awesome-static-analysis - A curated list of static analysis tools, linters and code quality checkers for various programming languages

•    

---

This is a collection of static analysis tools and code quality checkers. Pull requests are very welcome! Note: ©️ stands for proprietary software. All other tools are Open Source. To the extent possible under law, Matthias Endler has waived all copyright and related or neighboring rights to this work. Title image Designed by Freepik.

static-analysis quality static-analyzers awesome linter list code-quality awesome-list programming-language

Jlint

•    Java

---

Jlint will check your Java code and find bugs, inconsistencies and synchronization problems by doing data flow analysis on the code and building the lock graph. Jlint is fast, easy to learn, and requires no changes in the class files to be checked.

codeclimate - Code Climate CLI

•    Ruby

---

codeclimate is a command line interface for the Code Climate analysis platform. It allows you to run Code Climate engines on your local machine inside of Docker containers. The Code Climate CLI is distributed and run as a Docker image. The engines that perform the actual analyses are also Docker images. To support this, you must have Docker installed and running locally. We also require that the Docker daemon supports connections on the default Unix socket /var/run/docker.sock.

climate-cli quality code-quality static-analysis static-code-analysis codeclimate codeclimate-engine docker

PMD - An extensible cross-language static code analyzer

•    Java

---

PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, PLSQL, Apache Velocity, XML, XSL.

code-analysis code-quality static-analysis static-code-analysis duplicate-code

rubycritic - A Ruby code quality reporter

•    Javascript

---

RubyCritic is a gem that wraps around static analysis gems such as Reek, Flay and Flog to provide a quality report of your Ruby code.

static-analysis quality-reporter metrics best-practices

FindBugs - Static Analysis Tool for Java

•    Java

---

FindBugs uses static analysis to look for bugs in Java code. it can analyze programs compiled for any version of Java. Eclipse and Maven plugins are available. FindBugs has been downloaded more than 700,000 times.

code-quality static-analysis code-analysis

pylint - It's not just a linter that annoys you!

•    Python

---

Pylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions. It's highly configurable, having special pragmas to control its errors and warnings from within your code, as well as from an extensive configuration file. It is also possible to write your own plugins for adding your own checks or for extending pylint in one way or another.

static-analysis linter static-code-analysis code-quality pep8

oclint - A static source code analysis tool to improve quality and reduce defects for C, C++ and Objective-C

•    C++

---

OCLint is a static code analysis tool for improving quality and reducing defects by inspecting C, C++ and Objective-C code.

dart-code-metrics - Software analytics tool that helps developers analyse and improve software quality

•    Dart

---

Dart Code Metrics is a static analysis tool that helps you analyse and improve your code quality. A plugin for the Dart analyzer package providing additional rules from Dart Code Metrics. All issues produced by rules or anti-patterns will be highlighted in IDE.

dart cli quality analysis tool metrics analyzer codeclimate flutter anti-patterns code-metrics dartlang antipatterns analyzer-plugin

csslint - Automated linting of Cascading Stylesheets

•    Javascript

---

CSSLint is an open source CSS code quality tool originally written by Nicholas C. Zakas and Nicole Sullivan. It was released in June 2011 at the Velocity conference.A lint tool performs static analysis of source code and flags patterns that might be errors or otherwise cause problems for the developer.

static-code-analysis static-analysis lint css-lint

HTMLHint - ⚙️ The Static Code Analysis Tool you need for your HTML

•    Javascript

---

HTMLHint is a Static Code Analysis Tool for HTML, you can use it with IDE or in build system. Prerequisites: Node.js (>=6.14), npm version 3+.

htmlhint html hint code-quality code-analysis analysis

Flow - A static type checker for JavaScript

•    OCaml

---

Adds static typing to JavaScript to improve developer productivity and code quality.

static-code-checker code-analysis code-quality

goreporter - A Golang tool that does static analysis, unit testing, code review and generate code quality report

•    Go

---

Install goreporter (see above).You have to confirm that your project is operational. In particular, the problem with vendor, when the package is not found in the default path, goreporter will look again from the possible vendor path.

codereview reporter golang-tools test staticcheck linter unit-testing static-analysis unit-test examination quality-report

Checkstyle - Checks Java coding standard

•    Java

---

Checkstyle is a tool to help programmers write Java code that adheres to a coding standard. Checkstyle is highly configurable and can be made to support almost any coding standard. Checkstyle provides checks that find class design problems, duplicate code, or bug patterns like double checked locking. This tool could be integrated as Ant task.

code-quality static-analysis static-code-analysis code-analysis coding-standards

Sonarqube - Continuous Code Quality

•    Java

---

SonarQube is the open source platform for continuous inspection of code quality. SonarQube provides the capability to not only show health of an application but also to highlight issues newly introduced. With a Quality Gate in place, you can fix the leak and therefore improve code quality systematically. Code analyzers can detect tricky issues such as null-pointers dereferences, logic errors, resource leaks.

sonarqube code-quality static-code-analysis

CodeNarc - Static Analysis for Groovy

•    Groovy

---

CodeNarc analyzes Groovy code for defects, bad practices, inconsistencies, style issues, coding standards, best practices and more. CodeNarc triggers violations based on rules which are predefined or custom rules. The static analysis report is generated in XML or HTML format. It is well integrated with the Ant Task and plugins exist for Maven, Gradle, Grails, Griffon, Sonar and Hudson.

code-quality static-analysis

sonar-dotnet - Code analyzer for C# and VB

•    CSharp

---

Code Analyzer for C#

c-sharp sonarqube static-analysis static-analyzer static-code-analysis code-quality language-team

PhpDependencyAnalysis - Static code analysis to find violations in a dependency graph

•    PHP

---

PhpDependencyAnalysis is an extendable static code analysis for object-oriented PHP-Projects to generate dependency graphs from abstract datatypes (Classes, Interfaces and Traits) based on namespaces. Dependencies can be aggregated to build graphs for several levels, like Package-Level or Layer-Level. Each dependency can be verified to a defined architecture. Read the Introduction-Chapter for further informations.

dependency-graph code-analysis code-quality reference-architecture

JSHint - A Static Code Analysis Tool for JavaScript

•    Javascript

---

JSHint is a community-driven tool to detect errors in JavaScript code and enforce your team's coding conventions.

static-code-checker code-analysis code-quality lint

phpqa - Docker image that provides static analysis tools for PHP

•    PHP

---

Docker image providing static analysis tools for PHP. Add it to your ~/.bashrc so it's defined every time you start a new terminal session.

docker qatools qa static-analysis documentation docker-image php-cs-fixer phpdoc composer phpqa phpqatools code-quality phpmetrics php-codesniffer pdepend phpmd phploc phpcpd phpunit