428 Open source projects that are alternatives of or similar to Psalm

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Performant type-checking for python.

Python source code auditing and static analysis on a large scale

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

Awesome autocompletion, static analysis and refactoring library for python

PHPStan based SQL static analysis and type inference for the database access layer

Go Taint CHeck Analyser

Github mirror of "mediawiki/tools/phan/SecurityCheckPlugin" - our actual code is hosted with Gerrit (please see https://www.mediawiki.org/wiki/Developer_access for contributing)

🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

Code smell detector for Ruby

🐘 SonarPHP: PHP static analyzer for SonarQube & SonarLint

A static type analyzer for Python code

Mirror kept for legacy. Moved to https://github.com/llvm/llvm-project

Extra strict and opinionated rules for PHPStan

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

CodeCompass is a software comprehension tool for large scale software written in C/C++ and Java

🐺 Malware analysis platform

Building a modern functional compiler from first principles. (http://dev.stephendiehl.com/fun/)

Clean C++ project for you to use. Features: Modern CMake, CPack, Doxygen, PlantUML, Catch Unit testing, static analysis

Define and run pattern-based custom linting rules.

Staticcheck - The advanced Go linter

Doctrine extensions for PHPStan

Static analyser for finding Deadlocks in Go

Pluggable TypeScript and JavaScript linter

Official ESLint plugin for Vue.js

SeaHorn Verification Framework

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

Symfony extension for PHPStan

Joint Advanced Defect assEsment for android applications

A static code analysis tool for the Elixir language with a focus on code consistency and teaching.

Visualize call graph of a Go program using Graphviz

Static code analysis for Kotlin

Pssst!... see what Rust is doing behind the curtains 🕵🤫

Binee: binary emulation environment

Bringing clang-tidy magic to Visual Studio C++ developers.

The Exakat Engine : smart static analysis for PHP

The implementation of the Rascal meta-programming language (including interpreter, type checker, parser generator, compiler and JVM based run-time system)

Droidefense: Advance Android Malware Analysis Framework

A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

static analysis of C/C++ code

Static Analysis Compiler Plugin for Scala

A hackable malware sandbox for the 21st Century

Chronos - A static race detector for the go language

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Links to tools by subject

Your performance & security consultant, an artisan command away.

ClangKit provides an Objective-C frontend to LibClang. Source tokenization, diagnostics and fix-its are actually implemented.

A Golang tool that does static analysis, unit testing, code review and generate code quality report.

Library and CLI tool for analysing CloudFormation templates and check them for security compliance.

Analyzer of PHP code to search issues with deprecated functionality in newer interpreter versions.

Performing security tests inside your CI

📄 Documented Style Sheets Parser

🚀Optimizer for mobile applications

Kubernetes RBAC static Analysis & visualisation tool

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

An extensible multilanguage static code analyzer.

A Clojure utility to inspect static types inferred by the Clojure compiler

Code Climate engine for code duplication analysis

A vulnerability scanner for container images and filesystems

Awesome .NET Security Resources