Static code analysis
  
  Static program analysis (or static analysis) is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution.
- GitHub: https://github.com/topics/static-code-analysis
- Related Topics: dynamic-code-analysis, testing,
- Aliases: static-program-analysis,
- Last updated: 2025-10-17 00:29:57 UTC
- JSON Representation
https://github.com/jetbrains/qodana-action
⚙️ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle
actions azure-extensions azure-pipelines code-quality code-review code-scanning devsecops dotnet github-actions go java javascript kotlin php python qodana sarif static-analysis static-code-analysis typescript
Last synced: 15 May 2025
https://github.com/cs-au-dk/TIP
Static program analysis for TIP
pointer-analysis points-to-analysis program-analysis static-analyzer static-code-analysis
Last synced: 27 Feb 2025
https://github.com/scheb/tombstone
Dead code detection with tombstones for PHP 🪦🧟
dead-code-removal dynamic-code-analysis static-code-analysis tombstones
Last synced: 14 Apr 2025
https://github.com/jfmengels/elm-review
Analyzes Elm projects, to help find mistakes before your users find them.
code-quality elm elm-lang elm-review linter quality static-code-analysis
Last synced: 15 May 2025
https://github.com/codeintegrity-ai/mutahunter
Open Source, Language Agnostic Mutation Testing
artificial-intelligence automated-testing llm-agent mutation-testing software-testing static-code-analysis test-automation unit-testing
Last synced: 05 Apr 2025
https://github.com/usagitoneko97/klara
Automatic test case generation for python and static analysis library
ast cfg python ssa static-analysis static-code-analysis
Last synced: 29 Mar 2025
https://github.com/webarx-security/wpbullet
A static code analysis for WordPress (and PHP)
cyber-security security static-code-analysis wordpress wordpress-development
Last synced: 01 Aug 2025
https://github.com/abaplint/abaplint
Standalone static analysis for ABAP
abap abaplint code-quality-analyzer hacktoberfest linter static-analysis static-code-analysis
Last synced: 15 May 2025
https://github.com/Feysh-Group/corax-community
Corax for Java: A general static analysis framework for java code checking.
abstract-interpretation code-analysis cwe flowdroid java owasp program-analysis sarif sast security security-audit software-analysis soot static-analysis static-code-analysis taint-analysis vulnerability
Last synced: 27 Feb 2025
https://github.com/dmitrytsepelev/rubocop-graphql
Rubocop extension for enforcing graphql-ruby best practices
best-practices graphql linter rubocop rubocop-graphql ruby static-code-analysis
Last synced: 14 May 2025
https://github.com/DmitryTsepelev/rubocop-graphql
Rubocop extension for enforcing graphql-ruby best practices
best-practices graphql linter rubocop rubocop-graphql ruby static-code-analysis
Last synced: 16 Jul 2025
https://github.com/felipebz/zpa
Parser and static code analysis tool for PL/SQL and Oracle SQL.
analysis code-analysis code-quality grammar oracle-forms oracle-sql parser plsql plsql-analyzer plsql-parser sonarqube sql-analyzer static-analysis static-code-analysis
Last synced: 14 Mar 2025
https://github.com/touk/sputnik
Static code review for your Gerrit patchsets. Runs Checkstyle, PMD, FindBugs, Scalastyle, CodeNarc, JSLint for you!
automated-tests codenarc findbugs gerrit java jslint pmd review sputnik static-code-analysis
Last synced: 04 Oct 2025
https://github.com/cs-au-dk/TAJS
Type Analyzer for JavaScript
javascript program-analysis static-analyzer static-code-analysis type-checking
Last synced: 27 Feb 2025
https://github.com/realvizu/NsDepCop
NsDepCop is a static code analysis tool that helps to enforce namespace dependency rules in C# projects. No more unplanned or unnoticed dependencies in your system.
