Static Analysis⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
Stars: ✭ 9,310 (+2215.92%)
constybleCSS complexity linter
Stars: ✭ 92 (-77.11%)
lintsLint all your JavaScript, CSS, HTML, Markdown and Dockerfiles with a single command
Stars: ✭ 14 (-96.52%)
ExakatThe Exakat Engine : smart static analysis for PHP
Stars: ✭ 346 (-13.93%)
DetektStatic code analysis for Kotlin
Stars: ✭ 4,169 (+937.06%)
Protoc Gen LintA plug-in for Google's Protocol Buffers (protobufs) compiler to lint .proto files for style violations.
Stars: ✭ 221 (-45.02%)
SDASDA is a rich cross-platform tool for reverse engineering that focused firstly on analysis of computer games. I'm trying to create a mix of the Ghidra, Cheat Engine and x64dbg. My tool will combine static and dynamic analysis of programs. Now SDA is being developed.
Stars: ✭ 98 (-75.62%)
swap-detectorA library for detecting swapped arguments in function calls, and a Clang Static Analyzer plugin used to demonstrate the library.
Stars: ✭ 19 (-95.27%)
VeribleVerible is a suite of SystemVerilog developer tools, including a parser, style-linter, and formatter.
Stars: ✭ 384 (-4.48%)
goreporterA Golang tool that does static analysis, unit testing, code review and generate code quality report.
Stars: ✭ 3,019 (+651%)
Cpp2ILWork-in-progress tool to reverse unity's IL2CPP toolchain.
Stars: ✭ 689 (+71.39%)
PmdAn extensible multilanguage static code analyzer.
Stars: ✭ 3,667 (+812.19%)
BellybuttonCustom Python linting through AST expressions
Stars: ✭ 196 (-51.24%)
SpotbugsSpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
Stars: ✭ 2,569 (+539.05%)
tryceratopsA linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).
Stars: ✭ 381 (-5.22%)
D ScannerSwiss-army knife for D source code
Stars: ✭ 221 (-45.02%)
ScalpelScalpel: The Python Static Analysis Framework
Stars: ✭ 176 (-56.22%)
go-mndMagic number detector for Go.
Stars: ✭ 153 (-61.94%)
dlintDlint is a tool for encouraging best coding practices and helping ensure Python code is secure.
Stars: ✭ 130 (-67.66%)
static-code-analysis-pluginA plugin to simplify Static Code Analysis on Gradle. Not restricted to, but specially useful, in Android projects, by making sure all analysis can access the SDK classes.
Stars: ✭ 36 (-91.04%)
pahoutA pair programming partner for writing better PHP. Pahout means PHP mahout 🐘
Stars: ✭ 43 (-89.3%)
illuaminateVery WIP static analysis for Lua
Stars: ✭ 21 (-94.78%)
DlintDlint is a tool for encouraging best coding practices and helping ensure we're writing secure Python code.
Stars: ✭ 320 (-20.4%)
addlintAn example linter written with go/analysis for tutorial purposes
Stars: ✭ 49 (-87.81%)
static file analysisAnalysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules
Stars: ✭ 34 (-91.54%)
MalScanA Simple PE File Heuristics Scanners
Stars: ✭ 41 (-89.8%)
DiktatStrict coding standard for Kotlin and a custom set of rules for detecting code smells, code style issues and bugs
Stars: ✭ 196 (-51.24%)
Woke✊ Detect non-inclusive language in your source code.
Stars: ✭ 190 (-52.74%)
BodycloseAnalyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.
Stars: ✭ 181 (-54.98%)
Dg[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.
Stars: ✭ 242 (-39.8%)
Revive🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
Stars: ✭ 3,139 (+680.85%)
sbt-findbugsFindBugs static analysis plugin for sbt.
Stars: ✭ 47 (-88.31%)
CflintStatic code analysis for CFML (a linter)
Stars: ✭ 156 (-61.19%)
go-perfguardCPU-guided performance analyzer for Go
Stars: ✭ 58 (-85.57%)
ramllintRAML Linter
Stars: ✭ 18 (-95.52%)
nestifDetect deeply nested if statements in Go source code
Stars: ✭ 30 (-92.54%)
WotanPluggable TypeScript and JavaScript linter
Stars: ✭ 271 (-32.59%)
mllint`mllint` is a command-line utility to evaluate the technical quality of Python Machine Learning (ML) projects by means of static analysis of the project's repository.
Stars: ✭ 67 (-83.33%)
ChronosChronos - A static race detector for the go language
Stars: ✭ 272 (-32.34%)
Go ToolsStaticcheck - The advanced Go linter
Stars: ✭ 4,317 (+973.88%)
CredoA static code analysis tool for the Elixir language with a focus on code consistency and teaching.
Stars: ✭ 4,144 (+930.85%)
RstcheckChecks syntax of reStructuredText and code blocks nested within it
Stars: ✭ 130 (-67.66%)
golintuiA simple terminal UI for Go linters
Stars: ✭ 73 (-81.84%)
SqlServer.RulesSQL Server static code analysis rules for SSDT database projects
Stars: ✭ 20 (-95.02%)
automutateApplies waves of mutations provided by other tools, such as linters or codemods.
Stars: ✭ 13 (-96.77%)
analysis-netStatic analysis framework for .NET programs.
Stars: ✭ 19 (-95.27%)
PylintIt's not just a linter that annoys you!
Stars: ✭ 3,733 (+828.61%)
HorusecHorusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Stars: ✭ 311 (-22.64%)
GoreporterA Golang tool that does static analysis, unit testing, code review and generate code quality report.
Stars: ✭ 2,943 (+632.09%)
LinterStatic Analysis Compiler Plugin for Scala
Stars: ✭ 273 (-32.09%)
KraneKubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (-36.82%)
ZpaA parser and source code analyzer for PL/SQL and Oracle SQL.
Stars: ✭ 124 (-69.15%)
Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (-68.16%)
unimportA linter, formatter for finding and removing unused import statements.
Stars: ✭ 119 (-70.4%)
Reviewdog🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
Stars: ✭ 4,541 (+1029.6%)