{"id":13486254,"url":"https://github.com/analysis-tools-dev/dynamic-analysis","last_synced_at":"2025-10-23T18:11:55.569Z","repository":{"id":37620067,"uuid":"134979079","full_name":"analysis-tools-dev/dynamic-analysis","owner":"analysis-tools-dev","description":"⚙️ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.","archived":false,"fork":false,"pushed_at":"2025-09-29T15:36:28.000Z","size":1114,"stargazers_count":1034,"open_issues_count":0,"forks_count":111,"subscribers_count":31,"default_branch":"master","last_synced_at":"2025-10-12T01:03:35.510Z","etag":null,"topics":["analysis","dast","dynamic","dynamic-analysis","dynamic-code-analysis"],"latest_commit_sha":null,"homepage":"https://analysis-tools.dev","language":"Markdown","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/analysis-tools-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"analysis-tools-dev","open_collective":"analysis-tools"}},"created_at":"2018-05-26T16:52:14.000Z","updated_at":"2025-10-09T13:22:09.000Z","dependencies_parsed_at":"2023-02-04T04:15:41.533Z","dependency_job_id":"50249904-3588-4858-a75e-b734af8c68ca","html_url":"https://github.com/analysis-tools-dev/dynamic-analysis","commit_stats":{"total_commits":385,"total_committers":22,"mean_commits":17.5,"dds":"0.49870129870129876","last_synced_commit":"8f8d254892bf68893921af16abc5771146362a42"},"previous_names":["mre/awesome-dynamic-analysis"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/analysis-tools-dev/dynamic-analysis","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/analysis-tools-dev%2Fdynamic-analysis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/analysis-tools-dev%2Fdynamic-analysis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/analysis-tools-dev%2Fdynamic-analysis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/analysis-tools-dev%2Fdynamic-analysis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/analysis-tools-dev","download_url":"https://codeload.github.com/analysis-tools-dev/dynamic-analysis/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/analysis-tools-dev%2Fdynamic-analysis/sbom","scorecard":{"id":191063,"data":{"date":"2025-08-11","repo":{"name":"github.com/analysis-tools-dev/dynamic-analysis","commit":"1ff3469328561d09751312b12601195e777e2c13"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/2 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":5,"reason":"6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-merge.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/analysis-tools-dev/dynamic-analysis/auto-merge.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-merge.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/analysis-tools-dev/dynamic-analysis/auto-merge.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/analysis-tools-dev/dynamic-analysis/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/links.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/analysis-tools-dev/dynamic-analysis/links.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/links.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/analysis-tools-dev/dynamic-analysis/links.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/links.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/analysis-tools-dev/dynamic-analysis/links.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/render.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/analysis-tools-dev/dynamic-analysis/render.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/render.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/analysis-tools-dev/dynamic-analysis/render.