406 Open source projects that are alternatives of or similar to Php Static Analysis Tools

Program for determining types of files for Windows, Linux and MacOS.

IDAPython plugin for finding function strings recursively

The leading static analyzer for Perl. Configurable, extensible, powerful.

PHP Static Analysis Tool - discover bugs in your code without running it!

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!

Sys: A Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code

CoRnucopia of ABstractions: a library for building abstract interpretation-based analyses

Find similar functions and classes in your JavaScript/TypeScript code

Static analyzer for C/C++ based on the theory of Abstract Interpretation.

Static Analyzer for LLVM bitcode based on Abstract Interpretation

Telling tales on you for leaking secrets!

Awesome Java Security Resources 🕶☕🔐

A linter, formatter for finding and removing unused import statements.

A Psalm plugin for Laravel

Android Mobile Device Hardening

an advanced semantic indexer for Ruby

Securify v2.0

Automated code reviews via mutation testing - semantic code coverage.

A new context, field, and array-sensitive heap analysis for LLVM bitcode based on DSA.

Strict coding standard for Kotlin and a custom set of rules for detecting code smells, code style issues and bugs

Language server for PHP, with powerful static analysis and type inference.

C code refactoring browser

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent.

Manage translation and localization with static analysis, for Ruby i18n

Various code metrics for Python code

LibScout: Third-party library detector for Java/Android apps

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

Analyses and reports testability issues of a php codebase

⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.

Java Code Static Metrics (Cohesion, Coupling, etc.)

The official GitHub mirror of https://gitlab.com/pycqa/flake8

An Android base app with loads of cool libraries/configuration NOT MAINTAINED

Interactive code auditing and grep tool in Emacs Lisp

✊ Detect non-inclusive language in your source code.

A linter for Clojure code that sparks joy.

Toolkit for enriching and speeding up static malware analysis

PySonar2: an advanced semantic indexer for Python

Moved to Polymer/tools monorepo

A targeted input generator for Android that improves the effectiveness of dynamic malware analysis.

Release snapshots of the Frama-C platform for source code analysis

STatic (LLVM) Object file Analysis Tool

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Dominator Tree LLVM Pass to Test Satisfiability

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

CogniCrypt_SAST: CrySL-to-Static Analysis Compiler

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

cfmt is a tool to wrap Go comments over a certain length to a new line.

Setup scripts for my Malware Analysis VMs

An open format definition for static analysis tools

Code metrics for Java code by means of static analysis

A list of computer-science readings I recommend

Bolt is a language with in-built data-race freedom!

Policeman's Forbidden API Checker

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Scanning APK file for URIs, endpoints & secrets.

A tool to automatically fix PHP Coding Standards issues