425 Open source projects that are alternatives of or similar to Crab

Semgrep rules registry

[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.

Binary Analysis Platform

SeaHorn Verification Framework

Program for determining types of files for Windows, Linux and MacOS.

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

A LLVM-based static analysis framework.

Program analysis playground for a simple, imperative language

Static analysis of IEC 61131-3 programs

Static Analyzer for LLVM bitcode based on Abstract Interpretation

Static analyzer for C/C++ based on the theory of Abstract Interpretation.

Static Analysis Compiler Plugin for Scala

Static Analyzer for LLVM bitcode based on Abstract Interpretation

TIRO - A hybrid iterative deobfuscation framework for Android applications

The CodeQL extractor and libraries for Go.

T.J. Watson Libraries for Analysis

Performant type-checking for python.

A linter for Clojure code that sparks joy.

Language server for PHP, with powerful static analysis and type inference.

PySonar2: an advanced semantic indexer for Python

Incremental Program Analysis Framework

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy

APISan: Sanitizing API Usages through Semantic Cross-Checking

PHP Implementation of the VS Code Language Server Protocol 🆚↔🖥

PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent.

Vulnerability Static Analysis for Containers

DEPRECATED. USE INSTEAD github.com/blockspacer/flextool

🐞 Primitive Erlang Security Tool

Spoon is a metaprogramming library to analyze and transform Java source code (up to Java 15). 🥄 is made with ❤️, 🍻 and ✨. It parses source files to build a well-designed AST with powerful analysis and transformation API.

A Program Analysis Toolkit for Android

CogniCrypt is an Eclipse plugin that supports Java developers in using Java Cryptographic APIs.

A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

A targeted input generator for Android that improves the effectiveness of dynamic malware analysis.

Telling tales on you for leaking secrets!

STatic (LLVM) Object file Analysis Tool

A set of custom fixers for PHP CS Fixer

Dominator Tree LLVM Pass to Test Satisfiability

Android Mobile Device Hardening

CogniCrypt_SAST: CrySL-to-Static Analysis Compiler

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

cfmt is a tool to wrap Go comments over a certain length to a new line.

Extension for PHPStan to allow analysis of Drupal code.

A Dynamic Symbolic Execution (DSE) engine for JavaScript. ExpoSE is highly scalable, compatible with recent JavaScript standards, and supports symbolic modelling of strings and regular expressions.

Various code metrics for Python code

High-level library for executable binary file analysis

An open format definition for static analysis tools

A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification

Docker image that provides static analysis tools for PHP

🐳 📡 Docker way of running SonarQube + any DB

Babel plugin that statically extracts i18next and react-i18next translation keys.

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

DEPRECATED -- DevSkim plugin for Sublime Text 3.

SonarQube Java Properties Analyzer

sonar-swift.SonarQube iOS Plugin, Support Objective-C And Swift, Support Infer (SonarQube iOS 代码扫描插件，支持 Objective-C 和 Swift ，支持 Infer 结果导入 ) base on https://github.com/Idean/sonar-swift

a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

Linting tool for CloudFormation templates

A linter, formatter for finding and removing unused import statements.

Securify v2.0