csharp dependencies dependency-analysis dotnet msbuild namespace nuget static-code-analysis visual-studio-extension
Last synced: 14 Mar 2025
https://github.com/jetbrains/qodana-cli
🔧 JetBrains Qodana’s official command line tool
ci cli code-quality code-review code-scanning devsecops java javascript kotlin php python qodana sarif sarif-report static-code-analysis typescript
Last synced: 15 May 2025
https://github.com/Perl-Critic/Perl-Critic
The leading static analyzer for Perl. Configurable, extensible, powerful.
perl perl-best-practices static-analysis static-code-analysis
Last synced: 24 Apr 2025
https://github.com/chebuya/sastsweep
Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets
cli owasp sast security-audit security-research security-scanner semgrep static-code-analysis vulnerability-research vulnerability-scanners
Last synced: 12 Jul 2025
https://github.com/exussum12/coveragechecker
Allows old code to use new standards
codeclimate coverage diff filter hacktoberfest jacoco phan php phpcs phpmd phpstan phpunit pylint qa quality quality-control standalone-php-library standard-conform standards static-code-analysis
Last synced: 16 May 2025
https://github.com/cflint/CFLint
Static code analysis for CFML (a linter)
cfml code-quality coldfusion findbugs lint linter lucee static-analysis static-code-analysis
Last synced: 26 Mar 2025
https://github.com/phpstan/phpstan-webmozart-assert
PHPStan extension for webmozart/assert
assert php php7 phpstan static-analysis static-code-analysis
Last synced: 14 May 2025
https://github.com/mebigfatguy/fb-contrib
a FindBugs/SpotBugs plugin for doing static code analysis for java code bases
findbugs findbugs-plugin java static-code-analysis
Last synced: 16 May 2025
https://github.com/walkmod/walkmod-core
walkmod: an open source tool to fix coding style issues
conventions fixer java static-code-analysis technical-debt
Last synced: 27 Feb 2025
https://github.com/suned/pfun
Functional, composable, asynchronous, type-safe Python.
async asyncio curry currying effect-system effects functional-programming immutable immutable-collections immutable-datastructures immutable-objects mypy python-3 python3 static-code-analysis type-safety types zio
Last synced: 04 Jul 2025
https://github.com/tomasbjerre/violations-lib
Java library for parsing report files from static code analysis.
android-lint checkstyle clang codenarc cppcheck cpplint css-linter detekt eslint findbugs golint jshint ktlint phpcs resharper rubycop spotbugs static-code-analysis stylecop swiftlint
Last synced: 12 Apr 2025
https://github.com/usyd-blockchain/vandal
Static program analysis framework for Ethereum smart contract bytecode.
blockchain decompiler ethereum ethereum-contracts evm smart-contracts static-code-analysis static-pro
Last synced: 21 Oct 2025
https://github.com/thesp0nge/owasp-orizon
Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.
code-review j2ee java owasp static-code-analysis vulnerability-scanners
Last synced: 12 Oct 2025
https://github.com/chrisallenlane/drek
A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.
information-security security-audit static-code-analysis
Last synced: 17 Mar 2025
https://github.com/zaid-ajaj/npgsql.fsharp.analyzer
F# analyzer that provides embedded SQL syntax analysis, type-checking for parameters and result sets and nullable column detection when writing queries using Npgsql.FSharp.
analyzer fsharp ionide npgsql postgres static-code-analysis
Last synced: 16 Mar 2025
https://github.com/pytorch-labs/torchfix
TorchFix - a linter for PyTorch-using code with autofix support
flake8 flake8-plugin hacktoberfest linter python pytorch static-analysis static-code-analysis
Last synced: 11 Apr 2025
https://github.com/jeromedalbert/rubocop-obsession
RuboCop extension focused on higher-level concepts, like checking that code reads from top to bottom
code-formatter linter rubocop ruby static-code-analysis
Last synced: 16 May 2025
https://github.com/alexkohler/nakedret
nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.
go golang static-analysis static-analyzer static-code-analysis
Last synced: 11 May 2025
https://github.com/foospidy/grepbugs
A regex based source code scanner.
