489 Open source projects that are alternatives of or similar to Semgrep
Static Analysis
⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
Stars: ✭ 9,310 (+64.26%)
Larastan
⚗️ Adds code analysis to Laravel improving developer productivity and code quality.
Stars: ✭ 3,554 (-37.3%)
Reviewdog
🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
Stars: ✭ 4,541 (-19.88%)
Phpstan
PHP Static Analysis Tool - discover bugs in your code without running it!
Stars: ✭ 10,534 (+85.85%)
Nullaway
A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
Stars: ✭ 3,035 (-46.45%)
Pyt
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
Stars: ✭ 2,061 (-63.64%)
qodana-action
⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana
Stars: ✭ 112 (-98.02%)
unimport
A linter, formatter for finding and removing unused import statements.
Stars: ✭ 119 (-97.9%)
Phpstan Deprecation Rules
PHPStan rules for detecting usage of deprecated classes, methods, properties, constants and traits.
Stars: ✭ 160 (-97.18%)
lints
Lint all your JavaScript, CSS, HTML, Markdown and Dockerfiles with a single command
Stars: ✭ 14 (-99.75%)
unimport
unimport is a Go static analysis tool to find unnecessary import aliases.
Stars: ✭ 64 (-98.87%)
phpstan-nette
Nette Framework class reflection extension for PHPStan & framework-specific rules
Stars: ✭ 87 (-98.47%)
OpenStaticAnalyzer
OpenStaticAnalyzer is a source code analyzer tool, which can perform deep static analysis of the source code of complex systems.
Stars: ✭ 19 (-99.66%)
analysis-model
A library to read static analysis reports into a Java object model
Stars: ✭ 74 (-98.69%)
Checkstyle
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
Stars: ✭ 6,481 (+14.34%)
Unimport
A linter, formatter for finding and removing unused import statements.
Stars: ✭ 96 (-98.31%)
Perl Critic
The leading static analyzer for Perl. Configurable, extensible, powerful.
Stars: ✭ 149 (-97.37%)
I18n Tasks
Manage translation and localization with static analysis, for Ruby i18n
Stars: ✭ 1,748 (-69.16%)
Nodejsscan
nodejsscan is a static security code scanner for Node.js applications.
Stars: ✭ 1,874 (-66.94%)
Spotbugs
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
Stars: ✭ 2,569 (-54.68%)
Revive
🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
Stars: ✭ 3,139 (-44.62%)
tryceratops
A linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).
Stars: ✭ 381 (-93.28%)
gha-setup-scancentral-client
GitHub Action to set up Fortify ScanCentral Client
Stars: ✭ 15 (-99.74%)
nakedret
nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.
Stars: ✭ 82 (-98.55%)
identypo
identypo is a Go static analysis tool to find typos in identifiers (functions, function calls, variables, constants, type declarations, packages, labels).
Stars: ✭ 26 (-99.54%)
Phpdoc Parser
Next-gen phpDoc parser with support for intersection types and generics
Stars: ✭ 569 (-89.96%)
Phan
Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
Stars: ✭ 5,194 (-8.36%)
Dg
[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.
Stars: ✭ 242 (-95.73%)
static-code-analysis-plugin
A plugin to simplify Static Code Analysis on Gradle. Not restricted to, but specially useful, in Android projects, by making sure all analysis can access the SDK classes.
Stars: ✭ 36 (-99.36%)