static-analysis

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
https://github.com/analysis-tools-dev/static-analysis

Last synced: 3 days ago
JSON representation

Other
- BinSkim
- bloaty - O parsers, Bloaty aims to accurately attribute every byte of the binary to the symbol or compileunit that produced it. It will even disassemble the binary looking for references to anonymous data. F
- cwe_checker
- Jakstab - based, integrated disassembly and static analysis framework for designing analyses on executables and recovering reliable control flow graphs.
- Malcat - code). Features rapid analysis, embedded file extraction, Yara signature scanning, anomaly detection, and Python scripting. Designed for malware analysts, SOC operators, incident responders, and CTF players.
- Nauz File Detector
- VMware chap - instrumented ELF core files for leaks, memory growth, and corruption. It is sufficiently reliable that it can be used in automation to catch leaks before they are committed. As an interactive tool, it helps explain memory growth, can identify some forms of corruption, and supplements a debugger by giving the status of various memory locations.
- checkmake
- CSScomb
- Nu Html Checker
- Specificity Graph
- gixy
- AWS CloudFormation Guard - as-code rules and generate rules from existing templates.
- cfn_nag
- metadata-json-lint
- terrascan
- tfsec
- clair
- Dockle - Practice Docker Image. Scans Docker images for security vulnerabilities and CIS Benchmark compliance. Checks for secrets, credential exposure, and security best practices. Provides multiple severity levels (FATAL, WARN, INFO) and supports various output formats for CI/CD integration.
- Grype
- krane
- Code Climate
- PullRequest - in static analysis. Increase velocity and reduce technical debt through quality code review by expert engineers backed by best-in-class automation.
- deno_lint
- Cloud (IaC) Security for JetBrains IDEs - time inspections of Docker & Kubernetes IaC with 50+ rules based on Docker image/build security best practices, Kubernetes Pod Security Standards, and NSA/CISA Kubernetes Hardening Guidance.
- oelint-adv - embedded and YOCTO
- Bootlint
- chart-testing
- clusterlint
- klint
- kube-lint - lint will evaluate those rules against them.
- kube-linter
- kubeconform
- markdownlint - based style checker and lint tool for Markdown/CommonMark files.
- mdsf
- Android Lint
- FlowDroid
- deadnix
- lockfile-lint
- rpmlint
- promval
- protolint
- Credential Digger - model). This scanner is able to detect passwords and non structured tokens with a low false positive rate.
- detect-secrets
- Gitleaks
- OWASP Noir
- PT Application Inspector
- Rezilion - exploitable vulnerabilities and creates a remediation plan and open tickets to upgrade components that violate your security policy and/or patch automatically in CI.
- scorecard - Security health metrics for Open Source
- Tsunami Security Scanner - like vulnerabilities with high confidence. Custom detectors for finding vulnerabilities (e.g. open APIs) can be added.
- mythril
- LibVCS4j
- ember-template-lint
- haml-lint
- slim-lint
- codespell
- misspell-fixer
- proselint
- write-good
- Ghidra
- Neurolint-CLI - based transformations.
- statix
- tflint
- mdl
- Manalyze
- ansible-lint
- promformat
- axe-core
- Pa11y - core from the command line. Supports CI/CD integration, multiple reporters, and testing against WCAG 2.1 AA standards.
- packj - source software packages for "risky" attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports.
- kube-hunter
- yamllint
- vale - aware linter for prose built with speed and extensibility in mind.
- commitlint
Programming Languages
- Codepeer - time and logic errors.
- Polyspace for Ada - by-zero, out-of-bounds array access, and certain other run-time errors in source code.
- SPARK
- gawk --lint
- Astrée - point computations, very fast, and exceptionally precise. The analyzer also checks for MISRA/CERT/CWE/Adaptive Autosar coding rules and supports qualification for ISO 26262, DO-178C level A, and other safety standards. Jenkins and Eclipse plugins are available.
- GCC
- Helix QAC - grade static analysis for embedded software. Supports MISRA, CERT, and AUTOSAR coding standards.
- KLEE - generate test cases for programs such that the test cases exercise as much of the program as possible.
- PC-lint
- Polyspace Bug Finder - time errors, concurrency issues, security vulnerabilities, and other defects in C and C++ embedded software.
- Polyspace Code Prover - by-zero, out-of-bounds array access, and certain other run-time errors in C and C++ source code.
- scan-build
- vera++
- .NET Analyzers
- coffeelint
- Dart Code Metrics - patterns and provides additional rules for Dart analyzer.
- effective_dart
- Fix Insight
- Pascal Analyzer
- Pascal Expert
- elm-review
- dialyzer
- goimports
- gotype
- govulncheck
- test