cloc grep python regex scanner static-analyzer static-code-analysis
Last synced: 12 Apr 2025
https://github.com/feramhq/FastLint-Issues
FastLint automatically finds bugs in your code with cutting-edge AI-powered code analysis
ai chatgpt code-analysis code-review fastlint gpt-4 static-code-analysis
Last synced: 22 Jul 2025
https://github.com/wttech/aem-rules-for-sonarqube
SonarQube plugin with set of rules detecting possible bugs and bad smells specific for AEM development.
aem java quality slice sling sling-models sonar sonarqube static-code-analysis
Last synced: 05 Apr 2025
https://github.com/codeclimate/codeclimate-duplication
Code Climate engine for code duplication analysis
code-quality codeclimate codeclimate-engine duplication javascript php python quality ruby static-analysis static-code-analysis
Last synced: 12 Apr 2025
https://github.com/tylerwince/flake8-bandit
Automated security testing using bandit and flake8.
bandit flake8 security security-automation security-tools static-code-analysis vulnerability-detection
Last synced: 08 May 2025
https://github.com/okeuday/pest
:beetle: Primitive Erlang Security Tool
elixir elixir-security erlang erlang-security security security-audit security-scanner static-analysis static-code-analysis vulnerability-detection
Last synced: 26 Oct 2025
https://github.com/standard/eslint-config-standard-jsx
ESLint Shareable Config for JSX support in JavaScript Standard Style
development ecmascript es6 eslint javascript linter nodejs standard static-code-analysis style-guide
Last synced: 12 Apr 2025
https://github.com/phpstan/phpstan-nette
Nette Framework class reflection extension for PHPStan & framework-specific rules
nette-framework php php7 phpstan static-analysis static-analyzer static-code-analysis testing
Last synced: 15 May 2025
https://github.com/codeclimate/codeclimate-eslint
Code Climate Engine for ESLint
code-quality codeclimate codeclimate-engine es6 eslint javascript linter linting quality static-analysis static-code-analysis
Last synced: 09 Apr 2025
https://github.com/priv-kweihmann/meta-sca
Layer for static code analysis and security hardening
bitbake c cxx defense-in-depth embedded-linux go jenkins linter linux perl poky python security-hardening shellscript static-code-analysis yocto
Last synced: 05 Apr 2025
https://github.com/linthtml/linthtml
The html5 linter and validator.
cli hint html lint linter linting static-code-analysis
Last synced: 11 May 2025
https://github.com/jenkinsci/analysis-model
A library to read static analysis reports into a Java object model
checkstyle eslint hacktoberfest java pmd spotbugs static-analysis static-code-analysis
Last synced: 10 Apr 2025
https://github.com/kidkarolis/healthier
🧘♀️ Healthier is an opinionated style agnostic code linter – a friendly companion to Prettier
development ecmascript eslint javascript linter nodejs prettier standard static-code-analysis
Last synced: 20 Aug 2025
https://github.com/KidkArolis/healthier
🧘♀️ Healthier is an opinionated style agnostic code linter – a friendly companion to Prettier
development ecmascript eslint javascript linter nodejs prettier standard static-code-analysis
Last synced: 13 May 2025
https://github.com/hylang/hydiomatic
The Hy Transformer
hy logic-programming minikanren python static-code-analysis symbolic-computation
Last synced: 15 Apr 2025
https://github.com/mkohm/detekt-hint
Detection of design principle violations in Kotlin as a plugin to detekt.
anti-patterns code-quality code-smells danger design-principles detections detekt detekt-hint detekt-plugin kotlin programming-principles software-architecture static-code-analysis
Last synced: 16 Mar 2025
https://github.com/phpstan/phpstan-mockery
PHPStan extension for Mockery
mockery php php7 phpstan static-analysis static-code-analysis
Last synced: 04 Apr 2025
https://github.com/qiniu/reviewbot
Empower Your Code Quality with Self-Hosted Automated Analysis and Review
code-quality code-review codereview linter static-code-analysis
Last synced: 05 May 2025
https://github.com/konrad1977/loco
A linter for Swift Localizations
cli linter localization-management static-code-analysis swift xcode
Last synced: 22 Jul 2025
https://github.com/alexkohler/unimport
unimport is a Go static analysis tool to find unnecessary import aliases.
