wallabag:mre_awesome-static-analysis

mre/awesome-static-analysis

<html> <div class=„Box-body p-6“> <article class=„markdown-body entry-content“ itemprop=„text“><p><a target=„_blank“ rel=„noopener noreferrer“ href=„https://github.com/mre/awesome-static-analysis/blob/master/awesome.png“><img src=„https://github.com/mre/awesome-static-analysis/raw/master/awesome.png“ alt=„Logo“ class=„c1“/></a></p> <blockquote> <p>Static program analysis is the analysis of computer software that is performed without actually executing programs — <a href=„https://en.wikipedia.org/wiki/Static_program_analysis“ rel=„nofollow“>Wikipedia</a></p> </blockquote> <p>This is a collection of static analysis tools and code quality checkers. Pull requests are very welcome!<br/><strong>Note: ©️ stands for proprietary software. All other tools are Open Source.</strong><br/>Also check out the sister project, <a href=„https://github.com/mre/awesome-dynamic-analysis“>awesome-dynamic-analysis</a>.</p> <ul><li><a href=„https://github.com/mre/awesome-static-analysis#programming-languages“>Programming Languages</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#multiple-languages“>Multiple languages</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#other“>Other</a> <ul><li><a href=„https://github.com/mre/awesome-static-analysis#build-tools“>Build tools</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#binaries“>Binaries</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#containers“>Containers</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#config-files“>Config Files</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#configuration-management“>Configuration Management</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#css“>CSS</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#gherkin“>Gherkin</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#html“>HTML</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#ide-plugins“>IDE Plugins</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#latex“>LaTeX</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#makefiles“>Makefiles</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#markdown“>Markdown</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#mobile“>Mobile</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#packages“>Packages</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#supporting-tools“>Supporting Tools</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#template-languages“>Template Languages</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#translation“>Translation</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#web-services“>Web services</a></li> <li><a href=„https://github.com/mre/awesome-static-analysis#writing“>Writing</a></li> </ul></li> <li><a href=„https://github.com/mre/awesome-static-analysis#more-collections“>More Collections</a></li> </ul> <h2><a id=„user-content-ada“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#ada“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Ada</h2> <ul><li><a href=„http://www.adacore.com/codepeer“ rel=„nofollow“>Codepeer</a> - detects run-time and logic errors</li> <li><a href=„https://www.mathworks.com/products/polyspace-ada.html“ rel=„nofollow“>Polyspace for Ada</a> ©️ - provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in source code.</li> <li><a href=„http://www.spark-2014.org/about“ rel=„nofollow“>SPARK</a> ©️ - Static analysis and formal verification toolset for Ada</li> <li><a href=„https://scitools.com/ada-programming-essential/“ rel=„nofollow“>Understand</a> ©️ - IDE that provides code analysis, standards testing, metrics, graphing, dependency analysis and more for Ada and VHDL.</li> </ul><h2><a id=„user-content-awk“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#awk“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Awk</h2> <ul><li><a href=„https://www.gnu.org/software/gawk/manual/html_node/Options.html“ rel=„nofollow“>gawk –lint</a> - warns about constructs that are dubious or nonportable to other awk implementations.</li> </ul><h2><a id=„user-content-cc“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#cc“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>C/C++</h2> <ul><li><a href=„http://www.cprover.org/cbmc/“ rel=„nofollow“>CBMC</a> - bounded model-checker for C programs, user-defined assertions, standard assertions, several coverage metric analyses</li> <li><a href=„http://clang.llvm.org/extra/clang-tidy/“ rel=„nofollow“>clang-tidy</a> - clang static analyser</li> <li><a href=„https://github.com/MetricsGrimoire/CMetrics“>CMetrics</a> - Measures size and complexity for C files</li> <li><a href=„https://www.grammatech.com/products/codesonar“ rel=„nofollow“>CodeSonar from GrammaTech</a> ©️ - Advanced, whole program, deep path, static analysis of C and C++ with easy-to-understand explanations and code and path visualization.</li> <li><a href=„https://github.com/jameysharp/corrode“>Corrode</a> - Semi-automatic translation from C to Rust. Could reveal bugs in the original implementation by showing Rust compiler warnings and errors.</li> <li><a href=„https://github.com/danmar/cppcheck“>cppcheck</a> - static analysis of C/C++ code</li> <li><a href=„https://www.cppdepend.com“ rel=„nofollow“>CppDepend</a> ©️ - Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity.</li> <li><a href=„https://github.com/google/styleguide/tree/gh-pages/cpplint“>cpplint</a> - automated C++ checker that follows Google's style guide</li> <li><a href=„https://github.com/dspinellis/cqmetrics“>cqmetrics</a> - quality metrics for C code</li> <li><a href=„https://www.spinellis.gr/cscout/“ rel=„nofollow“>CScout</a> - complexity and quality metrics for for C and C preprocessor code</li> <li><a href=„http://www.dwheeler.com/flawfinder/“ rel=„nofollow“>flawfinder</a> - finds possible security weaknesses</li> <li><a href=„http://l2program.co.uk/category/flint“ rel=„nofollow“>flint++</a> - cross-platform, zero-dependency port of flint, a lint program for C++ developed and used at Facebook.</li> <li><a href=„http://frama-c.com/“ rel=„nofollow“>Frama-C</a> - a sound and extensible static analyzer for C code</li> <li><a href=„https://github.com/nasa-sw-vnv/ikos“>IKOS</a> - a sound static analyzer for C/C++ code based on LLVM</li> <li><a href=„http://oclint.org/“ rel=„nofollow“>oclint</a> - static analysis of C/C++ code</li> <li><a href=„https://www.mathworks.com/products/polyspace-bug-finder.html“ rel=„nofollow“>Polyspace Bug Finder</a> ©️ - identifies run-time errors, concurrency issues, security vulnerabilities, and other defects in C and C++ embedded software.</li> <li><a href=„https://www.mathworks.com/products/polyspace-code-prover.html“ rel=„nofollow“>Polyspace Code Prover</a> ©️ - provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in C and C++ source code.</li> <li><a href=„https://clang-analyzer.llvm.org/scan-build.html“ rel=„nofollow“>scan-build</a> - Analyzes C/C++ code using LLVM at compile-time</li> <li><a href=„https://github.com/ravenexp/splint“>splint</a> - Annotation-assisted static program checker</li> <li><a href=„https://bitbucket.org/verateam/vera/wiki/Introduction“ rel=„nofollow“>vera++</a> - Vera++ is a programmable tool for verification, analysis and transformation of C++ source code.</li> </ul><h2><a id=„user-content-c“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#c“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>C#</h2> <ul><li><a href=„https://github.com/DotNetAnalyzers“>.NET Analyzers</a> - An organization for the development of analyzers (diagnostics and code fixes) using the .NET Compiler Platform.</li> <li><a href=„https://carc.codeplex.com/“ rel=„nofollow“>Code Analysis Rule Collection</a> - Contains a set of diagnostics, code fixes and refactorings built on the Microsoft .NET Compiler Platform „Roslyn“.</li> <li><a href=„https://github.com/code-cracker/code-cracker“>code-cracker</a> - An analyzer library for C# and VB that uses Roslyn to produce refactorings, code analysis, and other niceties.</li> <li><a href=„https://www.devexpress.com/products/coderush/“ rel=„nofollow“>CodeRush</a> ©️ - Code creation, debugging, navigation, refactoring, analysis and visualization tools that use the Roslyn engine in Visual Studio 2015 and up.