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/analysis-tools-dev/dynamic-analysis/stale.yml/master?enable=pin","Info:   0 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   4 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/auto-merge.yml:1","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/links.yml:1","Warn: no topLevel permission defined: .github/workflows/render.yml:1","Warn: no topLevel permission defined: .github/workflows/stale.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"21 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2023-0034 / GHSA-f8vr-r385-rh5r","Warn: Project is vulnerable to: RUSTSEC-2024-0003 / GHSA-8r5v-vm4m-4g25","Warn: Project is vulnerable to: RUSTSEC-2024-0332 / GHSA-q6cp-qfwq-4gcv","Warn: Project is vulnerable to: RUSTSEC-2024-0421 / GHSA-h97m-ww89-6jmq","Warn: Project is vulnerable to: RUSTSEC-2024-0384","Warn: Project is vulnerable to: RUSTSEC-2024-0019 / GHSA-r8w9-5wcg-vfj7","Warn: Project is vulnerable to: RUSTSEC-2023-0022 / GHSA-3gxf-9r58-2ghg","Warn: Project is vulnerable to: RUSTSEC-2023-0024 / GHSA-6hcf-g6gr-hhcr","Warn: Project is vulnerable to: RUSTSEC-2023-0023 / GHSA-9qwg-crg9-m2vc","Warn: Project is vulnerable to: RUSTSEC-2023-0044 / GHSA-xcf7-rvmh-g6q4","Warn: Project is vulnerable to: RUSTSEC-2023-0072 / GHSA-xphf-cx8h-7q9g","Warn: Project is vulnerable to: GHSA-q445-7m23-qrmw","Warn: Project is vulnerable to: RUSTSEC-2024-0357","Warn: Project is vulnerable to: RUSTSEC-2025-0004 / GHSA-rpmj-rpgj-qmpm","Warn: Project is vulnerable to: RUSTSEC-2023-0018 / GHSA-mc8h-8q98-g5hr","Warn: Project is vulnerable to: RUSTSEC-2025-0010","Warn: Project is vulnerable to: GHSA-4p46-pwfr-66x6","Warn: Project is vulnerable to: RUSTSEC-2025-0009","Warn: Project is vulnerable to: GHSA-c86p-w88r-qvqr","Warn: Project is vulnerable to: GHSA-rr8g-9fpq-6wmg","Warn: Project is vulnerable to: RUSTSEC-2025-0023"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T20:41:01.030Z","repository_id":37620067,"created_at":"2025-08-16T20:41:01.031Z","updated_at":"2025-08-16T20:41:01.031Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280667535,"owners_count":26370158,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-23T02:00:06.710Z","response_time":142,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analysis","dast","dynamic","dynamic-analysis","dynamic-code-analysis"],"created_at":"2024-07-31T18:00:42.575Z","updated_at":"2025-10-23T18:11:55.553Z","avatar_url":"https://github.com/analysis-tools-dev.png","language":"Markdown","readme":"\u003c!-- 🚨🚨 DON'T EDIT THIS FILE DIRECTLY. Edit `data/tools.yml` instead. 🚨🚨 --\u003e\n\n\u003ca href=\"https://analysis-tools.dev/\"\u003e\n  \u003cimg alt=\"Analysis Tools Website\" src=\"https://raw.githubusercontent.com/analysis-tools-dev/assets/master/static/redesign.svg\" /\u003e\n\u003c/a\u003e\n\nThis repository lists **dynamic analysis tools** for all programming languages, build tools, config files and more. The focus is on tools which improve code quality such as linters and formatters.\nThe official website, [analysis-tools.dev](https://analysis-tools.dev/) is based on this repository and adds rankings, user comments, and additional resources like videos for each tool.\n\n[![Website](https://img.shields.io/badge/Website-Online-2B5BAE)](https://analysis-tools.dev)\n![CI](https://github.com/analysis-tools-dev/dynamic-analysis/workflows/CI/badge.svg)\n\n## Sponsors\n\nThis project would not be possible without the generous support of our sponsors.