- Stan - line tool for analysing Haskell projects and outputting discovered vulnerabilities in a helpful way with possible solutions for detected problems.
- Haxe Checkstyle
- Closure Compiler
- Luanalysis
- mlint
- DrNim
- nimfmt
- CakeFuzzer - based web applications. CakeFuzzer employs a predefined set of attacks that are randomly modified before execution. Leveraging its deep understanding of the Cake PHP framework, Cake Fuzzer launches attacks on all potential application entry points.
- EasyCodingStandard - CS-Fixer](https://github.com/FriendsOfPHP/PHP-CS-Fixer).
- pdepend
- phan
- PHP Coding Standards Fixer - 1, PSR-2, and the Symfony standard.
- PHP Insights
- Php Inspections (EA Extended)
- PHP_CodeSniffer
- PhpMetrics
- PHPStan - discover bugs in your code without running it!
- Psalm
- rector - positive rate because it looks for narrowly defined AST (abstract syntax tree) patterns. The main use-case are tackling technical debt in your legacy code and removing dead code. Rector provides a set of special rules for Symfony, Doctrine, PHPUnit, and many more.
- ZPA
- Perl::Critic - practices.
- perltidy
- bandit
- Bowler
- deal - free code. By adding a few decorators to your code, you get for free tests, static analysis, formal verification, and much more.
- fixit - fixes for source code.
- jedi
- mypy
- pyanalyze
- PyCodeQual
- pycodestyle
- pydocstyle
- pylint
- Pysa - check to identify potential security issues in Python code identified with taint analysis.
- pyupgrade - commit hook) to automatically upgrade syntax for newer versions of the language.
- radon
- ruff - 100x faster than existing linters. Compatible with Python 3.10. Supports file watcher.
- unimport
- wemake-python-styleguide
- xenon
- styler - printing of R code.
- flay
- flog
- Railroader
- RuboCop
- ruby-lint
- SandiMeter
- Sorbet
- C2Rust - compliant code to Rust. The translator (or transpiler) produces unsafe Rust code that closely mirrors the input C code.
- cargo-audit - db/).
- cargo-semver-checks - plz`. It found semver violations in [more than 1 in 6 of the top 1000 most-downloaded crates](https://predr.ag/blog/semver-violations-are-common-better-tooling-is-the-answer/) on crates.io.
- diff.rs
- Prusti
- rust-analyzer
- holistic
- SQLFluff
- squawk
- Visual Expert
- WartRemover
- sh
- SwiftFormat - line formatting tool for reformatting Swift code.
- Frink
- Nagelfar
- tclchecker
- Codelyzer
- fta - based static analysis for TypeScript projects
- stc
- tslint-clean-code
- zod - first schema validation with static type inference. The goal is to eliminate duplicative type declarations. With Zod, you declare a validator once and Zod will automatically infer the static TypeScript type. It is easy to compose simpler types into complex data structures.
- DesigniteJava
- ruby-lint
- goodpractice - practice recommendations.
- electrolysis
- IKOS
- TrustInSoft Analyzer - of-bounds array accesses, null-pointer dereferences, use-after-free, divide-by-zeros, uninitialized memory accesses, signed overflows, invalid pointer arithmetic, etc.), data flow and control flow verification as well as full functional verification of formal specifications. All versions of C up to C18 and C++ up to C++20 are supported. TrustInSoft Analyzer will acquire ISO 26262 qualification in Q2'2023 (TCL3). A MISRA C checker is also bundled.
- Regal
- MIRAI - level intermediate language, and providing warnings based on taint analysis.
- STOKE - language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations.
- clazy - oriented static code analyzer based on the Clang framework. clazy is a compiler plugin which allows clang to understand Qt semantics. You get more than 50 Qt related compiler warnings, ranging from unneeded memory allocations to misusage of API, including fix-its for automatic refactoring.
- CMetrics
- cqmetrics
- ESBMC - bounded model checker based on satisfiability modulo theories for the verification of single- and multi-threaded C/C++ programs.
- ENRE-cpp - cpp is a ENtity Relationship Extractor for C/C++ based on @eclipse/CDT. (Under development)
- cppcheck
- CppDepend
- clang-tidy - based C++ linter tool with the (limited) ability to fix issues, too.
- cpplint
- KLEE - generate test cases for programs such that the test cases exercise as much of the program as possible.
- splint - assisted static program checker.
- SVF
- ArchUnitNET
- Meziantou.Analyzer
- SonarAnalyzer.CSharp
- Wintellect.Analyzers
- lint - driven set of lint rules for Dart and Flutter projects. Like pedantic but stricter
- DelphiLint - the-fly code analysis and linting, powered by SonarDelphi.
- SonarDelphi
- D-scanner - Scanner is a tool for analyzing D source code.
- credo
- dialyxir

Programming Languages

Go 46 Python 39 Rust 27 Ruby 23 PHP 22 Java 15 JavaScript 11 C++ 10 C# 8 TypeScript 6

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

static-analysis

Other

Programming Languages