</li> <li><a href=„https://github.com/DustinCampbell/CSharpEssentials“>CSharpEssentials</a> - C# Essentials is a collection of Roslyn diagnostic analyzers, code fixes and refactorings that make it easy to work with C# 6 language features.</li> <li><a href=„http://www.designite-tools.com“ rel=„nofollow“>Designite</a> ©️ - Designite is a software design quality assessment tool. It supports detection of implementation and design smells, computation of various code quality metrics, and trend analysis.</li> <li><a href=„http://www.mono-project.com/docs/tools+libraries/tools/gendarme/“ rel=„nofollow“>Gendarme</a> - Gendarme inspects programs and libraries that contain code in ECMA CIL format (Mono and .NET).</li> <li><a href=„http://www.ndepend.com/“ rel=„nofollow“>NDepend</a> ©️ - Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity.</li> <li><a href=„https://github.com/pumasecurity/puma-scan“>Puma Scan</a> - Puma Scan provides real time secure code analysis for common vulnerabilities (XSS, SQLi, CSRF, LDAPi, crypto, deserialization, etc.) as development teams write code in Visual Studio.</li> <li><a href=„http://vsrefactoringessentials.com/“ rel=„nofollow“>Refactoring Essentials</a> - The free Visual Studio 2015 extension for C# and VB.NET refactorings, including code best practice analyzers.</li> <li><a href=„https://www.jetbrains.com/resharper/“ rel=„nofollow“>ReSharper</a> ©️ - Extends Visual Studio with on-the-fly code inspections for C#, VB.NET, ASP.NET, JavaScript, TypeScript and other technologies.</li> <li><a href=„https://dotnet-security-guard.github.io/“ rel=„nofollow“>Roslyn Security Guard</a> - Project that focus on the identification of potential vulnerabilities such as SQL injection, cross-site scripting (XSS), CSRF, cryptography weaknesses, hardcoded passwords and many more.</li> <li><a href=„https://github.com/JosefPihrt/Roslynator/“>Roslynator</a> - A collection of 190+ analyzers and 190+ refactorings for C#, powered by Roslyn.</li> <li><a href=„https://security-code-scan.github.io/“ rel=„nofollow“>Security Code Scan</a> - Security code analyzer for C# and VB.NET. Detects various security vulnerability patterns: SQLi, XSS, CSRF, XXE, Open Redirect, etc.</li> <li><a href=„https://vs.sonarlint.org/“ rel=„nofollow“>SonarLint for Visual Studio</a> - SonarLint is an extension for Visual Studio 2015 and 2017 that provides on-the-fly feedback to developers on new bugs and quality issues injected into .NET code.</li> <li><a href=„https://github.com/Vannevelj/VSDiagnostics“>VSDiagnostics</a> - A collection of static analyzers based on Roslyn that integrate with VS.</li> <li><a href=„https://github.com/Wintellect/Wintellect.Analyzers“>Wintellect.Analyzers</a> - .NET Compiler Platform („Roslyn“) diagnostic analyzers and code fixes.</li> </ul><h2><a id=„user-content-crystal“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#crystal“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Crystal</h2> <ul><li><a href=„https://github.com/veelenga/ameba“>ameba</a> - A static code analysis tool for Crystal</li> <li><a href=„https://crystal-lang.org/“ rel=„nofollow“>crystal</a> - The Crystal compiler has built-in linting functionality.</li> </ul><h2><a id=„user-content-dlang“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#dlang“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Dlang</h2> <ul><li><a href=„https://github.com/dlang-community/D-Scanner“>D-scanner</a> - D-Scanner is a tool for analyzing D source code</li> </ul><h2><a id=„user-content-elixir“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#elixir“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Elixir</h2> <ul><li><a href=„https://github.com/rrrene/credo“>credo</a> - A static code analysis tool with a focus on code consistency and teaching.</li> <li><a href=„https://github.com/nccgroup/sobelow“>sobelow</a> - Security-focused static analysis for the Phoenix Framework</li> </ul><h2><a id=„user-content-erlang“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#erlang“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Erlang</h2> <ul><li><a href=„https://github.com/inaka/elvis“>elvis</a> - Erlang Style Reviewer</li> </ul><h2><a id=„user-content-f“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#f“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>F#</h2> <h2><a id=„user-content-fortran“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#fortran“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Fortran</h2> <ul><li><a href=„https://github.com/lequal/i-CodeCNES“>i-Code CNES for Fortran</a> - An open source static code analysis tool for Fortran 77, Fortran 90 and Shell.</li> </ul><h2><a id=„user-content-go“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#go“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Go</h2> <ul><li><a href=„https://github.com/tsenart/deadcode“>deadcode</a> - Finds unused code.</li> <li><a href=„https://github.com/nickng/dingo-hunter“>dingo-hunter</a> - Static analyser for finding deadlocks in Go.</li> <li><a href=„https://github.com/mibk/dupl“>dupl</a> - Reports potentially duplicated code.</li> <li><a href=„https://github.com/kisielk/errcheck“>errcheck</a> - Check that error return values are used.</li> <li><a href=„https://github.com/lafolle/flen“>flen</a> - Get info on length of functions in a Go package.</li> <li><a href=„https://github.com/GoASTScanner/gas“>gas</a> - Inspects source code for security problems by scanning the Go AST.</li> <li><a href=„https://github.com/alecthomas/gometalinter“>Go Meta Linter</a> - Concurrently run Go lint tools and normalise their output.</li> <li><a href=„https://golang.org/cmd/vet/#hdr-Shadowed_variables“ rel=„nofollow“>go tool vet –shadow</a> - Reports variables that may have been unintentionally shadowed.</li> <li><a href=„https://golang.org/cmd/vet/“ rel=„nofollow“>go vet</a> - Examines Go source code and reports suspicious.</li> <li><a href=„https://github.com/go-critic/go-critic“>go-critic</a> - Go source code linter that maintains checks which are currently not implemented in other linters.</li> <li><a href=„https://github.com/dominikh/go-tools/tree/master/cmd/staticcheck“>go-staticcheck</a> - go vet on steroids, similar to ReSharper for C#.</li> <li><a href=„https://golang.org/pkg/go/ast/“ rel=„nofollow“>go/ast</a> - Package ast declares the types used to represent syntax trees for Go packages.</li> <li><a href=„https://github.com/jgautheron/goconst“>goconst</a> - Finds repeated strings that could be replaced by a constant.</li> <li><a href=„https://github.com/fzipp/gocyclo“>gocyclo</a> - Calculate cyclomatic complexities of functions in Go source code.</li> <li><a href=„https://golang.org/cmd/gofmt/“ rel=„nofollow“>gofmt -s</a> - Checks if the code is properly formatted and could not be further simplified.</li> <li><a href=„https://godoc.org/golang.org/x/tools/cmd/goimports“ rel=„nofollow“>goimports</a> - Checks missing or unreferenced package imports.</li> <li><a href=„https://github.com/golang/lint“>golint</a> - Prints out coding style mistakes in Go source code.</li> <li><a href=„https://github.com/wgliang/goreporter“>goreporter</a> - concurrently runs many linters and normalises their output to a report.</li> <li><a href=„https://github.com/linuxerwang/goroutine-inspect“>goroutine-inspect</a> - An interactive tool to analyze Golang goroutine dump.</li> <li><a href=„https://github.com/dominikh/go-tools/tree/master/cmd/gosimple“>gosimple</a> - Report simplifications in code.</li> <li><a href=„https://golang.org/x/tools/cmd/gotype“ rel=„nofollow“>gotype</a> - Syntactic and semantic analysis similar to the Go compiler.</li> <li><a href=„https://github.com/gordonklaus/ineffassign“>ineffassign</a> - Detect ineffectual assignments in Go code</li> <li><a href=„https://github.com/mvdan/interfacer“>interfacer</a> - Suggest narrower interfaces that can be used.</li> <li><a href=„https://github.com/walle/lll“>lll</a> - Report long lines.</li> <li><a href=„https://github.com/mdempsky/maligned“>maligned</a> - Detect structs that would take less memory if their fields were sorted.</li> <li><a href=„https://github.com/dominikh/go-tools/tree/master/cmd/megacheck“>megacheck</a> - Run staticcheck, gosimple and unused, sharing work.</li> <li><a href=„https://github.com/client9/misspell“>misspell</a> - Finds commonly misspelled English words.</li> <li><a href=„https://github.com/alexkohler/nakedret“>nakedret</a> - Finds naked returns.