\n\n\u003ctable\u003e\n   \u003ctr\u003e\n      \u003ctd\u003e\n         \u003ca href=\"https://bugprove.com\"\u003e\n            \u003cpicture \u003e\n               \u003csource width=\"200px\" media=\"(prefers-color-scheme: dark)\" srcset=\"https://raw.githubusercontent.com/analysis-tools-dev/assets/master/static/sponsors/bugprove-dark.svg\"\u003e\n               \u003cimg width=\"200px\" alt=\"BugProve\" src=\"https://raw.githubusercontent.com/analysis-tools-dev/assets/master/static/sponsors/bugprove-light.svg\"\u003e\n            \u003c/picture\u003e\n         \u003c/a\u003e\n      \u003c/td\u003e\n      \u003ctd\u003e\n         \u003ca href=\"https://www.betterscan.io\"\u003e\n            \u003cpicture \u003e\n               \u003csource width=\"200px\" media=\"(prefers-color-scheme: dark)\" srcset=\"https://raw.githubusercontent.com/analysis-tools-dev/assets/master/static/sponsors/betterscan-dark.svg\"\u003e\n               \u003cimg width=\"200px\" alt=\"Betterscan\" src=\"https://raw.githubusercontent.com/analysis-tools-dev/assets/master/static/sponsors/betterscan-light.svg\"\u003e\n            \u003c/picture\u003e\n         \u003c/a\u003e\n      \u003c/td\u003e\n      \u003ctd\u003e\n         \u003ca href=\"https://www.pixee.ai/\"\u003e\n            \u003cpicture \u003e\n               \u003csource width=\"200px\" media=\"(prefers-color-scheme: dark)\" srcset=\"https://raw.githubusercontent.com/analysis-tools-dev/assets/master/static/sponsors/pixee-light.png\"\u003e\n               \u003cimg width=\"200px\" alt=\"Pixee\" src=\"https://raw.githubusercontent.com/analysis-tools-dev/assets/master/static/sponsors/pixee-dark.png\"\u003e\n            \u003c/picture\u003e\n         \u003c/a\u003e\n      \u003c/td\u003e\n      \u003ctd\u003e\n         \u003ca href=\"https://coderabbit.ai\"\u003e\n            \u003cimg width=\"200px\" src=\"https://raw.githubusercontent.com/analysis-tools-dev/assets/master/static/sponsors/code-rabbit.svg\" /\u003e\n         \u003c/a\u003e\n      \u003c/td\u003e\n      \u003ctd\u003e\n         \u003ca href=\"https://semgrep.dev/\"\u003e\n            \u003cimg width=\"200px\" src=\"https://raw.githubusercontent.com/analysis-tools-dev/assets/master/static/sponsors/semgrep.svg\" /\u003e\n         \u003c/a\u003e\n      \u003c/td\u003e\n      \u003ctd\u003e\n         \u003ca href=\"https://offensive360.com/\"\u003e\n            \u003cimg width=\"200px\" src=\"https://raw.githubusercontent.com/analysis-tools-dev/assets/master/static/sponsors/offensive360.png\" /\u003e\n         \u003c/a\u003e\n      \u003c/td\u003e\n   \u003c/tr\u003e\n\u003c/table\u003e\n\nIf you also want to support this project, head over to our [Github sponsors page](https://github.com/sponsors/analysis-tools-dev).\n\n## Meaning of Symbols:\n\n- :copyright: stands for proprietary software. All other tools are Open Source.\n- :information_source: indicates that the community does not recommend to use this tool for new projects anymore. The icon links to the discussion issue.\n- :warning: means that this tool was not updated for more than 1 year, or the repo was archived.\n\nPull requests are very welcome!  \nAlso check out the sister project, [awesome-static-analysis](https://github.com/mre/awesome-static-analysis).\n\n## Table of Contents\n\n#### [Programming Languages](#programming-languages-1)\n\n\u003cdetails\u003e\n \u003csummary\u003eShow languages\u003c/summary\u003e\n  \u003c!-- Please use HTML syntax here so that it works for Github and mkdocs --\u003e\n  \u003cul\u003e\n    \u003cli\u003e\u003ca href=\"#dotnet\"\u003e.NET\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#c\"\u003eC\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#cpp\"\u003eC++\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#go\"\u003eGo\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#java\"\u003eJava\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#javascript\"\u003eJavaScript\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#php\"\u003ePHP\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#ruby\"\u003eRuby\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#rust\"\u003eRust\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#sql\"\u003eSQL\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#vbasic\"\u003eVisual