go golang static-analysis static-analyzer static-code-analysis
Last synced: 07 May 2025
https://github.com/codeclimate/codeclimate-rubocop
Code Climate Engine for Rubocop
code-quality codeclimate codeclimate-engine complexity linter linting metrics performance quality rails rubocop ruby security static-analysis static-code-analysis
Last synced: 04 Sep 2025
https://github.com/MGamalE/Android-CICD
This repo demonstrates how to work on CI/CD for Mobile Apps :iphone: using Github Actions :pill: + Firebase Distribution :tada:
actions actionshackathon21 android android-ci ci ci-cd cicd continuous-delivery continuous-deployment continuous-integration firebase firebase-distribution github-actions kotlin-android linter linting sonarcloud sonarqube static-code-analysis
Last synced: 10 Mar 2025
https://github.com/yamadashy/phpstan-friendly-formatter
🤝 A friendly error formatter extension for PHPStan that provides more readable and informative output, including code snippets and color highlighting.
code-quality developer-tools php php8 phpstan phpstan-extension static-analysis static-code-analysis testing
Last synced: 05 Apr 2025
https://github.com/microsoft/cmd-call-graph
A simple tool to generate a call graph for calls within Windows CMD (batch) files.
batch-file batch-script call-graph call-graph-analysis python static-code-analysis
Last synced: 21 Aug 2025
https://github.com/htrgouvea/zarn
A lightweight static security analysis tool for modern Perl Apps
sast security static-analysis static-code-analysis
Last synced: 14 Oct 2025
https://github.com/jborgers/pmd-jpinpoint-rules
PMD rule set for responsible Java and Kotlin coding: performance, sustainability, multi-threading, data mixup and more.
concurrency data-mixup java kotlin multi-threading performance pmd pmd-plugin quality-assurance ruleset static-code-analysis sustainability
Last synced: 08 Jul 2025
https://github.com/rubocop/vscode-rubocop
The official VS Code extension for the RuboCop linter and code formatter.
code-formatter linter rubocop ruby static-code-analysis vscode-extension
Last synced: 08 Apr 2025
https://github.com/cathive/concourse-sonarqube-resource
performs SonarQube analyses and checks quality gates https://concourse-ci.org/ https://sonarqube.org/
code-quality concourse-ci concourse-ci-resource concourse-resource continuous-integration pipeline quality-gate quality-gates sonar-scanner sonarcloud sonarqube sonarqube-analysis sonarqube-scanner static-code-analysis
Last synced: 28 Feb 2025
https://github.com/qasimwani/gct
Graphical Code Tracer (GCT): Visualize code at lightning speed
ast graphviz python static-code-analysis visualization
Last synced: 12 Apr 2025
https://github.com/rsoesemann/codeclimate-apexmetrics
ApexMetrics - Code Climate engine for Salesforce [DISCONTINUED use CC PMD instead)
apex clean-code codeclimate linter pmd salesforce static-code-analysis
Last synced: 22 Mar 2025
https://github.com/rsoesemann/unhappy-soup
Problematic Salesforce code to showcase how PMD can find it
apex continuous-integration pmd salesforce static-code-analysis
Last synced: 19 Mar 2025
https://github.com/eslintcc/eslintcc
Complexity of Code - JavaScript/TypeScript
complexity eslint javascript linter static-code-analysis typescript
Last synced: 09 Apr 2025
https://github.com/utkarsh2102/rubocop-packaging
A RuboCop extension focused on enforcing upstream best practices and coding conventions.