</li> <li><a href=„https://github.com/alexkohler/prealloc“>prealloc</a> - Finds slice declarations that could potentially be preallocated.</li> <li><a href=„https://github.com/mgechev/revive“>revive</a> - Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint.</li> <li><a href=„https://github.com/stripe/safesql“>safesql</a> - Static analysis tool for Golang that protects against SQL injections.</li> <li><a href=„https://github.com/opennota/check“>structcheck</a> - Find unused struct fields.</li> <li><a href=„http://golang.org/pkg/testing/“ rel=„nofollow“>test</a> - Show location of test failures from the stdlib testing module.</li> <li><a href=„https://github.com/stretchr/testify“>testify</a> - Show location of failed testify assertions.</li> <li><a href=„https://github.com/mdempsky/unconvert“>unconvert</a> - Detect redundant type conversions.</li> <li><a href=„https://github.com/alexkohler/unimport“>unimport</a> - Finds unnecessary import aliases</li> <li><a href=„https://github.com/mvdan/unparam“>unparam</a> - Find unused function parameters.</li> <li><a href=„https://github.com/dominikh/go-tools/tree/master/cmd/unused“>unused</a> - Find unused variables.</li> <li><a href=„https://github.com/opennota/check“>varcheck</a> - Find unused global variables and constants.</li> </ul><h2><a id=„user-content-groovy“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#groovy“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Groovy</h2> <ul><li><a href=„https://github.com/CodeNarc/CodeNarc“>CodeNarc</a> - a static analysis tool for Groovy source code, enabling monitoring and enforcement of many coding standards and best practices</li> </ul><h2><a id=„user-content-haskell“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#haskell“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Haskell</h2> <ul><li><a href=„https://github.com/ndmitchell/hlint“>HLint</a> - HLint is a tool for suggesting possible improvements to Haskell code.</li> </ul><h2><a id=„user-content-haxe“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#haxe“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Haxe</h2> <ul><li><a href=„https://github.com/HaxeCheckstyle/haxe-checkstyle“>Haxe Checkstyle</a> - A static analysis tool to help developers write Haxe code that adheres to a coding standard.</li> </ul><h2><a id=„user-content-java“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#java“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Java</h2> <ul><li><a href=„https://www.archunit.org/“ rel=„nofollow“>ArchUnit</a> - Unit test your Java architecture</li> <li><a href=„https://github.com/typetools/checker-framework/“>Checker Framework</a> - Pluggable type-checking for Java <a href=„http://checkerframework.org/“ rel=„nofollow“>http://checkerframework.org/</a></li> <li><a href=„https://github.com/checkstyle/checkstyle“>checkstyle</a> - checking Java source code for adherence to a Code Standard or set of validation rules (best practices)</li> <li><a href=„http://www.spinellis.gr/sw/ckjm/“ rel=„nofollow“>ckjm</a> - calculates Chidamber and Kemerer object-oriented metrics by processing the bytecode of compiled Java files</li> <li><a href=„https://github.com/classgraph/classgraph“>ClassGraph</a> - a classpath and module path scanner for querying or visualizing class metadata or class relatedness</li> <li><a href=„https://github.com/google/error-prone“>Error-prone</a> - Catch common Java mistakes as compile-time errors</li> <li><a href=„https://github.com/mebigfatguy/fb-contrib“>fb-contrib</a> - A plugin for FindBugs with additional bug detectors</li> <li><a href=„https://find-sec-bugs.github.io/“ rel=„nofollow“>Find Security Bugs</a> - IDE/SonarQube plugin for security audits of Java web applications.</li> <li><a href=„https://github.com/cuplv/hopper“>Hopper</a> - A static analysis tool written in scala for languages that run on JVM</li> <li><a href=„https://github.com/amaembo/huntbugs“>HuntBugs</a> - Bytecode static analyzer tool based on Procyon Compiler Tools aimed to supersede FindBugs.</li> <li><a href=„https://www.jarchitect.com“ rel=„nofollow“>JArchitect</a> ©️ - Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity.</li> <li><a href=„http://www.cprover.org/jbmc/“ rel=„nofollow“>JBMC</a> - bounded model-checker for Java (bytecode), verifies user-defined assertions, standard assertions, several coverage metric analyses</li> <li><a href=„https://github.com/uber/NullAway“>NullAway</a> - Type-based null-pointer checker with low build-time overhead; an <a href=„http://errorprone.info/“ rel=„nofollow“>Error Prone</a> plugin</li> <li><a href=„https://www.owasp.org/index.php/OWASP_Dependency_Check“ rel=„nofollow“>OWASP Dependency Check</a> - Checks dependencies for known, publicly disclosed, vulnerabilities.</li> <li><a href=„https://sable.github.io/soot/“ rel=„nofollow“>Soot</a> - A framework for analyzing and transforming Java and Android applications.</li> <li><a href=„https://github.com/INRIA/spoon“>Spoon</a> - Library to write your own static analyses and architectural rule checkers for Java. Can be integrated in Maven and Gradle.</li> <li><a href=„https://spotbugs.github.io/“ rel=„nofollow“>SpotBugs</a> - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.</li> </ul><h2><a id=„user-content-javascript“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#javascript“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>JavaScript</h2> <ul><li><a href=„https://github.com/codecombat/aether“>aether</a> - Lint, analyze, normalize, transform, sandbox, run, step through, and visualize user JavaScript, in node or the browser.</li> <li><a href=„https://github.com/google/closure-linter“>ClosureLinter</a> - ensures that all of your project's JavaScript code follows the guidelines in the Google JavaScript Style Guide. It can also automatically fix many common errors</li> <li><a href=„https://github.com/clutchski/coffeelint“>coffeelint</a> - A style checker that helps keep CoffeeScript code clean and consistent.</li> <li><a href=„https://github.com/jared-stilwell/complexity-report“>complexity-report</a> - Software complexity analysis for JavaScript projects</li> <li><a href=„https://deepscan.io“ rel=„nofollow“>DeepScan</a> ©️ - An analyzer for JavaScript which targets runtime errors and quality issues rather than coding conventions.</li> <li><a href=„https://github.com/jared-stilwell/escomplex“>escomplex</a> - Software complexity analysis of JavaScript-family abstract syntax trees.</li> <li><a href=„https://github.com/eslint/eslint“>eslint</a> - A fully pluggable tool for identifying and reporting on patterns in JavaScript</li> <li><a href=„https://github.com/jquery/esprima“>Esprima</a> - ECMAScript parsing infrastructure for multipurpose analysis</li> <li><a href=„https://flow.org/“ rel=„nofollow“>flow</a> - A static type checker for JavaScript.</li> <li><a href=„https://github.com/jshint/jshint“>jshint</a> - detect errors and potential problems in JavaScript code and enforce your team's coding conventions</li> <li><a href=„https://github.com/douglascrockford/JSLint“>JSLint</a> ©️ - The JavaScript Code Quality Tool</li> <li><a href=„https://github.com/dpnishant/jsprime“>JSPrime</a> - static security analysis tool</li> <li><a href=„https://github.com/ajinabraham/NodeJsScan“>NodeJSScan</a> - NodeJsScan is a static security code scanner for Node.js applications.</li> <li><a href=„https://github.com/es-analysis/plato“>plato</a> - Visualize JavaScript source complexity</li> <li><a href=„https://github.com/prettier/prettier“>Prettier</a> - An opinionated code formatter.</li> <li><a href=„https://github.com/jden/quality“>quality</a> - zero configuration code and module linting</li> <li><a href=„https://github.com/RetireJS/retire.js“>retire.js</a> - Scanner detecting the use of JavaScript libraries with known vulnerabilities</li> <li><a href=„http://standardjs.com/“ rel=„nofollow“>standard</a> - An npm module that checks for Javascript Styleguide issues</li> <li><a href=„https://github.com/sindresorhus/xo“>XO</a> - Enforce strict code style. Never discuss code style on a pull request again!</li> <li><a href=„https://github.com/calmh/yardstick“>yardstick</a> - Javascript code metrics</li> </ul><h2><a id=„user-content-kotlin“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#kotlin“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Kotlin</h2> <ul><li><a href=„https://github.com/arturbosch/detekt“>detekt</a> - Static code analysis for Kotlin code.