204 Open source projects that are alternatives of or similar to Tip

Java library for parsing report files from static code analysis.

Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

Program analysis playground for a simple, imperative language

Golang security checker

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy

a FindBugs/SpotBugs plugin for doing static code analysis for java code bases

⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.

History of symbolic execution (as well as SAT/SMT solving, fuzzing, and taint data tracking)

CoRnucopia of ABstractions: a library for building abstract interpretation-based analyses

Droidefense: Advance Android Malware Analysis Framework

Kubernetes object analysis with recommendations for improved reliability and security

⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

Visual Studio extension that intelligently introduces new C# features into your existing codebase

A static code analyzer for C++, C#, Lua

Static analysis framework for .NET programs.

Static verification tool for DNS zone files

Static analyzer for C/C++ based on the theory of Abstract Interpretation.

An extensible multilanguage static code analyzer.

A linter that replay your developing style

A static type analyzer for Python code

🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

A RuboCop extension focused on enforcing upstream best practices and coding conventions.

A linter, formatter for finding and removing unused import statements.

Assorted pintools

🐘 SonarPHP: PHP static analyzer for SonarQube & SonarLint

🐳 📡 Docker way of running SonarQube + any DB

Static Analysis Compiler Plugin for Scala

Standalone linter for ABAP

Every programmer needs a rubberduck. COM add-in for the VBA & VB6 IDE (VBE).

scalastyle

A plugin to simplify Static Code Analysis on Gradle. Not restricted to, but specially useful, in Android projects, by making sure all analysis can access the SDK classes.

SeaHorn Verification Framework

SonarQube Java Properties Analyzer

Code Climate engine for code duplication analysis

Additional ESLint's rules for Node.js

This repo demonstrates how to work on CI/CD for Mobile Apps 📱 using Github Actions 💊 + Firebase Distribution 🎉

NsDepCop is a static code analysis tool that helps to enforce namespace dependency rules in C# projects. No more unplanned or unnoticed dependencies in your system.

List of packages that use `standard`

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

A Dynamic Symbolic Execution (DSE) engine for JavaScript. ExpoSE is highly scalable, compatible with recent JavaScript standards, and supports symbolic modelling of strings and regular expressions.

Ruby on Rails Continuous Deployment Ecosystem to maintain Healthy Stable Development

🌟 JavaScript Style Guide, with linter & automatic code fixer

Java Code Instrumenter and Execution Tracer

Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.

Code Climate Engine for ESLint

UNIX-like reverse engineering framework and command-line toolset.

Lists of must-read papers (mainly security papers)

Static call graph generator. The official Python 3 version. Development repo.

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

DIE engine

A tool for collecting historical metrics about a project's dependencies

SonarQube Cucumber Gherkin Analyzer

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Extracting high level semantic information from binary code

OPEM (Open Source PEM Fuel Cell Simulation Tool)

CodeCharta visualizes multiple code metrics using 3D tree maps.

Performant type-checking for python.

Statically detect double-lock & conflicting-lock bugs on MIR