Basic\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#zig\"\u003eZig\u003c/a\u003e\u003c/li\u003e\n    \u003c/ul\u003e\n\u003c/details\u003e\n\n#### [Multiple languages](#multiple-languages-1)\n\n#### [Other](#other-1)\n\n\n\n- [API](#api)\n  \n\n- [Binaries](#binary)\n  \n\n- [Bytecode/IR](#bytecode)\n  \n\n- [Cloud](#cloud)\n  \n\n- [Containers](#container)\n  \n\n- [Laravel](#laravel)\n  \n\n- [Security/DAST](#security)\n  \n\n- [Web](#web)\n  \n\n- [WebAssembly](#webassembly)\n  \n\n- [XML](#xml)\n  \n\n---\n\n## Programming Languages\n\n\u003ch2 id=\"dotnet\"\u003e.NET\u003c/h2\u003e\n\n\n\n- [Microsoft IntelliTest](https://docs.microsoft.com/en-us/visualstudio/test/intellitest-manual/getting-started?view=vs-2019) — Generate a candidate suite of tests for your .NET code.\n  \n\n- [Pex and Moles](https://www.microsoft.com/en-us/research/project/pex-and-moles-isolation-and-white-box-unit-testing-for-net/) — Pex automatically generates test suites with high code coverage using automated white box analysis.\n  \n\n\u003ch2 id=\"c\"\u003eC\u003c/h2\u003e\n\n\n\n- [CHAP](https://github.com/vmware/chap) — Analyzes un-instrumented ELF core files for leaks, memory growth, and corruption. It helps explain memory growth, can identify some forms of corruption, and  supplements a debugger by giving the status of various memory locations.\n  \n\n- [KLEE](https://github.com/klee/klee) — Symbolic virtual machine built on top of the LLVM compiler infrastructure.\n  \n\n- [LDRA](https://ldra.com) :copyright: — A tool suite including dynamic analysis and test to various standards can ensure test coverage to 100% op-code, branch \u0026 decsion coverage.\n  \n\n- [LLVM/Clang Sanitizers](https://github.com/google/sanitizers) — \u003cul\u003e \u003cli\u003e\u003ca href=\"https://github.com/google/sanitizers/wiki/AddressSanitizer\"\u003eAddressSanitizer\u003c/a\u003e - A memory error detector for C/C++\u003c/li\u003e \u003cli\u003e\u003ca href=\"https://github.com/google/sanitizers/wiki/MemorySanitizer\"\u003eMemorySanitizer\u003c/a\u003e - A detector of uninitialized memory reads in C/C++ programs.\u003c/li\u003e \u003cli\u003e\u003ca href=\"https://github.com/google/sanitizers/wiki/ThreadSanitizerCppManual\"\u003eThreadSanitizer\u003c/a\u003e - A data race detector for C/C++\u003c/li\u003e \u003c/ul\u003e\n  \n\n- [Valgrind](https://valgrind.org/) — An instrumentation framework for building dynamic analysis tools.\n  \n\n\u003ch2 id=\"cpp\"\u003eC++\u003c/h2\u003e\n\n\n\n- [CHAP](https://github.com/vmware/chap) — Analyzes un-instrumented ELF core files for leaks, memory growth, and corruption. It helps explain memory growth, can identify some forms of corruption, and  supplements a debugger by giving the status of various memory locations.\n  \n\n- [KLEE](https://github.com/klee/klee) — Symbolic virtual machine built on top of the LLVM compiler infrastructure.\n  \n\n- [LDRA](https://ldra.com) :copyright: — A tool suite including dynamic analysis and test to various standards can ensure test coverage to 100% op-code, branch \u0026 decsion coverage.\n  \n\n- [LLVM/Clang Sanitizers](https://github.com/google/sanitizers) — \u003cul\u003e \u003cli\u003e\u003ca href=\"https://github.com/google/sanitizers/wiki/AddressSanitizer\"\u003eAddressSanitizer\u003c/a\u003e - A memory error detector for C/C++\u003c/li\u003e \u003cli\u003e\u003ca href=\"https://github.com/google/sanitizers/wiki/MemorySanitizer\"\u003eMemorySanitizer\u003c/a\u003e - A detector of uninitialized memory reads in C/C++ programs.\u003c/li\u003e \u003cli\u003e\u003ca href=\"https://github.com/google/sanitizers/wiki/ThreadSanitizerCppManual\"\u003eThreadSanitizer\u003c/a\u003e - A data race detector for C/C++\u003c/li\u003e \u003c/ul\u003e\n  \n\n- [Valgrind](https://valgrind.org/) — An instrumentation framework for building dynamic analysis tools.