Static Analysis⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
Stars: ✭ 9,310 (+64.26%)
Larastan⚗️ Adds code analysis to Laravel improving developer productivity and code quality.
Stars: ✭ 3,554 (-37.3%)
PytypeA static type analyzer for Python code
Stars: ✭ 3,545 (-37.46%)
Reviewdog🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
Stars: ✭ 4,541 (-19.88%)
PhpstanPHP Static Analysis Tool - discover bugs in your code without running it!
Stars: ✭ 10,534 (+85.85%)
NullawayA tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
Stars: ✭ 3,035 (-46.45%)
PytA Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
Stars: ✭ 2,061 (-63.64%)
interceptINTERCEPT / Policy as Code Static Analysis Auditing / SAST
Stars: ✭ 54 (-99.05%)
qodana-action⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana
Stars: ✭ 112 (-98.02%)
analysis-netStatic analysis framework for .NET programs.
Stars: ✭ 19 (-99.66%)
Flake8The official GitHub mirror of https://gitlab.com/pycqa/flake8
Stars: ✭ 1,112 (-80.38%)
Sonar Php 🐘 SonarPHP: PHP static analyzer for SonarQube & SonarLint
Stars: ✭ 288 (-94.92%)
unimportA linter, formatter for finding and removing unused import statements.
Stars: ✭ 119 (-97.9%)
PhpinspectionseaA Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)
Stars: ✭ 1,211 (-78.63%)
CflintStatic code analysis for CFML (a linter)
Stars: ✭ 156 (-97.25%)
Phpstan Deprecation RulesPHPStan rules for detecting usage of deprecated classes, methods, properties, constants and traits.
Stars: ✭ 160 (-97.18%)
Forbidden ApisPoliceman's Forbidden API Checker
Stars: ✭ 216 (-96.19%)
AbaplintStandalone linter for ABAP
Stars: ✭ 111 (-98.04%)
lintsLint all your JavaScript, CSS, HTML, Markdown and Dockerfiles with a single command
Stars: ✭ 14 (-99.75%)
klaraAutomatic test case generation for python and static analysis library
Stars: ✭ 250 (-95.59%)
unimportunimport is a Go static analysis tool to find unnecessary import aliases.
Stars: ✭ 64 (-98.87%)
phpstan-netteNette Framework class reflection extension for PHPStan & framework-specific rules
Stars: ✭ 87 (-98.47%)
OpenStaticAnalyzerOpenStaticAnalyzer is a source code analyzer tool, which can perform deep static analysis of the source code of complex systems.
Stars: ✭ 19 (-99.66%)
analysis-modelA library to read static analysis reports into a Java object model
Stars: ✭ 74 (-98.69%)
Cfmtcfmt is a tool to wrap Go comments over a certain length to a new line.
Stars: ✭ 28 (-99.51%)
Sonar Java☕️ SonarSource Static Analyzer for Java Code Quality and Security
Stars: ✭ 745 (-86.86%)
CheckstyleCheckstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
Stars: ✭ 6,481 (+14.34%)
PylintIt's not just a linter that annoys you!
Stars: ✭ 3,733 (-34.14%)
UnimportA linter, formatter for finding and removing unused import statements.
Stars: ✭ 96 (-98.31%)
Pest🐞 Primitive Erlang Security Tool
Stars: ✭ 79 (-98.61%)
PmdAn extensible multilanguage static code analyzer.
Stars: ✭ 3,667 (-35.3%)
SonarjsSonarSource Static Analyzer for JavaScript and TypeScript
Stars: ✭ 696 (-87.72%)
Perl CriticThe leading static analyzer for Perl. Configurable, extensible, powerful.
Stars: ✭ 149 (-97.37%)
I18n TasksManage translation and localization with static analysis, for Ruby i18n
Stars: ✭ 1,748 (-69.16%)
InferA static analyzer for Java, C, C++, and Objective-C
Stars: ✭ 12,823 (+126.24%)
Nodejsscannodejsscan is a static security code scanner for Node.js applications.
Stars: ✭ 1,874 (-66.94%)
SpotbugsSpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
Stars: ✭ 2,569 (-54.68%)
Revive🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
Stars: ✭ 3,139 (-44.62%)
duplexDuplicate code finder for Elixir
Stars: ✭ 20 (-99.65%)
tryceratopsA linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).
Stars: ✭ 381 (-93.28%)
ChronosChronos - A static race detector for the go language
Stars: ✭ 272 (-95.2%)
Phpstan PhpunitPHPUnit extensions and rules for PHPStan
Stars: ✭ 247 (-95.64%)
ebaEBA is a static bug finder for C.
Stars: ✭ 14 (-99.75%)
nakedretnakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.
Stars: ✭ 82 (-98.55%)
identypoidentypo is a Go static analysis tool to find typos in identifiers (functions, function calls, variables, constants, type declarations, packages, labels).
Stars: ✭ 26 (-99.54%)
Phpdoc ParserNext-gen phpDoc parser with support for intersection types and generics
Stars: ✭ 569 (-89.96%)
PhanPhan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
Stars: ✭ 5,194 (-8.36%)
Dg[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.
Stars: ✭ 242 (-95.73%)
gotchaGo Taint CHeck Analyser
Stars: ✭ 40 (-99.29%)
static-code-analysis-pluginA plugin to simplify Static Code Analysis on Gradle. Not restricted to, but specially useful, in Android projects, by making sure all analysis can access the SDK classes.
Stars: ✭ 36 (-99.36%)