</li> <li><a href=„https://github.com/shyiko/ktlint“>ktlint</a> - An anti-bikeshedding Kotlin linter with built-in formatter</li> </ul><h2><a id=„user-content-lua“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#lua“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Lua</h2> <ul><li><a href=„https://github.com/mpeterv/luacheck“>luacheck</a> - A tool for linting and static analysis of Lua code.</li> </ul><h2><a id=„user-content-matlab“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#matlab“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>MATLAB</h2> <ul><li><a href=„https://de.mathworks.com/help/matlab/ref/mlint.html“ rel=„nofollow“>mlint</a> ©️ - Check MATLAB code files for possible problems.</li> </ul><h2><a id=„user-content-perl“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#perl“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Perl</h2> <ul><li><a href=„http://search.cpan.org/%7Ethaljef/Perl-Critic-1.126/lib/Perl/Critic.pm“ rel=„nofollow“>Perl::Critic</a> - Critique Perl source code for best-practices.</li> </ul><h2><a id=„user-content-php“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#php“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>PHP</h2> <ul><li><a href=„https://github.com/mihaeu/dephpend“>dephpend</a> - Dependency analysis tool</li> <li><a href=„https://github.com/sensiolabs-de/deprecation-detector“>deprecation-detector</a> - Finds usages of deprecated (Symfony) code</li> <li><a href=„https://github.com/sensiolabs-de/deptrac“>deptrac</a> - Enforce rules for dependencies between software layers.</li> <li><a href=„https://github.com/Halleck45/DesignPatternDetector“>DesignPatternDetector</a> - detection of design patterns in PHP code</li> <li><a href=„https://github.com/Symplify/EasyCodingStandard“>EasyCodingStandard</a> - combine <a href=„https://github.com/squizlabs/PHP_CodeSniffer“>PHP_CodeSniffer</a> and <a href=„https://github.com/FriendsOfPHP/PHP-CS-Fixer“>PHP-CS-Fixer</a></li> <li><a href=„https://github.com/exakat/exakat“>exakat</a> - An automated code reviewing engine for PHP</li> <li><a href=„https://github.com/phpro/grumphp“>GrumPHP</a> - checks code on every commit</li> <li><a href=„https://github.com/Trismegiste/Mondrian“>Mondrian</a> - a set of static analysis and refactoring tools which use graph theory</li> <li><a href=„https://github.com/JakubOnderka/PHP-Parallel-Lint“>parallel-lint</a> - This tool checks syntax of PHP files faster than serial check with a fancier output.</li> <li><a href=„https://github.com/psecio/parse“>Parse</a> - A Static Security Scanner</li> <li><a href=„https://pdepend.org/“ rel=„nofollow“>pdepend</a> - Calculates software metrics like cyclomatic complexity for PHP code.</li> <li><a href=„https://github.com/etsy/phan“>phan</a> - a modern static analyzer from etsy</li> <li><a href=„https://github.com/rskuipers/php-assumptions“>PHP Assumptions</a> - Checks for weak assumptions</li> <li><a href=„http://cs.sensiolabs.org/“ rel=„nofollow“>PHP Coding Standards Fixer</a> - Fixes your code according to standards like PSR-1, PSR-2, and the Symfony standard.</li> <li><a href=„https://github.com/kalessil/phpinspectionsea“>Php Inspections (EA Extended)</a> - A Static Code Analyzer for PHP.</li> <li><a href=„https://github.com/QafooLabs/php-refactoring-browser“>PHP Refactoring Browser</a> - Refactoring helper</li> <li><a href=„https://github.com/tomzx/php-semver-checker“>PHP Semantic Versioning Checker</a> - Suggests a next version according to semantic versioning</li> <li><a href=„https://github.com/nikic/PHP-Parser“>PHP-Parser</a> - A PHP parser written in PHP</li> <li><a href=„https://github.com/Andrewsville/PHP-Token-Reflection“>PHP-Token-Reflection</a> - Library emulating the PHP internal reflection</li> <li><a href=„https://github.com/sstalle/php7cc“>php7cc</a> - PHP 7 Compatibility Checker</li> <li><a href=„https://github.com/Alexia/php7mar“>php7mar</a> - assist developers in porting their code quickly to PHP 7</li> <li><a href=„https://github.com/squizlabs/PHP_CodeSniffer“>PHP_CodeSniffer</a> - detects violations of a defined set of coding standards</li> <li><a href=„https://github.com/wapmorgan/PhpCodeAnalyzer“>phpca</a> - Finds usage of non-built-in extensions</li> <li><a href=„http://wapmorgan.github.io/PhpCodeFixer/“ rel=„nofollow“>phpcf</a> - Finds usage of deprecated PHP features</li> <li><a href=„https://github.com/sebastianbergmann/phpcpd“>phpcpd</a> - Copy/Paste Detector for PHP code.</li> <li><a href=„https://github.com/sebastianbergmann/phpdcd“>phpdcd</a> - Dead Code Detector (DCD) for PHP code.</li> <li><a href=„https://github.com/mamuz/PhpDependencyAnalysis“>PhpDependencyAnalysis</a> - builds a dependency graph for a project</li> <li><a href=„https://github.com/dunglas/phpdoc-to-typehint“>phpdoc-to-typehint</a> - Add scalar type hints and return types to existing PHP projects using PHPDoc annotations</li> <li><a href=„https://www.phpdoc.org/“ rel=„nofollow“>phpDocumentor</a> - Analyzes PHP source code to generate documentation</li> <li><a href=„https://phpmd.org/“ rel=„nofollow“>PHPMD</a> - finds possible bugs in your code</li> <li><a href=„http://www.phpmetrics.org/“ rel=„nofollow“>PhpMetrics</a> - Calculates and visualizes various code quality metrics</li> <li><a href=„https://github.com/povils/phpmnd“>phpmnd</a> - Helps to detect magic numbers</li> <li><a href=„https://github.com/EdgedesignCZ/phpqa“>PHPQA</a> - A tool for running QA tools (phploc, phpcpd, phpcs, pdepend, phpmd, phpmetrics)</li> <li><a href=„https://github.com/jakzal/phpqa“>phpqa - jakzal</a> - Many tools for PHP static analysis in one container</li> <li><a href=„https://github.com/jmolivas/phpqa“>phpqa - jmolivas</a> - PHPQA all-in-one Analyzer CLI tool</li> <li><a href=„https://github.com/ovr/phpsa“>phpsa</a> - Static analysis tool for PHP.</li> <li><a href=„https://github.com/phpstan/phpstan“>PHPStan</a> - PHP Static Analysis Tool - discover bugs in your code without running it!</li> <li><a href=„https://github.com/designsecurity/progpilot“>Progpilot</a> - A static analysis tool for security purposes</li> <li><a href=„https://getpsalm.org/“ rel=„nofollow“>Psalm</a> - Static analysis tool for finding type errors in PHP applications</li> <li><a href=„https://github.com/Qafoo/QualityAnalyzer“>Qafoo Quality Analyzer</a> - Visualizes metrics and source code</li> <li><a href=„https://github.com/ripsscanner/rips“>RIPS</a> - A static source code analyser for vulnerabilities in PHP scripts</li> <li><a href=„https://github.com/ircmaxell/Tuli“>Tuli</a> - A static analysis engine</li> <li><a href=„https://github.com/asm89/twig-lint“>twig-lint</a> - twig-lint is a lint tool for your twig files.</li> <li><a href=„https://www.owasp.org/index.php/OWASP_WAP-Web_Application_Protection“ rel=„nofollow“>WAP</a> - Tool to detect and correct input validation vulnerabilities in PHP (4.0 or higher) web applications and predicts false positives by combining static analysis and data mining.</li> </ul><h2><a id=„user-content-python“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#python“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Python</h2> <ul><li><a href=„https://github.com/PyCQA/bandit“>bandit</a> - a tool to find common security issues in Python code</li> <li><a href=„https://github.com/ambv/black“>Black</a> - The uncompromising Python code formatter</li> <li><a href=„https://github.com/davidhalter/jedi“>jedi</a> - autocompletion/static analysis library for Python</li> <li><a href=„https://github.com/lyft/linty_fresh“>linty fresh</a> - parse lint errors and report them to Github as comments on a pull request</li> <li><a href=„https://github.com/PyCQA/mccabe“>mccabe</a> - check McCabe complexity</li> <li><a href=„https://github.com/python/mypy“>mypy</a> - a static type checker that aims to combine the benefits of duck typing and static typing, frequently used with <a href=„https://github.com/Instagram/MonkeyType“>MonkeyType</a></li> <li><a href=„https://github.com/uber/py-find-injection“>py-find-injection</a> - find SQL injection vulnerabilities in Python code</li> <li><a href=„https://github.com/PyCQA/pycodestyle“>pycodestyle</a> - (formerly

