562 Open source projects that are alternatives of or similar to gotcha

Intellisense for PHP

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Language server for PHP, with powerful static analysis and type inference.

Cluster-based cloud mechanism for running SAVE framework

A set of custom fixers for PHP CS Fixer

A linter that replay your developing style

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

No description or website provided.

A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification

INTERCEPT / Policy as Code Static Analysis Auditing / SAST

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

Security-focused static analysis for the Phoenix Framework

A tool which performs static analyses on Decision Model Notation (DMN) files to detect bugs

Allows old code to use new standards

Custom Python linting through AST expressions

DEPRECATED. USE INSTEAD github.com/blockspacer/flextool

Go static program analyser

Spoon is a metaprogramming library to analyze and transform Java source code (up to Java 15). 🥄 is made with ❤️, 🍻 and ✨. It parses source files to build a well-designed AST with powerful analysis and transformation API.

CogniCrypt is an Eclipse plugin that supports Java developers in using Java Cryptographic APIs.

Detect deeply nested if statements in Go source code

APISan: Sanitizing API Usages through Semantic Cross-Checking

PHP Implementation of the VS Code Language Server Protocol 🆚↔🖥

A static analysis and linter tool for Lua

Vulnerability Static Analysis for Containers

Strict coding standard for Kotlin and a custom set of rules for detecting code smells, code style issues and bugs

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

An open format definition for static analysis tools

✊ Detect non-inclusive language in your source code.

persistent monitor (for static source code analysis, GCC based)

walkmod: an open source tool to fix coding style issues

Code metrics for Java code by means of static analysis

Learn the fundamentals of Binary Auditing. Know how HLL mapping works, get more inner file understanding than ever.

SonarQube Java Properties Analyzer

eclipse-pmd has been moved to

Static code analyzer for TypeScript

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

SDA is a rich cross-platform tool for reverse engineering that focused firstly on analysis of computer games. I'm trying to create a mix of the Ghidra, Cheat Engine and x64dbg. My tool will combine static and dynamic analysis of programs. Now SDA is being developed.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

🚦 An extensible linter for the TypeScript language

A RuboCop extension focused on enforcing Rails best practices and coding conventions.

Interface to PHPStan (PHP static analyzer)

Type Analyzer for JavaScript

Program for determining types of files for Windows, Linux and MacOS.

HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

Soufflé is a variant of Datalog for tool designers crafting analyses in Horn clauses. Soufflé synthesizes a native parallel C++ program from a logic specification.

Static analysis of IEC 61131-3 programs

Object Calisthenics rules for PHP_CodeSniffer

ESLint Shareable Config for React/JSX support in JavaScript Standard Style

Phantom types for Python.

Analyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.

Find similar functions and classes in your JavaScript/TypeScript code

a taint tracer based on DynamoRIO, currently ARM only

[DEPRECATED] Security Scanner for Ethereum Smart Contracts

A static code analysis for WordPress (and PHP)

an advanced semantic indexer for Ruby

Wanna get DRY? Static analysis tool for detecting repeat code.

Static program analysis framework for Ethereum smart contract bytecode.

Complexity of Code - JavaScript/TypeScript

libdft for Intel Pin 3.x and 64 bit platform. (Dynamic taint tracking, taint analysis)