\n  \n\n\u003ch2 id=\"go\"\u003eGo\u003c/h2\u003e\n\n\n\n- [statsviz](https://github.com/arl/statsviz) — Instant live visualization of your Go application runtime statistics in the browser. It plots heap usage, MSpans/MCaches, Object counts, Goroutines and GC/CPU fraction.\n  \n\n\u003ch2 id=\"java\"\u003eJava\u003c/h2\u003e\n\n\n\n- [Java PathFinder](https://github.com/javapathfinder/jpf-core) — An extensible software model checking framework for Java bytecode programs.\n  \n\n- [Parasoft Jtest](https://www.parasoft.com/products/jtest) :copyright: — Jtest is an automated Java software testing and static analysis product that is made by Parasoft. The product includes technology for Data-flow analysis Unit test-case generation and execution, static analysis, regression testing, code coverage, and runtime error detection.\n  \n\n\u003ch2 id=\"javascript\"\u003eJavaScript\u003c/h2\u003e\n\n\n\n- [Iroh.js](https://github.com/maierfelix/Iroh) — A dynamic code analysis tool for JavaScript. Iroh allows to record your code flow in realtime, intercept runtime informations and manipulate program behaviour on the fly.\n  \n\n- [Jalangi2](https://github.com/Samsung/jalangi2) — Jalangi2 is a popular framework for writing dynamic analyses for JavaScript.\n  \n\n\u003ch2 id=\"php\"\u003ePHP\u003c/h2\u003e\n\n\n\n- [Enlightn](https://www.laravel-enlightn.com/) — A static and dynamic analysis tool for Laravel applications that provides recommendations to improve the performance, security and code reliability of Laravel apps. Contains 120 automated checks.\n  \n\n\u003ch2 id=\"python\"\u003ePython\u003c/h2\u003e\n\n\n\n- [CrossHair](https://github.com/pschanely/CrossHair) — Symbolic execution engine for testing Python contracts.\n  \n\n- [DynaPyt](https://github.com/sola-st/DynaPyt) — DynaPyt is a framework for writing dynamic analyses for Python. The analyses can also modify runtime values to alter the execution.\n  \n\n- [icontract](https://github.com/Parquery/icontract) — Design-by-contract library supporting behavioral subtyping\nThere is also a wider tooling around the icontract library such as  a linter (pyicontract-lint) and a plug-in for Sphinx (sphinx-icontract).\n  \n\n- [Scalene](https://github.com/emeryberger/scalene) — A high-performance, high-precision CPU and memory profiler for Python\n  \n\n- [typo](https://github.com/aldanor/typo) — Runtime Type Checking for Python 3.\n  \n\n\u003ch2 id=\"ruby\"\u003eRuby\u003c/h2\u003e\n\n\n\n- [suture](https://github.com/testdouble/suture) — A Ruby gem that helps you refactor your legacy code  by the result of some old behavior with a new version.\n  \n\n\u003ch2 id=\"rust\"\u003eRust\u003c/h2\u003e\n\n\n\n- [cargo-careful](https://github.com/RalfJung/cargo-careful) — Execute Rust code carefully, with extra checking along the way. It builds the standard library with debug assertions.\nHere are some of the checks this enables:\n* `get_unchecked` in slices performs bounds checks * `copy`, `copy_nonoverlapping`, and `write_bytes` check that pointers are aligned and non-null and (if applicable) non-overlapping `{NonNull,NonZero*,...}::new_unchecked` check that the value is valid * plenty of internal consistency checks in the collection types * mem::zeroed and the deprecated mem::uninitialized panic if the type does not allow that kind of initialization\n  \n\n- [hyperfine](https://github.com/sharkdp/hyperfine) — A command-line benchmarking tool It features statistical analysis across multiple runs, support for arbitrary shell commands, constant feedback about the benchmark progress and current estimates, warmup runs, a simple and expressive syntax, and more.