pep8

) check Python code against some of the style conventions in PEP 8</li> <li><a href=„https://github.com/PyCQA/pydocstyle“>pydocstyle</a> - check compliance with Python docstring conventions</li> <li><a href=„https://github.com/pyflakes/pyflakes/“>pyflakes</a> - check Python source files for errors</li> <li><a href=„https://github.com/PyCQA/pylint“>pylint</a> - looks for programming errors, helps enforcing a coding standard and sniffs for some code smells. It additionally includes

pyreverse

(an UML diagram generator) and

symilar

(a similarities checker).</li> <li><a href=„https://github.com/facebook/pyre-check“>pyre-check</a> - A fast, scalable type checker for large Python codebases</li> <li><a href=„https://github.com/regebro/pyroma“>pyroma</a> - rate how well a Python project complies with the best practices of the Python packaging ecosystem, and list issues that could be improved</li> <li><a href=„https://github.com/python-security/pyt“>PyT - Python Taint</a> - A static analysis tool for detecting security vulnerabilities in Python web applications.</li> <li><a href=„https://github.com/rubik/radon“>radon</a> - a Python tool that computes various metrics from the source code</li> <li><a href=„https://github.com/jendrikseipp/vulture“>vulture</a> - find unused classes, functions and variables in Python code</li> <li><a href=„https://github.com/rubik/xenon“>xenon</a> - monitor code complexity using <a href=„https://github.com/rubik/radon“>

radon

</a></li> </ul><h2><a id=„user-content-python-wrappers“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#python-wrappers“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Python wrappers</h2> <ul><li><a href=„https://github.com/ContinuumIO/ciocheck“>ciocheck</a> - linter, formatter and test suite helper. As a linter, it is a wrapper around

pep8

pydocstyle

flake8

, and

pylint

.</li> <li><a href=„https://github.com/PyCQA/flake8“>flake8</a> - a wrapper around

pyflakes

pycodestyle

and

mccabe

</li> <li><a href=„https://github.com/landscapeio/prospector“>prospector</a> - a wrapper around

