399 Open source projects that are alternatives of or similar to Frama C Snapshot

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Security-focused static analysis for the Phoenix Framework

Awesome Golang Security resources 🕶🔐

A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

APISan: Sanitizing API Usages through Semantic Cross-Checking

Binary Analysis Platform

sonar-swift.SonarQube iOS Plugin, Support Objective-C And Swift, Support Infer (SonarQube iOS 代码扫描插件，支持 Objective-C 和 Swift ，支持 Infer 结果导入 ) base on https://github.com/Idean/sonar-swift

The Java Disassembler

Spoon is a metaprogramming library to analyze and transform Java source code (up to Java 15). 🥄 is made with ❤️, 🍻 and ✨. It parses source files to build a well-designed AST with powerful analysis and transformation API.

Pacman-inspired game, for teaching testing purposes.

🐞 Primitive Erlang Security Tool

Vulnerability Static Analysis for Containers

GopherCI was a project to help you maintain high-quality Go projects, by checking each GitHub Pull Request, for backward incompatible changes, and a suite of other third party static analysis tools.

A set of custom fixers for PHP CS Fixer

A tool to automatically fix PHP Coding Standards issues

A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification

A libre cross-platform disassembler.

Run a security scan on your terraform with the very nice https://github.com/liamg/tfsec

A parser and source code analyzer for PL/SQL and Oracle SQL.

DEPRECATED. USE INSTEAD github.com/blockspacer/flextool

Extension for PHPStan to allow analysis of Drupal code.

CogniCrypt is an Eclipse plugin that supports Java developers in using Java Cryptographic APIs.

Haxe Checkstyle

PHP Implementation of the VS Code Language Server Protocol 🆚↔🖥

Babel plugin that statically extracts i18next and react-i18next translation keys.

A new context, field, and array-sensitive heap analysis for LLVM bitcode based on DSA.

CogniCrypt_SAST: CrySL-to-Static Analysis Compiler

PHP Static Analysis Tool - discover bugs in your code without running it!

Language server for PHP, with powerful static analysis and type inference.

Command line tool to validate configuration files

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy

Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!

PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent.

Setup scripts for my Malware Analysis VMs

Various code metrics for Python code

CoRnucopia of ABstractions: a library for building abstract interpretation-based analyses

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

GitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and various tools.

⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.

Static analyzer for C/C++ based on the theory of Abstract Interpretation.

The official GitHub mirror of https://gitlab.com/pycqa/flake8

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Interactive code auditing and grep tool in Emacs Lisp

Telling tales on you for leaking secrets!

A linter for Clojure code that sparks joy.

Standalone linter for ABAP

PySonar2: an advanced semantic indexer for Python

A linter, formatter for finding and removing unused import statements.

A targeted input generator for Android that improves the effectiveness of dynamic malware analysis.

A list of computer-science readings I recommend

STatic (LLVM) Object file Analysis Tool

Android Mobile Device Hardening

Dominator Tree LLVM Pass to Test Satisfiability

IDAPython plugin for finding function strings recursively

Securify v2.0

Dynamic definitions and types provider for ruby static analysis

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Argus static analysis framework

🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more

Fast Static File Analysis Framework