static-analysis
⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
https://github.com/analysis-tools-dev/static-analysis
Last synced: 8 days ago
JSON representation
-
Programming Languages
- rustfmt
- RustViz - flow in Rust programs.
- dbcritic
- pgspot
- sleek
- SQLFluff
- sqlint
- bashate
- kmdr
- shellcheck
- shellharden - automate the rewriting of scripts to ShellCheck conformance, mainly focused on quoting.
- Frink
- Angular ESLint
- ENRE-ts - ts is a ENtity Relationship Extractor for ECMAScript and TypeScript based on @babel/parser.
- this issue - eslint` is now your best option for linting TypeScript.
- TypeScript Call Graph
- TypeScript ESLint
- svls
- verible-linter-action
- vscode-verilog-hdl-support
- Twiggy
- wasm-language-tools - of-the-box formatter (a.k.a. pretty printer) for WebAssembly Text Format.
- Checker Framework - checking for Java. This is not just a bug-finder, but a verification tool that gives a guarantee of correctness. It comes with 27 pre-built type systems, and it enables users to define their own type system; the manual lists over 30 user-contributed type systems.
- WAP
- fprettify - formatter for modern fortran source code, written in Python.
- PHP Semantic Versioning Checker
- wily - line tool for archiving, exploring and graphing the complexity of Python source code.
- `radon`
- Roodi
- TangleGuard
- CodeDepends
- gocyclo
- Code Pathfinder - source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced structural search, derive insights, find vulnerabilities in code.
- clj-kondo
- fb-contrib
- deprecation-detector
- lintr
- scapegoat
- Designite
- DesigniteJava
- Dodgy
- pyre-check
- lll
- pyrefly
- JLiSA - based static analyzer for Java build upon the [LiSA](https://github.com/lisa-analyzer/lisa) framekwork.
- Pyra - level linter static analyzer for data science applications written in Python, that helps developers identify potential issues in their data science code written in Python, as an extension of [Lyra](https://github.com/caterinaurban/Lyra).
- dupl
- goast
- Rudra
- CBMC - checker for C programs, user-defined assertions, standard assertions, several coverage metric analyses.
- ESBMC - bounded model checker based on satisfiability modulo theories for the verification of single- and multi-threaded C/C++ programs.
- LDRA
- NDepend
- dialyzer
- Reviewdog
- ckjm - oriented metrics by processing the bytecode of compiled Java files.
- escomplex - family abstract syntax trees.
- standard
- PhpMetrics
- mypy
- pylint
- R Language Server
- Rubrowser
- Sorbet
- rust-audit
- Scalastyle
-
Sponsors
Programming Languages
Categories
Sub Categories
Keywords
static-analysis
45
linter
40
security
23
python
20
golang
19
go
19
php
16
static-code-analysis
15
lint
15
rust
12
formatter
11
security-tools
11
kubernetes
10
ruby
9
cli
9
static-analyzer
8
typescript
8
code-quality
8
javascript
7
java
7
devsecops
6
code-analysis
6
docker
6
eslint
6
security-audit
6
linters
6
vulnerability
5
vulnerabilities
5
security-scanner
5
containers
5
analyzer
5
compliance
5
architecture
4
quality
4
analysis
4
program-analysis
4
vulnerability-scanners
4
ast
4
nodejs
4
elixir
4
tool
4
best-practices
4
testing
4
linting
4
cargo
4
sast
4
metrics
3
checker
3
parser
3
rails
3