pylint

pep8

mccabe

and others</li> </ul><h2><a id=„user-content-r“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#r“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>R</h2> <ul><li><a href=„https://github.com/jimhester/lintr“>lintr</a> ©️ - Static Code Analysis for R</li> </ul><h2><a id=„user-content-rpg“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#rpg“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>RPG</h2> <ul><li><a href=„https://www.sourcemeter.com/resources/rpg/“ rel=„nofollow“>SourceMeter</a> ©️ - Static Code Analysis for RPG III and RPG IV versions (including free-form)</li> </ul><h2><a id=„user-content-ruby“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#ruby“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Ruby</h2> <ul><li><a href=„https://github.com/presidentbeef/brakeman“>brakeman</a> - A static analysis security vulnerability scanner for Ruby on Rails applications</li> <li><a href=„https://github.com/square/cane“>cane</a> - Code quality threshold checking as part of your build</li> <li><a href=„https://github.com/thesp0nge/dawnscanner“>dawnscanner</a> - a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.</li> <li><a href=„https://github.com/seattlerb/flay“>flay</a> - Flay analyzes code for structural similarities.</li> <li><a href=„https://github.com/seattlerb/flog“>flog</a> - Flog reports the most tortured code in an easy to read pain report. The higher the score, the more pain the code is in.</li> <li><a href=„https://github.com/michaeledgar/laser“>laser</a> - Static analysis and style linter for Ruby code.</li> <li><a href=„https://github.com/codegram/pelusa“>pelusa</a> - Static analysis Lint-type tool to improve your OO Ruby code</li> <li><a href=„https://github.com/apiology/quality“>quality</a> - Runs quality checks on your code using community tools, and makes sure your numbers don't get any worse over time.</li> <li><a href=„https://github.com/soutaro/querly“>Querly</a> - Pattern Based Checking Tool for Ruby</li> <li><a href=„https://github.com/troessner/reek“>reek</a> - Code smell detector for Ruby</li> <li><a href=„https://github.com/rubocop-hq/rubocop“>RuboCop</a> - A Ruby static code analyzer, based on the community Ruby style guide.</li> <li><a href=„https://github.com/blazeeboy/rubrowser“>Rubrowser</a> - Ruby classes interactive dependency graph generator.</li> <li><a href=„https://github.com/YorickPeterse/ruby-lint“>ruby-lint</a> - Static code analysis for Ruby</li> <li><a href=„https://github.com/whitesmith/rubycritic“>rubycritic</a> - A Ruby code quality reporter</li> <li><a href=„https://github.com/makaroni4/sandi_meter“>SandiMeter</a> - Static analysis tool for checking Ruby code for Sandi Metz' rules.</li> </ul><h2><a id=„user-content-rust“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#rust“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Rust</h2> <ul><li><a href=„https://github.com/Manishearth/rust-clippy“>clippy</a> - a code linter to catch common mistakes and improve your Rust code</li> <li><a href=„https://github.com/Kha/electrolysis“>electrolysis</a> - A tool for formally verifying Rust programs by transpiling them into definitions in the Lean theorem prover.</li> <li><a href=„https://github.com/mcarton/rust-herbie-lint“>herbie</a> - Adds warnings or errors to your crate when using a numerically unstable floating point expression.</li> <li><a href=„https://github.com/AtomLinter/linter-rust“>linter-rust</a> - Linting your Rust-files in Atom, using rustc and cargo</li> <li><a href=„https://github.com/rust-lang-nursery/rls“>Rust Language Server</a> - Supports functionality such as 'goto definition', symbol search, reformatting, and code completion, and enables renaming and refactorings.</li> <li><a href=„https://github.com/killercup/rustfix“>rustfix</a> - read and apply the suggestions made by rustc (and third-party lints, like those offered by clippy).</li> </ul><h2><a id=„user-content-scala“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#scala“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Scala</h2> <ul><li><a href=„https://github.com/HairyFotr/linter“>linter</a> - Linter is a Scala static analysis compiler plugin which adds compile-time checks for various possible bugs, inefficiencies, and style problems.</li> <li><a href=„http://www.scalastyle.org“ rel=„nofollow“>Scalastyle</a> - Scalastyle examines your Scala code and indicates potential problems with it.</li> <li><a href=„https://github.com/sksamuel/scapegoat“>scapegoat</a> - Scala compiler plugin for static code analysis</li> <li><a href=„https://github.com/puffnfresh/wartremover“>WartRemover</a> - a flexible Scala code linting tool.</li> </ul><h2><a id=„user-content-shell“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#shell“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Shell</h2> <ul><li><a href=„https://github.com/lequal/i-CodeCNES“>i-Code CNES for Shell</a> - An open source static code analysis tool for Shell and Fortran (77 and 90).</li> <li><a href=„https://github.com/koalaman/shellcheck“>shellcheck</a> - ShellCheck, a static analysis tool that gives warnings and suggestions for bash/sh shell scripts</li> </ul><h2><a id=„user-content-solidity“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#solidity“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Solidity</h2> <ul><li><a href=„https://github.com/duaraghav8/Solium“>solium</a> - Solium is a linter to identify and fix style and security issues in Solidity smart contracts</li> </ul><h2><a id=„user-content-sql“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#sql“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>SQL</h2> <ul><li><a href=„https://github.com/jarulraj/sqlcheck“>sqlcheck</a> - Automatically identify anti-patterns in SQL queries</li> <li><a href=„https://github.com/purcell/sqlint“>sqlint</a> - Simple SQL linter</li> <li><a href=„https://github.com/tsqllint/tsqllint“>tsqllint</a> - T-SQL-specific linter</li> <li><a href=„https://github.com/ashleyglee/TSqlRules“>TSqlRules</a> - TSQL Static Code Analysis Rules for SQL Server</li> </ul><h2><a id=„user-content-swift“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#swift“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Swift</h2> <ul><li><a href=„https://github.com/nicklockwood/SwiftFormat“>SwiftFormat</a> - A library and command-line formatting tool for reformatting Swift code</li> <li><a href=„https://github.com/realm/SwiftLint“>SwiftLint</a> - A tool to enforce Swift style and conventions</li> <li><a href=„https://github.com/sleekbyte/tailor“>Tailor</a> - A static analysis and lint tool for source code written in Apple's Swift programming language.</li> </ul><h2><a id=„user-content-typescript“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#typescript“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>TypeScript</h2> <ul><li><a href=„https://github.com/mgechev/codelyzer“>Codelyzer</a> - A set of tslint rules for static code analysis of Angular 2 TypeScript projects.</li> <li><a href=„https://github.com/palantir/tslint“>TSLint</a> - An extensible linter for the TypeScript language.</li> <li><a href=„https://github.com/Glavin001/tslint-clean-code“>tslint-clean-code</a> - A set of TSLint rules inspired by the Clean Code handbook.</li> <li><a href=„https://github.com/Microsoft/tslint-microsoft-contrib“>tslint-microsoft-contrib</a> - A set of tslint rules for static code analysis of TypeScript projects maintained by Microsoft.</li> </ul><h2><a id=„user-content-vbscript“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#vbscript“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>VBScript</h2> <ul><li><a href=„http://patterson-consulting.net/tds“ rel=„nofollow“>Test Design Studio</a> ©️ - A full IDE with static code analysis for Micro Focus Unified Funtional Testing VBScript-based automated tests.</li> </ul> <ul><li><a href=„https://npo-echelon.ru/en/solutions/appchecker.php“ rel=„nofollow“>AppChecker</a> ©️ - Static analysis for C/C++/C#, PHP and Java</li> <li><a href=„https://www.ptsecurity.com/ww-en/products/ai/“ rel=„nofollow“>Application Inspector</a> ©️ - Combined SAST, DAST, IAST security scanner for C#, PHP, Java, SQL languages</li> <li><a href=„https://www.ibm.com/support/knowledgecenter/en/SSS9LM_9.0.3/com.ibm.rational.appscansrc.install.doc/topics/system_requirements_language_support.html“ rel=„nofollow“>AppScan</a> ©️ - Commercial Static Code Analysis. Supports: Microsoft .NET Framework (C#, ASP.NET, VB.NET), ASP (JavaScript/VBScript), C/C++, COBOL, ColdFusion, JavaScript, JavaServer Pages (JSP), Java™ (including support for Android APIs), Perl, PHP, PL/SQL, T-SQL, Visual Basic 6</li> <li><a href=„https://appscreener.us“ rel=„nofollow“>APPscreener</a> ©️ - Static code analysis for binary and source code - Java/Scala, PHP, Javascript, C#, PL/SQL, Python, T-SQL, C/C++, ObjectiveC/Swift, Visual Basic 6.0, Ruby, Delphi, ABAP, HTML5 and Solidity</li> <li><a href=„https://www.axivion.com/en/products-services-9#products_bauhaussuite“ rel=„nofollow“>Axivion Bauhaus Suite</a> ©️ - Tracks down error-prone code locations, style violations, cloned or dead code, cyclic dependencies and more for C/C++, C#/.NET, Java and Ada 83/Ada 95</li> <li><a href=„https://www.checkmarx.com/technology/supported-coding-languages/“ rel=„nofollow“>Checkmarx</a> ©️ - Commercial Static Code Analysis which doesn't require pre-compilation. Supports: Android (Java), Apex and VisualForce, ASP, C#, C/C++, Go, Groovy, HTML5, Java, JavaScript, Node.js, Objective C, Perl, PhoneGap, PHP, Python, Ruby, Scala, Swift, VB.NET, VB6, VBScript</li> <li><a href=„https://coala.io/“ rel=„nofollow“>coala</a> - Language independent framework for creating code analysis - supports <a href=„https://coala.io/languages“ rel=„nofollow“>over 60 languages</a> by default</li> <li><a href=„http://spinroot.com/cobra/“ rel=„nofollow“>Cobra</a> ©️ - Structural source code analyzer by NASA's Jet Propulsion Laboratory. Supports C, C++, Ada, and Python.</li> <li><a href=„https://github.com/groupon/codeburner“>codeburner</a> - Provides a unified interface to sort and act on the issues it finds</li> <li><a href=„https://codefactor.io“ rel=„nofollow“>CodeFactor</a> ©️ - Static Code Analysis for C#, C, C++, CoffeeScript, CSS, Groovy, GO, JAVA, JavaScript, Less, Python, Ruby, Scala, SCSS, TypeScript.</li> <li><a href=„https://submain.com/products/codeit.right.aspx“ rel=„nofollow“>CodeIt.Right</a> ©️ - CodeIt.Right™ provides a fast, automated way to ensure that your source code adheres to (your) predefined design and style guidelines as well as best coding practices. Supported languages: C#, VB.NET.</li> <li><a href=„https://github.com/xcatliu/cqc“>cqc</a> - Check your code quality for js, jsx, vue, css, less, scss, sass and styl files.</li> <li><a href=„https://github.com/microsoft/devskim“>DevSkim</a> - Regex-based static analysis tool for Visual Studio, VS Code, and Sublime Text - C/C++, C#, PHP, ASP, Python, Ruby, Java, and others.