\n  \n\n- [loom](https://github.com/tokio-rs/loom) — Concurrency permutation testing tool for Rust.  It runs a test many times, permuting the possible concurrent executions of that test.\n  \n\n- [MIRI](https://github.com/rust-lang/miri) — An interpreter for Rust's mid-level intermediate representation, which can detect certain classes of undefined behavior like out-of-bounds memory accesses and use-after-free.\n  \n\n- [puffin](https://github.com/EmbarkStudios/puffin) — Instrumentation profiler for Rust.\n  \n\n- [rust-san](https://github.com/japaric/rust-san) — How-to sanitize your Rust code with built-in Rust dynamic analyzers\n  \n\n- [stuck](https://github.com/jonhoo/stuck) — provides a visualization for quickly identifying common bottlenecks in running, asynchronous, and concurrent applications.\n  \n\n\u003ch2 id=\"sql\"\u003eSQL\u003c/h2\u003e\n\n\n\n- [WhiteHat Sentinel Dynamic](https://www.synopsys.com/software-integrity/security-testing/dast.html) :copyright: — Part of the WhiteHat Application Security Platform. Dynamic application security scanner that covers the OWASP Top 10.\n  \n\n\u003ch2 id=\"vbasic\"\u003eVisual Basic\u003c/h2\u003e\n\n\n\n- [VB Watch](https://www.aivosto.com/vbwatch.html) :copyright: — Profiler, Protector and Debugger for VB6. Profiler measures performance and test coverage. Protector implements robust error handling. Debugger helps monitor your executables.\n  \n\n\u003ch2 id=\"zig\"\u003eZig\u003c/h2\u003e\n\n\n\n- [poop](https://github.com/andrewrk/poop) — Performance Optimizer Observation Platform This command line tool uses Linux's `perf_event_open` functionality to compare the performance of multiple commands with a colorful terminal user interface. It is similar to `hyperfine`.\n  \n\n## Multiple languages\n\n\n\n- [allocscope](https://github.com/matt-kimball/allocscope) — allocscope is a tool for tracking down where the most egregiously large allocations are occurring in a C, C++ or Rust codebase. It is particularly intendend to be useful for developers who want to get a handle on excessive allocations and are working in a large codebase with multiple contributors with allocations occuring in many modules or libraries.\n  \n\n- [bytehound](https://github.com/koute/bytehound) — A memory profiler for Linux. Can be used to analyze memory leaks, see where exactly the memory is being consumed, identify temporary allocations and investigate excessive memory fragmentation.\n  \n\n- [CASR](https://crates.io/crates/casr) — Crash Analysis and Severity Report.\n  \n\n- [Code Pulse](http://code-pulse.com/) — Code Pulse is a free real-time code coverage tool for penetration testing activities by OWASP and Code Dx ([GitHub](https://github.com/codedx/codepulse)).\n  \n\n- [Sydr](https://sydr-fuzz.github.io/) :copyright: — Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle.\n  \n\n## Other\n\n\n\n\u003ch2 id=\"api\"\u003eAPI\u003c/h2\u003e\n\n\n\n- [Smartbear](https://smartbear.com/) :copyright: — Test automation and performance testing platform\n  \n\n\u003ch2 id=\"binary\"\u003eBinaries\u003c/h2\u003e\n\n\n\n- [angr](https://github.com/angr/angr) — Platform agnostic binary analysis framework from UCSB.\n  \n\n- [BOLT](https://github.com/facebookincubator/BOLT) — Binary Optimization and Layout Tool - A linux command-line utility used for optimizing performance of binaries  with profile guided permutation of linking to improve cache efficiency\n  \n\n- [Dr. Memory](https://drmemory.org/) — Dr. Memory is a memory monitoring tool capable of identifying memory-related programming errors ([Github](https://github.com/DynamoRIO/drmemory)).\n  \n\n- [DynamoRIO](http://www.dynamorio.org/) — Is a runtime code manipulation system that supports code transformations on any part of a program, while it executes.