coding style issues
TajsType Analyzer for JavaScript
Perl CriticThe leading static analyzer for Perl. Configurable, extensible, powerful.
WpbulletA static code analysis for WordPress (and PHP)
Bento[DEPRECATED] Find Python web-app bugs delightfully fast, without changing your workflow. 🍱
RubocopA Ruby static code analyzer and formatter, based on the community Ruby style guide.
TipStatic program analysis for TIP
I18n TasksManage translation and localization with static analysis, for Ruby i18n
Owasp OrizonOwasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.
Fb Contriba FindBugs/SpotBugs plugin for doing static code analysis for java code bases
FeramFeram finds & fixes bugs in your commits
GrepbugsA regex based source code scanner.
NsdepcopNsDepCop is a static code analysis tool that helps to enforce namespace dependency rules in C# projects. No more unplanned or unnoticed dependencies in your system.
PhpstanPHP Static Analysis Tool - discover bugs in your code without running it!
DrekA static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.
Npgsql.fsharp.analyzerF# analyzer that provides embedded SQL syntax analysis, type-checking for parameters and result sets and nullable column detection when writing queries using Npgsql.FSharp.
UnimportA linter, formatter for finding and removing unused import statements.
Violations LibJava library for parsing report files from static code analysis.
RubberduckEvery programmer needs a rubberduck. COM add-in for the VBA & VB6 IDE (VBE).
SourcecodesnifferThe Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.
CodechartaCodeCharta visualizes multiple code metrics using 3D tree maps.
Pest🐞 Primitive Erlang Security Tool
PfunFunctional, composable, asynchronous, type-safe Python.
Static Analysis⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
Kube ScoreKubernetes object analysis with recommendations for improved reliability and security
Flake8The official GitHub mirror of https://gitlab.com/pycqa/flake8
TscancodeA static code analyzer for C++, C#, Lua
DevreplayA linter that replay your developing style
Rubocop PackagingA RuboCop extension focused on enforcing upstream best practices and coding conventions.
Cfmtcfmt is a tool to wrap Go comments over a certain length to a new line.
Sonar Java☕️ SonarSource Static Analyzer for Java Code Quality and Security
CheckstyleCheckstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.