</li> <li><a href=„https://software.microfocus.com/en-us/products/static-code-analysis-sast/overview“ rel=„nofollow“>Fortify</a> ©️ A commercial static analysis platform that supports the scanning of C/C++, C#, VB.NET, VB6, ABAP/BSP, ActionScript, Apex, ASP.NET, Classic ASP, VB Script, Cobol, ColdFusion, HTML, Java, JS, JSP, MXML/Flex, Objective-C, PHP, PL/SQL, T-SQL, Python (2.6, 2.7), Ruby (1.9.3), Swift, Scala, VB, and XML.</li> <li><a href=„https://github.com/sideci/goodcheck“>Goodcheck</a> - Regexp based customizable linter</li> <li><a href=„https://github.com/wireghoul/graudit“>graudit</a> - Grep rough audit - source code auditing tool - C/C++, PHP, ASP, C#, Java, Perl, Python, Ruby</li> <li><a href=„https://houndci.com/“ rel=„nofollow“>Hound CI</a> - Comments on style violations in GitHub pull requests. Supports Coffeescript, Go, HAML, JavaScript, Ruby, SCSS and Swift.</li> <li><a href=„https://github.com/justinabrahms/imhotep“>imhotep</a> - Comment on commits coming into your repository and check for syntactic errors and general lint warnings.</li> <li><a href=„https://github.com/facebook/infer“>Infer</a> - A static analyzer for Java, C and Objective-C</li> <li><a href=„http://www.klocwork.com/products-services/klocwork“ rel=„nofollow“>Klocwork</a> ©️ - Quality and Security Static analysis for C/C++, Java and C#</li> <li><a href=„https://www.kiuwan.com/code-security-sast/“ rel=„nofollow“>Kiuwan</a> ©️ - Identify and remediate cyber threats in a blazingly fast, collaborative environment, with seamlessly integration in your SDLC. Python, C\C++, Java, C#, PHP and more</li> <li><a href=„https://github.com/oclint/oclint“>oclint</a> - A static source code analysis tool to improve quality and reduce defects for C, C++ and Objective-C</li> <li><a href=„https://github.com/facebook/pfff“>pfff</a> - Facebook's tools for code analysis, visualizations, or style-preserving source transformation for many languages</li> <li><a href=„https://pmd.github.io/“ rel=„nofollow“>PMD</a> - A source code analyzer for Java, Javascript, PLSQL, XML, XSL and others</li> <li><a href=„https://github.com/prontolabs/pronto“>Pronto</a> - Quick automated code review of your changes. Supports more than 40 runners for various languages, including Clang, Elixir, JavaSCript, PHP, Ruby and more</li> <li><a href=„https://github.com/pre-commit/pre-commit“>pre-commit</a> - A framework for managing and maintaining multi-language pre-commit hooks.</li> <li><a href=„https://github.com/PositiveTechnologies/PT.PM“>PT.PM</a> - An engine for searching patterns in the source code, based on Unified AST or UST. At present time C#, Java, PHP, PL/SQL, T-SQL, and JavaScript are supported. Patterns can be described within the code or using a DSL.</li> <li><a href=„https://www.viva64.com/en/pvs-studio/“ rel=„nofollow“>PVS-Studio</a> ©️ - a (<a href=„https://www.viva64.com/en/b/0457/“ rel=„nofollow“>conditionaly free</a> for FOSS) static analysis of C/C++ and C# code. For advertising purposes <a href=„https://github.com/viva64/pvs-studio-check-list“>you can propose a large FOSS project for analysis by PVS employees</a>.</li> <li><a href=„https://security-code-scan.github.io/“ rel=„nofollow“>Security Code Scan</a> - Security code analyzer for C# and VB.NET. Detects various security vulnerability patterns: SQLi, XSS, CSRF, XXE, Open Redirect, etc.</li> <li><a href=„https://semmle.com/“ rel=„nofollow“>Semmle QL and LGTM</a> ©️ - Find security vulnerabilities, variants, and critical code quality issues using queries over source code. Automatic PR code review; free for public GitHub/Bitbucket repo: <a href=„https://LGTM.com“ rel=„nofollow“>LGTM.com</a>.</li> <li><a href=„https://github.com/google/shipshape“>shipshape</a> - Static program analysis platform that allows custom analyzers to plug in through a common interface</li> <li><a href=„http://www.sonarqube.org/“ rel=„nofollow“>SonarQube</a> - SonarQube is an open platform to manage code quality.</li> <li><a href=„https://github.com/StanfordPL/stoke“>STOKE</a> - a programming-language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations</li> <li><a href=„https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html“ rel=„nofollow“>Synopsys</a> ©️ - A commercial static analysis platform that allows for scanning of multiple languages (C/C++, Android, C#, Java, JS, PHP, Python, Node.JS, Ruby, Fortran, and Swift)</li> <li><a href=„https://github.com/Tencent/TscanCode“>TscanCode</a> - A fast and accurate static analysis solution for C/C++, C#, Lua codes provided by Tencent. Using GPLv3 license.</li> <li><a href=„https://github.com/Yelp/undebt“>Undebt</a> - Language-independent tool for massive, automatic, programmable refactoring based on simple pattern definitions</li> <li><a href=„http://www.veracode.com/products/static-analysis-sast/static-code-analysis“ rel=„nofollow“>Veracode</a> ©️ - Find flaws in binaries and bytecode without requiring source. Support all major programming languages: Java, .NET, JavaScript, Swift, Objective-C, C, C++ and more.</li> <li><a href=„http://wala.sourceforge.net/wiki/index.php/Main_Page“ rel=„nofollow“>WALA</a> - static analysis capabilities for Java bytecode and related languages and for JavaScript</li> <li><a href=„https://github.com/fimbullinter/wotan“>Wotan</a> - Pluggable TypeScript and JavaScript linter</li> <li><a href=„https://developer.apple.com/xcode/“ rel=„nofollow“>XCode</a> ©️ - XCode provides a pretty decent UI for <a href=„http://clang-analyzer.llvm.org/xcode.html“ rel=„nofollow“>Clang's</a> static code analyzer (C/C++, Obj-C)</li> </ul> <h2><a id=„user-content-build-tools“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#build-tools“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Build tools</h2> <ul><li><a href=„https://github.com/mrtazz/checkmake“>checkmake</a> - Linter / Analyzer for Makefiles</li> <li><a href=„https://github.com/Ericsson/codechecker“>codechecker</a> - a defect database and viewer extension for the Clang Static Analyzer</li> </ul><h2><a id=„user-content-binaries“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#binaries“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Binaries</h2> <ul><li><a href=„https://github.com/Microsoft/binskim“>BinSkim</a> - A binary static analysis tool that provides security and correctness results for Windows portable executables.</li> <li><a href=„https://github.com/jkinder/jakstab“>Jakstab</a> - Jakstab is an Abstract Interpretation-based, integrated disassembly and static analysis framework for designing analyses on executables and recovering reliable control flow graphs.</li> <li><a href=„https://github.com/JusticeRage/Manalyze“>Manalyze</a> - A static analyzer, which checks portable executables for malicious content.</li> <li><a href=„https://github.com/rustwasm/twiggy“>Twiggy</a> - Analyzes a binary's call graph to profile code size. The goal is to slim down binaries.</li> </ul><h2><a id=„user-content-containers“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#containers“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Containers</h2> <ul><li><a href=„https://anchore.io/“ rel=„nofollow“>anchore</a> - Discover, analyze, and certify container images</li> <li><a href=„https://github.com/coreos/clair“>clair</a> - Vulnerability Static Analysis for Containers</li> <li><a href=„https://github.com/banyanops/collector“>collector</a> - Run arbitrary scripts inside containers, and gather useful information</li> <li><a href=„https://github.com/eliasgranderubio/dagda“>dagda</a> - Perform static analysis of known vulnerabilities in docker images/containers.</li> <li><a href=„https://github.com/garethr/docker-label-inspector“>Docker Label Inspector</a> - Lint and validate Dockerfile labels</li> <li><a href=„https://github.com/lukasmartinelli/hadolint“>Haskell Dockerfile Linter</a> - A smarter Dockerfile linter that helps you build best practice Docker images</li> </ul><h2><a id=„user-content-config-files“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#config-files“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Config Files</h2> <ul><li><a href=„https://github.com/yandex/gixy“>gixy</a> - a tool to analyze Nginx configuration. The main goal is to prevent misconfiguration and automate flaw detection.</li> </ul><h2><a id=„user-content-configuration-management“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#configuration-management“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Configuration Management</h2> <ul><li><a href=„https://github.com/willthames/ansible-lint“>ansible-lint</a> - Checks playbooks for practices and behaviour that could potentially be improved</li> <li><a href=„https://github.com/stelligent/cfn_nag“>cfn_nag</a> - A linter for AWS CloudFormation templates.</li> <li><a href=„http://www.foodcritic.io/“ rel=„nofollow“>foodcritic</a> - A lint tool that checks Chef cookbooks for common problems.</li> <li><a href=„https://github.com/rodjek/puppet-lint“>Puppet Lint</a> - Check that your Puppet manifests conform to the style guide.</li> </ul><h2><a id=„user-content-css“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#css“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>CSS</h2> <ul><li><a href=„https://github.com/cssstats/cssstats“>CSS Stats</a> - Potentially interesting stats on stylesheets</li> <li><a href=„https://github.com/csscomb/csscomb.js“>CSScomb</a> - a coding style formatter for CSS. Supports own configurations to make style sheets beautiful and consistent</li> <li><a href=„https://github.com/CSSLint/csslint“>CSSLint</a> - Does basic syntax checking and finds problematic patterns or signs of inefficiency</li> <li><a href=„https://github.com/katiefenn/parker“>Parker</a> - Stylesheet analysis tool</li> <li><a href=„https://github.com/sasstools/sass-lint“>sass-lint</a> - A Node-only Sass linter for both sass and scss syntax.</li> <li><a href=„https://github.com/brigade/scss-lint“>scsslint</a> - Linter for SCSS files</li> <li><a href=„https://github.com/pocketjoso/specificity-graph“>Specificity Graph</a> - CSS Specificity Graph Generator</li> <li><a href=„http://stylelint.io/“ rel=„nofollow“>Stylelint</a> - Linter for SCSS/CSS files</li> </ul><h2><a id=„user-content-gherkin“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#gherkin“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Gherkin</h2> <ul><li><a href=„https://github.com/vsiakka/gherkin-lint“>gherkin-lint</a> - A linter for the Gherkin-Syntax written in Javascript.</li> </ul><h2><a id=„user-content-html“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#html“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>HTML</h2> <ul><li><a href=„https://github.com/philipwalton/html-inspector“>HTML Inspector</a> - HTML Inspector is a code quality tool to help you and your team write better markup.