code-formatter downstream linter packaging rubocop ruby static-code-analysis upstream
Last synced: 04 Apr 2025
https://github.com/phpstan/phpstan-beberlei-assert
PHPStan extension for beberlei/assert
assert php php7 phpstan static-analysis static-code-analysis
Last synced: 07 Apr 2025
https://github.com/codeface-io/codeface
Mac App for Architecture Analytics
clean-architecture clean-code macos software-architecture static-code-analysis swift swiftui
Last synced: 14 Jul 2025
https://github.com/skryukov/rubocop-gradual
Gradually improve your code with RuboCop
code-formatter hacktoberfest linter rubocop ruby static-code-analysis
Last synced: 14 Jun 2025
https://github.com/concurrency-lab/parallelhelper
Parallel Helper is a static code analyzer for C# projects that supports the development of parallel and asynchronous code. The analyzer is built with the help of the .NET Compiler Platform (Roslyn) and is available as a NuGet package as well as a Visual Studio extension.
analyzer async asynchronous await best-practices bugs code-quality concurrency csharp dotnet nuget parallel quality-control roslyn static-code-analysis visual-studio
Last synced: 04 Oct 2025
https://github.com/pwittchen/android-quality-starter
setup CheckStyle, FindBugs, PMD and Lint for your Android project easily
android checkstyle findbugs gradle lint pmd quality static-code-analysis
Last synced: 13 Apr 2025
https://github.com/standard/standard-packages
List of packages that use `standard`
development ecmascript ecosystem es6 eslint javascript linter nodejs standard static-code-analysis style style-guide
Last synced: 25 Apr 2025
https://github.com/jayclassless/tidypy
A tool that executes a suite of static analysis tools upon a Python project.
code-quality development linter python static-analysis static-code-analysis tool
Last synced: 25 Sep 2025
https://github.com/priv-kweihmann/systemdlint
Systemd Linter
qatools static-code-analysis systemd
Last synced: 07 Apr 2025
https://github.com/vanhauser-thc/vulntest
Static code analysis test source code
Last synced: 14 Oct 2025
https://github.com/Concurrency-Lab/ParallelHelper
Parallel Helper is a static code analyzer for C# projects that supports the development of parallel and asynchronous code. The analyzer is built with the help of the .NET Compiler Platform (Roslyn) and is available as a NuGet package as well as a Visual Studio extension.
analyzer async asynchronous await best-practices bugs code-quality concurrency csharp dotnet nuget parallel quality-control roslyn static-code-analysis visual-studio
Last synced: 09 Apr 2025
https://github.com/alisqi/twigqi
TwigQI: Static code analysis for Twig templates
code-quality static-code-analysis twig twig-extension
Last synced: 15 Oct 2025
https://github.com/jaredsburrows/android-gradle-java-multi-module-template
Static analysis tools: PMD, Findbugs, Checkstyle, Lint and Jacoco on multi module build with an Android app module, Android library module and a Java module
android-java-multi android-library checkstyle coverage findbugs gradle instrumentation-tests jacoco java lint pmd static static-analysis static-code-analysis
Last synced: 13 Feb 2025
https://github.com/standard/standard-www
:point_up_2: Website for JavaScript Standard Style (@standard)
development ecmascript es6 eslint javascript linter nodejs standard static-code-analysis style style-guide
Last synced: 22 Jul 2025
https://github.com/ccoveille/golangci-lint-config-examples
These are .golangci.yml to go based on your need
configuration-files go golang golangci golangci-lint linter linter-config linters-config static-analysis static-code-analysis
Last synced: 02 Sep 2025
https://github.com/scheb/tombstone-analyzer
[READ ONLY] Report generation for Tombstones created with the scheb/tombstone-logger library
dead-code-removal dynamic-code-analysis static-code-analysis tombstones
Last synced: 05 Apr 2025
https://github.com/codeclimate/codeclimate-phpcodesniffer
Code Climate Engine for PHP Code Sniffer
code-quality codeclimate codeclimate-engine hacktoberfest metrics php php-codesniffer quality static-analysis static-code-analysis
Last synced: 02 May 2025
https://github.com/riron/effects-mapper
📑 Effects mapper for @ngrx/effects
angular mapper ngrx reactive rxjs static-code-analysis typescript visualizer
Last synced: 15 Apr 2025
https://github.com/metadrop/drupal-boilerplate
Drupal projects up and running with Docker and many other tools in minutes
backstopjs behat boilerplate docker drupal drush starter-kit static-code-analysis template
Last synced: 10 Aug 2025
https://github.com/evincarofautumn/ward
A static analysis tool for C.
