FindBugs uses static analysis to look for bugs in Java code. it can analyze programs compiled for any version of Java. Eclipse and Maven plugins are available. FindBugs has been downloaded more than 700,000 times.
http://findbugs.sourceforge.net/Tags | code-quality static-analysis code-analysis |
Implementation | Java |
License | LGPL |
Platform | OS-Independent |
SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community. SpotBugs is a program which uses static analysis to look for bugs in Java code.
findbugs static-analysis code-analysis static-code-analysis linterThis is a collection of static analysis tools and code quality checkers. Pull requests are very welcome! Note: ©️ stands for proprietary software. All other tools are Open Source. To the extent possible under law, Matthias Endler has waived all copyright and related or neighboring rights to this work. Title image Designed by Freepik.
static-analysis quality static-analyzers awesome linter list code-quality awesome-list programming-languagecodeclimate is a command line interface for the Code Climate analysis platform. It allows you to run Code Climate engines on your local machine inside of Docker containers. The Code Climate CLI is distributed and run as a Docker image. The engines that perform the actual analyses are also Docker images. To support this, you must have Docker installed and running locally. We also require that the Docker daemon supports connections on the default Unix socket /var/run/docker.sock.
climate-cli quality code-quality static-analysis static-code-analysis codeclimate codeclimate-engine dockerPMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, PLSQL, Apache Velocity, XML, XSL.
code-analysis code-quality static-analysis static-code-analysis duplicate-codePylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions. It's highly configurable, having special pragmas to control its errors and warnings from within your code, as well as from an extensive configuration file. It is also possible to write your own plugins for adding your own checks or for extending pylint in one way or another.
static-analysis linter static-code-analysis code-quality pep8HTMLHint is a Static Code Analysis Tool for HTML, you can use it with IDE or in build system. Prerequisites: Node.js (>=6.14), npm version 3+.
htmlhint html hint code-quality code-analysis analysisCheckstyle is a tool to help programmers write Java code that adheres to a coding standard. Checkstyle is highly configurable and can be made to support almost any coding standard. Checkstyle provides checks that find class design problems, duplicate code, or bug patterns like double checked locking. This tool could be integrated as Ant task.
code-quality static-analysis static-code-analysis code-analysis coding-standardsCSSLint is an open source CSS code quality tool originally written by Nicholas C. Zakas and Nicole Sullivan. It was released in June 2011 at the Velocity conference.A lint tool performs static analysis of source code and flags patterns that might be errors or otherwise cause problems for the developer.
static-code-analysis static-analysis lint css-lintScapegoat is a Scala static code analyzer, what is more colloquially known as a code lint tool or linter. Scapegoat works in a similar vein to Java's FindBugs or checkstyle, or Scala's Scalastyle. A static code analyzer is a tool that flags suspicious language usage in code. This can include behavior likely to lead to bugs, non idiomatic usage of a language, or just code that doesn't conform to specified style guidelines.
scala-compiler inspectionPhpDependencyAnalysis is an extendable static code analysis for object-oriented PHP-Projects to generate dependency graphs from abstract datatypes (Classes, Interfaces and Traits) based on namespaces. Dependencies can be aggregated to build graphs for several levels, like Package-Level or Layer-Level. Each dependency can be verified to a defined architecture. Read the Introduction-Chapter for further informations.
dependency-graph code-analysis code-quality reference-architectureDart Code Metrics is a static analysis tool that helps you analyse and improve your code quality. A plugin for the Dart analyzer package providing additional rules from Dart Code Metrics. All issues produced by rules or anti-patterns will be highlighted in IDE.
dart cli quality analysis tool metrics analyzer codeclimate flutter anti-patterns code-metrics dartlang antipatterns analyzer-pluginRubyCritic is a gem that wraps around static analysis gems such as Reek, Flay and Flog to provide a quality report of your Ruby code.
static-analysis quality-reporter metrics best-practicesOCLint is a static code analysis tool for improving quality and reducing defects by inspecting C, C++ and Objective-C code.
GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For instance, a SQL query that is concatenated with a variable might traditionally be flagged as SQL injection; however, GoKart can figure out if the variable is actually a constant or constant equivalent, in which case there is no vulnerability. Static analysis is a powerful technique for finding vulnerabilities in source code. However, the approach has suffered from being noisy - that is, many static analysis tools find quite a few "vulnerabilities" that are not actually real. This has led to developer friction as users get tired of the tools "crying wolf" one time too many.
security static-code-analysis static-analysis security-toolsCodeNarc analyzes Groovy code for defects, bad practices, inconsistencies, style issues, coding standards, best practices and more. CodeNarc triggers violations based on rules which are predefined or custom rules. The static analysis report is generated in XML or HTML format. It is well integrated with the Ant Task and plugins exist for Maven, Gradle, Grails, Griffon, Sonar and Hudson.
code-quality static-analysisJSHint is a community-driven tool to detect errors in JavaScript code and enforce your team's coding conventions.
static-code-checker code-analysis code-quality lintInstall goreporter (see above).You have to confirm that your project is operational. In particular, the problem with vendor, when the package is not found in the default path, goreporter will look again from the possible vendor path.
codereview reporter golang-tools test staticcheck linter unit-testing static-analysis unit-test examination quality-reportJlint will check your Java code and find bugs, inconsistencies and synchronization problems by doing data flow analysis and building the lock graph. Jlint is extremely fast. It is easy to learn and requires no changes to the class files. Jlint has been used in an industrial environment and successfully uncovered faults with little effort.
code-quality static-analysisSemgrep is a command-line tool for offline static analysis. Use pre-built or custom rules to enforce code and security standards in your codebase. Semgrep combines the convenient and iterative style of grep with the powerful features of an Abstract Syntax Tree (AST) matcher and limited dataflow. Easily find function calls, class or method definitions, and more without having to understand ASTs or wrestle with regexes.
static-analysis code-analysis static-code-analysis code-standards
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.