</li> <li><a href=„http://www.html-tidy.org/“ rel=„nofollow“>HTML Tidy</a> - Corrects and cleans up HTML and XML documents by fixing markup errors and upgrading legacy code to modern standards.</li> <li><a href=„https://github.com/yaniswang/HTMLHint“>HTMLHint</a> - A Static Code Analysis Tool for HTML</li> <li><a href=„https://github.com/Polymer/polymer-analyzer“>Polymer-analyzer</a> - A static analysis framework for Web Components.</li> </ul><h2><a id=„user-content-ide-plugins“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#ide-plugins“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>IDE Plugins</h2> <ul><li><a href=„https://github.com/w0rp/ale“>ale</a> - Asynchronous Lint Engine for Vim and NeoVim with support for many languages</li> <li><a href=„https://www.attackflow.com/Extension“ rel=„nofollow“>Attackflow Extension</a> ©️ - Attackflow plugin for Visual Studio, which enables developers to find critical security bugs at real time in the source code without any prior knowledge.</li> <li><a href=„https://github.com/Microsoft/DevSkim“>DevSkim</a> - Inline, realtime security analysis. Works with multiple programming languages and IDEs (VS, VS Code, Sublime Text, …).</li> <li><a href=„https://github.com/pumasecurity/puma-scan“>Puma Scan</a> - Puma Scan provides real time secure code analysis for common vulnerabilities (XSS, SQLi, CSRF, LDAPi, crypto, deserialization, etc.) as development teams write code in Visual Studio.</li> <li><a href=„https://security-code-scan.github.io/“ rel=„nofollow“>Security Code Scan</a> - Security code analyzer for C# and VB.NET that integrates into Visual Studio 2015 and newer. Detects various security vulnerability patterns: SQLi, XSS, CSRF, XXE, Open Redirect, etc.</li> <li><a href=„https://github.com/Kuniwak/vint“>vint</a> - Fast and Highly Extensible Vim script Language Lint implemented by Python.</li> </ul><h2><a id=„user-content-latex“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#latex“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>LaTeX</h2> <ul><li><a href=„http://www.nongnu.org/chktex/“ rel=„nofollow“>ChkTeX</a> - A linter for LaTex which catches some typographic errors LaTeX oversees.</li> <li><a href=„https://www.ctan.org/pkg/lacheck“ rel=„nofollow“>lacheck</a> - A tool for finding common mistakes in LaTeX documents.</li> </ul><h2><a id=„user-content-makefiles“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#makefiles“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Makefiles</h2> <ul><li><a href=„https://www.freebsd.org/cgi/man.cgi?query=portlint&sektion=1&manpath=FreeBSD+8.1-RELEASE+and+Ports“ rel=„nofollow“>portlint</a> - A verifier for FreeBSD and DragonFlyBSD port directories</li> </ul><h2><a id=„user-content-markdown“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#markdown“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Markdown</h2> <ul><li><a href=„https://github.com/mivok/markdownlint“>mdl</a> - A tool to check markdown files and flag style issues.</li> </ul><h2><a id=„user-content-mobile“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#mobile“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Mobile</h2> <ul><li><a href=„https://github.com/passy/android-lint-summary“>android-lint-summary</a> - Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once.</li> <li><a href=„https://github.com/secure-software-engineering/soot-infoflow-android“>FlowDroid</a> - static taint analysis tool for Android applications</li> <li><a href=„https://github.com/GeoffreyHecht/paprika“>paprika</a> - A toolkit to detect some code smells in analyzed Android applications.</li> <li><a href=„https://github.com/linkedin/qark“>qark</a> - Tool to look for several security related Android application vulnerabilities</li> </ul><h2><a id=„user-content-packages“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#packages“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Packages</h2> <ul><li><a href=„https://github.com/Debian/lintian“>lintian</a> - Static analysis tool for Debian packages</li> <li><a href=„https://github.com/rpm-software-management/rpmlint“>rpmlint</a> - Tool for checking common errors in rpm packages</li> </ul><h2><a id=„user-content-supporting-tools“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#supporting-tools“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Supporting Tools</h2> <ul><li><a href=„https://github.com/uni-bremen-agst/libvcs4j“>LibVCS4j</a> - A Java library that allows existing tools to analyse the evolution of software systems by providing a common API for different version control systems and issue trackers.</li> </ul><h2><a id=„user-content-template-languages“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#template-languages“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Template-Languages</h2> <ul><li><a href=„https://github.com/rwjblue/ember-template-lint“>ember-template-lint</a> - Linter for Ember or Handlebars templates.</li> <li><a href=„https://github.com/brigade/haml-lint“>haml-lint</a> - Tool for writing clean and consistent HAML</li> <li><a href=„https://github.com/sds/slim-lint“>slim-lint</a> - Configurable tool for analyzing Slim templates</li> <li><a href=„https://github.com/adrienverge/yamllint“>yamllint</a> - Checks YAML files for syntax validity, key repetition and cosmetic problems such as lines length, trailing spaces, and indentation.</li> </ul><h2><a id=„user-content-translation“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#translation“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Translation</h2> <ul><li><a href=„https://github.com/willkg/dennis/“>dennis</a> - A set of utilities for working with PO files to ease development and improve quality.</li> </ul><h2><a id=„user-content-writing“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#writing“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Writing</h2> <ul><li><a href=„https://github.com/vlajos/misspell-fixer“>misspell-fixer</a> - Quick tool for fixing common misspellings, typos in source code</li> <li><a href=„https://github.com/amperser/proselint/“>proselint</a> - a linter for English prose with a focus on writing style instead of grammar.</li> <li><a href=„https://github.com/ValeLint/vale“>vale</a> - A customizable, syntax-aware linter for prose.</li> <li><a href=„https://github.com/btford/write-good“>write-good</a> - A linter with a focus on eliminating „weasel words“.</li> </ul><h2><a id=„user-content-web-services“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#web-services“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>Web services</h2> <ul><li><a href=„https://www.codacy.com/“ rel=„nofollow“>Codacy</a> ©️ - Code Analysis to ship Better Code, Faster.</li> <li><a href=„https://codeclimate.com/“ rel=„nofollow“>Code Climate</a> ©️ - The open and extensible static analysis platform, for everyone.</li> <li><a href=„https://codefactor.io“ rel=„nofollow“>CodeFactor</a> ©️ - Automated Code Analysis for repos on GitHub or BitBucket.</li> <li><a href=„https://mygamma.io“ rel=„nofollow“>Gamma</a> ©️ - An intelligent software analytics platform that identifies issues from multiple lenses: Design issues, code issues, duplication and metrics. Available for Java, C, C++ and C#.</li> <li><a href=„https://www.kiuwan.com/“ rel=„nofollow“>kiuwan</a> ©️ - Software Analytics in the Cloud supporting more than 22 programming languages.</li> <li><a href=„https://landscape.io/“ rel=„nofollow“>Landscape</a> ©️ - Static code analysis for Python</li> <li><a href=„https://layeredinsight.com/“ rel=„nofollow“>Layered Insight</a> ©️ - Container native application protection to provide visibility and control of containerized applications.</li> <li><a href=„https://lgtm.com/“ rel=„nofollow“>LGTM.com</a> ©️ - Deep code analysis for GitHub and Bitbucket to find security vulnerabilities and critical code quality issues (using Semmle QL). Automatic code review for pull requests; free for public repositories.</li> <li><a href=„https://nitpick-ci.com“ rel=„nofollow“>Nitpick CI</a> ©️ - Automated PHP code review</li> <li><a href=„https://www.quantifiedcode.com/“ rel=„nofollow“>QuantifiedCode</a> - Automated code review & repair</li> <li><a href=„https://scrutinizer-ci.com/“ rel=„nofollow“>Scrutinizer</a> ©️ - A proprietery code quality checker that can be integrated with GitHub</li> <li><a href=„https://insight.sensiolabs.com/“ rel=„nofollow“>SensioLabs Insight</a> ©️ - Detect security risks, find bugs and provide actionable metrics for PHP projects</li> <li><a href=„https://sider.review“ rel=„nofollow“>Sider</a> ©️ - An automated code reviewing tool. Improving developers' productivity.</li> <li><a href=„https://snyk.io/“ rel=„nofollow“>Snyk</a> ©️ - Vulnerability scanner for dependencies of node.js apps (free for Open Source Projects)</li> <li><a href=„http://www.teamscale.com/“ rel=„nofollow“>Teamscale</a> ©️ - Static and dynamic analysis tool supporting more than 25 languages and direct IDE integration. Free hosting for Open Source projects available on request. Free academic licenses available.</li> <li><a href=„https://www.jetbrains.com/upsource/“ rel=„nofollow“>Upsource</a> ©️ - Code review tool with static code analysis and code-aware navigation for Java, PHP, JavaScript and Kotlin.</li> </ul> <ul><li><a href=„https://github.com/dominikh/go-tools“>go-tools</a> - A collection of tools and libraries for working with Go code, including linters and static analysis</li> <li><a href=„https://github.com/mcandre/linters“>linters</a> - An introduction to static code analysis</li> <li><a href=„https://github.com/exakat/php-static-analysis-tools“>php-static-analysis-tools</a> - A reviewed list of useful PHP static analysis tools</li> <li><a href=„https://www.peerlyst.com/posts/a-list-of-static-analysis-tools-for-c-c-peerlyst?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_resources“ rel=„nofollow“>Tools for C/C++</a> - A list of static analysis tools for C/C++</li> <li><a href=„http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis“ rel=„nofollow“>Wikipedia</a> - A list of tools for static code analysis.</li> </ul><h2><a id=„user-content-license“ class=„anchor“ aria-hidden=„true“ href=„https://github.com/mre/awesome-static-analysis#license“><svg class=„octicon octicon-link“ viewbox=„0 0 16 16“ version=„1.1“ width=„16“ height=„16“ aria-hidden=„true“/></a>License</h2> <p><a href=„https://creativecommons.org/publicdomain/zero/1.0/“ rel=„nofollow“><img src=„https://camo.githubusercontent.com/da896acd40e1f4f275c2da6e1d830b2865803fc8/68747470733a2f2f692e6372656174697665636f6d6d6f6e732e6f72672f702f7a65726f2f312e302f38387833312e706e67“ alt=„CC0“ data-canonical-src=„https://i.creativecommons.org/p/zero/1.0/88x31.png“ class=„c1“/></a></p> <p>To the extent possible under law, <a href=„http://matthias-endler.de“ rel=„nofollow“>Matthias Endler</a> has waived all copyright and related or neighboring rights to this work. Title image <a href=„http://www.freepik.com“ rel=„nofollow“>Designed by Freepik</a>.</p> </article></div> </html>