\n  \n\n- [llvm-propeller](https://github.com/google/llvm-propeller) — Profile guided hot/cold function splitting to improve cache efficiency. An alternative to BOLT by Facebook\n  \n\n- [Pin Tools](https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool) — A dynamic binary instrumentation tool and a platform for creating analysis tools.\n  \n\n- [TRITON](https://triton.quarkslab.com/) — Dynamic Binary Analysis for x86 binaries.\n  \n\n\u003ch2 id=\"bytecode\"\u003eBytecode/IR\u003c/h2\u003e\n\n\n\n- [souper](https://github.com/google/souper) — optimize LLVM IR with SMT solvers\n  \n\n\u003ch2 id=\"cloud\"\u003eCloud\u003c/h2\u003e\n\n\n\n- [prowler](https://prowler.pro) — Prowler is an Open Source security tool to perform AWS and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.\nIt contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.\n  \n\n\u003ch2 id=\"container\"\u003eContainers\u003c/h2\u003e\n\n\n\n- [cadvisor](https://github.com/google/cadvisor) — Analyzes resource usage and performance characteristics of running containers.\n  \n\n\u003ch2 id=\"laravel\"\u003eLaravel\u003c/h2\u003e\n\n\n\n- [Enlightn](https://www.laravel-enlightn.com/) — A static and dynamic analysis tool for Laravel applications that provides recommendations to improve the performance, security and code reliability of Laravel apps. Contains 120 automated checks.\n  \n\n\u003ch2 id=\"security\"\u003eSecurity/DAST\u003c/h2\u003e\n\n\n\n- [AppScan Standard](https://www.hcltechsw.com/products/appscan) :copyright: — HCL's AppScan is a dynamic application security testing suite (previously by IBM)\n  \n\n- [Enlightn](https://www.laravel-enlightn.com/) — A static and dynamic analysis tool for Laravel applications that provides recommendations to improve the performance, security and code reliability of Laravel apps. Contains 120 automated checks.\n  \n\n- [WhiteHat Sentinel Dynamic](https://www.synopsys.com/software-integrity/security-testing/dast.html) :copyright: — Part of the WhiteHat Application Security Platform. Dynamic application security scanner that covers the OWASP Top 10.\n  \n\n\u003ch2 id=\"web\"\u003eWeb\u003c/h2\u003e\n\n\n\n- [Smartbear](https://smartbear.com/) :copyright: — Test automation and performance testing platform\n  \n\n\u003ch2 id=\"webassembly\"\u003eWebAssembly\u003c/h2\u003e\n\n\n\n- [Wasabi](https://github.com/danleh/wasabi) — Wasabi is a framework for writing dynamic analyses for WebAssembly, written in JavaScript.\n  \n\n\u003ch2 id=\"xml\"\u003eXML\u003c/h2\u003e\n\n\n\n- [WhiteHat Sentinel Dynamic](https://www.synopsys.com/software-integrity/security-testing/dast.html) :copyright: — Part of the WhiteHat Application Security Platform. Dynamic application security scanner that covers the OWASP Top 10.\n  \n\n## License\n\n[![CC0](https://i.creativecommons.org/p/zero/1.0/88x31.png)](https://creativecommons.org/publicdomain/zero/1.0/)\n\nTo the extent possible under law, [Matthias Endler](https://endler.dev) has waived all copyright and related or neighboring rights to this work.\nThe underlying source code used to format and display that content is licensed under the MIT license.\n\nTitle image [Designed by Freepik](http://www.freepik.com).","funding_links":["https://github.com/sponsors/analysis-tools-dev","https://opencollective.com/analysis-tools"],"categories":["Markdown","Uncategorized","Talks","Other Lists","Rust (42)","Application Security","Rust","Project","Starchart"],"sub_categories":["Uncategorized","Frameworks","TeX Lists","DAST","Program Analysis"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanalysis-tools-dev%2Fdynamic-analysis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanalysis-tools-dev%2Fdynamic-analysis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanalysis-tools-dev%2Fdynamic-analysis/lists"}