443 Open source projects that are alternatives of or similar to Apisan

Binsec/Rel is an extension of Binsec that implements relational symbolic execution for constant-time verification and secret-erasure at binary-level.

A PHP parser written in PHP

A unit test-like interface for fuzzing and symbolic execution

⚗️ Adds code analysis to Laravel improving developer productivity and code quality.

Static checker for Java

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

A static code analysis tool for the Elixir language with a focus on code consistency and teaching.

A plug-in for Google's Protocol Buffers (protobufs) compiler to lint .proto files for style violations.

A plugin to simplify Static Code Analysis on Gradle. Not restricted to, but specially useful, in Android projects, by making sure all analysis can access the SDK classes.

A reviewed list of useful PHP static analysis tools

Vulnerability Static Analysis for Containers

LibScout: Third-party library detector for Java/Android apps

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

Awesome Java Security Resources 🕶☕🔐

Droidefense: Advance Android Malware Analysis Framework

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Code Climate Engine for ESLint

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

Performant type-checking for python.

Strict coding standard for Kotlin and a custom set of rules for detecting code smells, code style issues and bugs

Extracting high level semantic information from binary code

✊ Detect non-inclusive language in your source code.

Your performance & security consultant, an artisan command away.

Code metrics for Java code by means of static analysis

Fortran compilers, preprocessors, static analyzers, transpilers, IDEs, build systems, etc.

Static Analyzer for Solidity

Kubernetes RBAC static Analysis & visualisation tool

The SECBIT Static Analysis Extension to Solidity Compiler

Find similar functions and classes in your JavaScript/TypeScript code

Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages

an advanced semantic indexer for Ruby

A vulnerability scanner for container images and filesystems

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

Making CoreOS' Clair easily work in CI/CD pipelines

Java Code Static Metrics (Cohesion, Coupling, etc.)

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

Moved to Polymer/tools monorepo

High-level library for executable binary file analysis

PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.

Symfony extension for PHPStan

Scanning APK file for URIs, endpoints & secrets.

JAW: A Graph-based Security Analysis Framework for JavaScript and Client-side CSRF

Parser for Angular projects.

An open format definition for static analysis tools

Docker image for Alpine Linux with latest ShellCheck, a static analysis tool for shell scripts.

Gradle plugin for PIT Mutation Testing

Static code analysis for Kotlin

Soot - A Java optimization framework

Static Analyzer for LLVM bitcode based on Abstract Interpretation

GCC plugin that embeds CPython inside the compiler

Next-gen phpDoc parser with support for intersection types and generics

A Small C Compiler

coala base docker image

STatic (LLVM) Object file Analysis Tool

Dominator Tree LLVM Pass to Test Satisfiability

An open source interactive disassembler

SonarQube Java Properties Analyzer

Catch common Java mistakes as compile-time errors

A community-driven list of awesome linters.

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.