qodana-action⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana
Stars: ✭ 112 (+24.44%)
localhost-sonarqubeAnalysing source code locally with SonarQube in a Docker environment.
Stars: ✭ 17 (-81.11%)
Reviewdog🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
Stars: ✭ 4,541 (+4945.56%)
SonarjsSonarSource Static Analyzer for JavaScript and TypeScript
Stars: ✭ 696 (+673.33%)
SonarqubeContinuous Inspection
Stars: ✭ 6,365 (+6972.22%)
SonartsStatic code analyzer for TypeScript
Stars: ✭ 776 (+762.22%)
Sonar Php 🐘 SonarPHP: PHP static analyzer for SonarQube & SonarLint
Stars: ✭ 288 (+220%)
Sonar DotnetCode analyzer for C# and VB.NET projects https://redirect.sonarsource.com/plugins/vbnet.html
Stars: ✭ 466 (+417.78%)
Nodejsscannodejsscan is a static security code scanner for Node.js applications.
Stars: ✭ 1,874 (+1982.22%)
inline-plzInline your lint messages
Stars: ✭ 32 (-64.44%)
DetektStatic code analysis for Kotlin
Stars: ✭ 4,169 (+4532.22%)
sonar-esql-pluginSonar plugin to analyze ESQL-sourcecode of IBM Integration Bus projects
Stars: ✭ 26 (-71.11%)
WotanPluggable TypeScript and JavaScript linter
Stars: ✭ 271 (+201.11%)
Pep8speaksA GitHub app to automatically review Python code style over Pull Requests
Stars: ✭ 546 (+506.67%)
PylintIt's not just a linter that annoys you!
Stars: ✭ 3,733 (+4047.78%)
Pyre CheckPerformant type-checking for python.
Stars: ✭ 5,716 (+6251.11%)
Sonar Java☕️ SonarSource Static Analyzer for Java Code Quality and Security
Stars: ✭ 745 (+727.78%)
PhpqaDocker image that provides static analysis tools for PHP
Stars: ✭ 853 (+847.78%)
CheckstyleCheckstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
Stars: ✭ 6,481 (+7101.11%)
Sonarondocker🐳 📡 Docker way of running SonarQube + any DB
Stars: ✭ 25 (-72.22%)
Static Analysis⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
Stars: ✭ 9,310 (+10244.44%)
static-code-analysis-pluginA plugin to simplify Static Code Analysis on Gradle. Not restricted to, but specially useful, in Android projects, by making sure all analysis can access the SDK classes.
Stars: ✭ 36 (-60%)
Sonar KotlinSonarQube plugin for Kotlin
Stars: ✭ 412 (+357.78%)
bridgecrew-actionThis Github Action runs Bridgecrew against an Infrastructure-as-Code repository. Bridgecrew performs static security analysis of Terraform & CloudFormation Infrastructure code.
Stars: ✭ 52 (-42.22%)
Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (+42.22%)
MutantAutomated code reviews via mutation testing - semantic code coverage.
Stars: ✭ 1,794 (+1893.33%)
CflintStatic code analysis for CFML (a linter)
Stars: ✭ 156 (+73.33%)
PmdAn extensible multilanguage static code analyzer.
Stars: ✭ 3,667 (+3974.44%)
CheckovPrevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+3868.89%)
InferA static analyzer for Java, C, C++, and Objective-C
Stars: ✭ 12,823 (+14147.78%)
TfsecSecurity scanner for your Terraform code
Stars: ✭ 3,622 (+3924.44%)
effective-code-reviewPresentation about my process for making code reviews as effective as possible
Stars: ✭ 63 (-30%)
ZpaA parser and source code analyzer for PL/SQL and Oracle SQL.
Stars: ✭ 124 (+37.78%)
workshop-devsecopsLa intención de la workshop es mostrar y orientar a los equipos de desarrollo, seguridad y devops (entre otros) que quieran comenzar en DevSecOps, a segurar sus aplicaciones o bien a conocer un poco más acerca del desarrollo seguro, para esto, estaremos otorgando algunos tips e información que fuimos aprendiendo para armar un Pipeline DevSecOps …
Stars: ✭ 14 (-84.44%)
Setup PhpGitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and various tools.
Stars: ✭ 1,945 (+2061.11%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+107.78%)
setup-sonar-scannerGithub Action which downloads and runs sonar-scanner cli with custom parameters to start Sonarqube scan.
Stars: ✭ 31 (-65.56%)
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+11246.67%)
sonar-scalaA free and open-source SonarQube plugin for static code analysis of Scala projects.
Stars: ✭ 113 (+25.56%)
interceptINTERCEPT / Policy as Code Static Analysis Auditing / SAST
Stars: ✭ 54 (-40%)
mylibШаблон кросплатформенного CMake-проекта для языка C++ 🇬🇧 Modern CMake crossplatform project template for C++
Stars: ✭ 49 (-45.56%)
Code Review ChecklistThis code review checklist helps you be a more effective and efficient code reviewer.
Stars: ✭ 214 (+137.78%)
Android-CICDThis repo demonstrates how to work on CI/CD for Mobile Apps 📱 using Github Actions 💊 + Firebase Distribution 🎉
Stars: ✭ 37 (-58.89%)
Sonar Swiftsonar-swift.SonarQube iOS Plugin, Support Objective-C And Swift, Support Infer (SonarQube iOS 代码扫描插件,支持 Objective-C 和 Swift ,支持 Infer 结果导入 ) base on https://github.com/Idean/sonar-swift
Stars: ✭ 70 (-22.22%)
code-reviewAutomated static analysis & linting bot for Mozilla repositories
Stars: ✭ 51 (-43.33%)
shell-linterA Github Action for ShellCheck
Stars: ✭ 58 (-35.56%)
noise-phpA starter-kit for your PHP project.
Stars: ✭ 52 (-42.22%)