c haskell locking signals static-analysis static-code-analysis
Last synced: 13 Apr 2025
https://github.com/rentalhost/laravel-insight
IDEA plugin to works with Laravel Framework.
intellij intellij-plugin java laravel laravel-framework php phpstorm phpstorm-plugin static-analysis static-code-analysis
Last synced: 19 Apr 2025
https://github.com/glayzzle/php-reflection
:mag_right: Nodejs Reflection API for PHP files based on the php-parser
php reflection static-code-analysis tooling
Last synced: 04 May 2025
https://github.com/mysticatea/eslint-plugin
ESLint configurations and additional rules for me
ecmascript eslint eslint-plugin javascript static-code-analysis
Last synced: 25 Aug 2025
https://github.com/karlosagudo/fixtro
A QA static analysis code, with a different approach
php php7 qatools static-analysis static-code-analysis
Last synced: 25 Apr 2025
https://github.com/securesauce/precli
Precaution CLI - command line static application security testing tool
command-line go java python sast security security-tools static-analysis static-code-analysis
Last synced: 09 Apr 2025
https://github.com/koic/rubocop-faker
A RuboCop extension for Faker.
converter faker linter rubocop ruby static-code-analysis
Last synced: 05 Apr 2025
https://github.com/jenkinsci/violation-comments-to-gitlab-plugin
Comments GitLab merge requests with static code analyzer findings.
gitlab-plugin jenkins-plugin pipeline static-code-analysis violation-comments
Last synced: 12 Jul 2025
https://github.com/dariuszporowski/github-action-gitleaks
This GitHub Action allows you to run Gitleaks in your GitHub workflow.
devsecops github-actions gitleaks sast secrets secrets-detection secrets-management secrets-scan secrets-scanner security-scan security-scanner static-code-analysis
Last synced: 10 Aug 2025
https://github.com/IQTLabs/AuraBorealisApp
Do You Know What's In Your Python Packages? A Tool for Visualizing Python Package Registry Security Audit Data
flask malware pypi registry security security-audit security-tools static-analysis static-code-analysis
Last synced: 11 Jul 2025
https://github.com/correia-jpv/fucking-static-analysis
⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more. With repository stars⭐ and forks🍴
analysis awesome awesome-list code-quality lint linter sast static-analysis static-analyzer static-code-analysis
Last synced: 27 Apr 2025
https://github.com/paulveillard/cybersecurity-sast
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Static Application Security Testing (SAST) Tools.
static-analyzers static-api-generator static-app static-application-security-testing static-binary static-blocks static-build static-code static-code-analysis static-code-analyzer
Last synced: 28 Mar 2025
https://github.com/florentpoujol/php8-type-system
A comprehensive guide of everything related to PHP8.1+ type system and the tools used for static analysis
php static-analysis static-code-analysis
Last synced: 16 Apr 2025
https://github.com/phpstan/phpstan-dibi
Dibi class reflection extension for PHPStan
dibi php php7 phpstan static-analysis static-analyzer static-code-analysis testing
Last synced: 15 Apr 2025
https://github.com/ckaznocha/intrange
intrange is a program for checking for loops that could use the Go 1.22 integer range feature.
go golang lint linter linting static-analysis static-code-analysis style-lint style-linter
Last synced: 14 Aug 2025
https://github.com/feuermagier/autograder
Automatic grading of student's Java code
autograding code-analysis dynamic-code-analysis java pmd spoon spotbugs static-code-analysis
Last synced: 14 Sep 2025
https://github.com/tomasbjerre/violations-command-line
Command line tool that will find report files from static code analysis, present and optionally fail the command.
Last synced: 12 Apr 2025
 
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
         
        