406 Open source projects that are alternatives of or similar to checkup

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Code metrics for Java code by means of static analysis

Detect uses of legacy Java APIs

LibScout: Third-party library detector for Java/Android apps

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Strict coding standard for Kotlin and a custom set of rules for detecting code smells, code style issues and bugs

🦩 Tools for Go projects

Find similar functions and classes in your JavaScript/TypeScript code

A set of utilities for checking Go sources. This repository has migrated to https://gitlab.com/opennota/check

A reviewed list of useful PHP static analysis tools

Moved to Polymer/tools monorepo

An open source script to perform malware static analysis on Portable Executable

Awesome Java Security Resources 🕶☕🔐

Duplicate code finder for Elixir

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.

✊ Detect non-inclusive language in your source code.

Efficient and Precise Pointer-Tracking Data-Flow Framework

Program for determining types of files for Windows, Linux and MacOS.

🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

an advanced semantic indexer for Ruby

Monitoring service for Unix (AIX, Linux, HP-UX, MacOS, Solaris) systems

Java Code Static Metrics (Cohesion, Coupling, etc.)

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Security scanner for your Terraform code

PHPStan rules for detecting usage of deprecated classes, methods, properties, constants and traits.

Automatically generates FORtran Documentation from comments within the code.

Bolt is a language with in-built data-race freedom!

A Speculation-Aware Collaborative Dependence Analysis Framework

Policeman's Forbidden API Checker

PHPUnit extensions and rules for PHPStan

Intellisense for PHP

Tool that generates unit test by C/C++ source code, trying to reach all branches and maximize code coverage

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

Jenkins Warnings Plugin - Next Generation

Custom Python linting through AST expressions

Automated static analysis & linting bot for Mozilla repositories

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

The modern Java bytecode editor

Code Climate CLI

Static analysis of IEC 61131-3 programs

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Inline syscalls made easy for windows on clang

Analyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.

A linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).

[DEPRECATED] Security Scanner for Ethereum Smart Contracts

A PHP parser written in PHP

Datalog compiler in Rust as a procedural macro

Extensions for PHPStan

A static analyzer for Java, C, C++, and Objective-C

The CodeQL extractor and libraries for Go.

This repo aims at providing practical examples on how to use r2frida

A Ruby code quality reporter

Swiss-army knife for D source code

SDA is a rich cross-platform tool for reverse engineering that focused firstly on analysis of computer games. I'm trying to create a mix of the Ghidra, Cheat Engine and x64dbg. My tool will combine static and dynamic analysis of programs. Now SDA is being developed.

Sturdy is a library for developing sound static analyses in Haskell.

A set of opinionated and useful lint checks

Quality Police for Java projects

A plug-in for Google's Protocol Buffers (protobufs) compiler to lint .proto files for style violations.