StacoanStaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
SonarjsSonarSource Static Analyzer for JavaScript and TypeScript
Standard🌟 JavaScript Style Guide, with linter & automatic code fixer
JackhammerJackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
PhanPhan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
Phpdoc ParserNext-gen phpDoc parser with support for intersection types and generics
Pep8speaksA GitHub app to automatically review Python code style over Pull Requests
Phpcs Security Auditphpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code
Sonar DotnetCode analyzer for C# and VB.NET projects https://redirect.sonarsource.com/plugins/vbnet.html
Rubocop RailsA RuboCop extension focused on enforcing Rails best practices and coding conventions.
GosecGolang security checker
SouffleSoufflé is a variant of Datalog for tool designers crafting analyses in Horn clauses. Soufflé synthesizes a native parallel C++ program from a logic specification.
Preallocprealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated.
Php Parser🌿 NodeJS PHP Parser - extract AST or tokens (PHP5 and PHP7)
WalaT.J. Watson Libraries for Analysis
EngineDroidefense: Advance Android Malware Analysis Framework
EslintFind and fix problems in your JavaScript code.
SharpenVisual Studio extension that intelligently introduces new C# features into your existing codebase
SemgrepLightweight static analysis for many languages. Find bug variants with patterns that look like source code.
PmdAn extensible multilanguage static code analyzer.
PylintIt's not just a linter that annoys you!
PytypeA static type analyzer for Python code
Reviewdog🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
Awesome StandardDocumenting the explosion of packages in the standard ecosystem!
BanditBandit is a tool designed to find common security issues in Python code.
Sonar Php 🐘 SonarPHP: PHP static analyzer for SonarQube & SonarLint
NullawayA tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
ChronosChronos - A static race detector for the go language
sonar-esql-pluginSonar plugin to analyze ESQL-sourcecode of IBM Integration Bus projects
unimportA linter, formatter for finding and removing unused import statements.
Android-CICDThis repo demonstrates how to work on CI/CD for Mobile Apps 📱 using Github Actions 💊 + Firebase Distribution 🎉
qodana-action⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana
jt toolsRuby on Rails Continuous Deployment Ecosystem to maintain Healthy Stable Development
static-code-analysis-pluginA plugin to simplify Static Code Analysis on Gradle. Not restricted to, but specially useful, in Android projects, by making sure all analysis can access the SDK classes.
pyanStatic call graph generator. The official Python 3 version. Development repo.
freshli-libA tool for collecting historical metrics about a project's dependencies
detekt-hintDetection of design principle violations in Kotlin as a plugin to detekt.
OpenStaticAnalyzerOpenStaticAnalyzer is a source code analyzer tool, which can perform deep static analysis of the source code of complex systems.
analysis-modelA library to read static analysis reports into a Java object model
ebaEBA is a static bug finder for C.
nakedretnakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.
php-reflection🔎 Nodejs Reflection API for PHP files based on the php-parser
datreePrevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io
identypoidentypo is a Go static analysis tool to find typos in identifiers (functions, function calls, variables, constants, type declarations, packages, labels).
elm-reviewAnalyzes Elm projects, to help find mistakes before your users find them.
vandalStatic program analysis framework for Ethereum smart contract bytecode.