phpinspectionsea - A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

  •        90

This project is an OSS Static Code Analysis tool for PhpStorm (2016.2+) and Idea Ultimate. Some of inspections are expecting conditional statements (e.g. "if") to use group statement for wrapping body expressions. If this requirement is met then additional inspections are applied to the source code.



Related Projects

idea-php-laravel-plugin - Laravel Framework Plugin for PhpStorm / IntelliJ IDEA

  •    Java

To install, go to Settings > Plugins and search for "Laravel Plugin". Once installed, you must activate per-project by going to Settings > Languages & Frameworks > PHP > Laravel and clicking "Enable for this project".

idea-php-symfony2-plugin - IntelliJ IDEA / PhpStorm Symfony Plugin

  •    Java

If your issue already exists, don't hesitate to add a comment to help contributors resolve the issue more easily. If your issue does not exist, open a new issue 😃.

PHPStan - PHP Static Analysis Tool - discover bugs in your code without running it!

  •    PHP

PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code.PHPStan moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line.

awesome-static-analysis - A curated list of static analysis tools, linters and code quality checkers for various programming languages


This is a collection of static analysis tools and code quality checkers. Pull requests are very welcome! Note: ©️ stands for proprietary software. All other tools are Open Source. To the extent possible under law, Matthias Endler has waived all copyright and related or neighboring rights to this work. Title image Designed by Freepik.

prealloc - prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated

  •    Go

prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated. Similar to other Go static analysis tools (such as golint, go vet), prealloc can be invoked with one or more filenames, directories, or packages named by its import path. Prealloc also supports the ... wildcard.

phan - Phan is a static analyzer for PHP

  •    PHP

Phan is a static analyzer for PHP that prefers to minimize false-positives. Phan attempts to prove incorrectness rather than correctness. Phan looks for common issues and will verify type compatibility on various operations when type information is available or can be deduced. Phan has a good (but not comprehensive) understanding of flow control and does not attempt to track values.

scapegoat - Scala compiler plugin for static code analysis

  •    Scala

Scapegoat is a Scala static code analyzer, what is more colloquially known as a code lint tool or linter. Scapegoat works in a similar vein to Java's FindBugs or checkstyle, or Scala's Scalastyle. A static code analyzer is a tool that flags suspicious language usage in code. This can include behavior likely to lead to bugs, non idiomatic usage of a language, or just code that doesn't conform to specified style guidelines.

idea-composer-plugin - PhpStorm plugin that adds code completion in composer.json file

  •    Scala

Adds code completion, inspections and more to composer.json file. There you can find plugin homepage.

PMD - An extensible cross-language static code analyzer

  •    Java

PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Apex and Visualforce, PLSQL, Apache Velocity, XML, XSL.

dart-code-metrics - Software analytics tool that helps developers analyse and improve software quality

  •    Dart

Dart Code Metrics is a static analysis tool that helps you analyse and improve your code quality. A plugin for the Dart analyzer package providing additional rules from Dart Code Metrics. All issues produced by rules or anti-patterns will be highlighted in IDE.

Codelyzer - Static analysis for Angular projects.

  •    TypeScript

A set of tslint rules for static code analysis of Angular TypeScript projects.You can run the static code analyzer over web apps, NativeScript, Ionic, etc.

codechecker - CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy

  •    Python

CodeChecker is a static analysis infrastructure built on the LLVM/Clang Static Analyzer toolchain, replacing scan-build in a Linux or macOS (OS X) development environment. In OSX environment the intercept-build tool from scan-build is used to log the compiler invocations.

gokart - A static analysis tool for securing Go code

  •    Go

GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For instance, a SQL query that is concatenated with a variable might traditionally be flagged as SQL injection; however, GoKart can figure out if the variable is actually a constant or constant equivalent, in which case there is no vulnerability. Static analysis is a powerful technique for finding vulnerabilities in source code. However, the approach has suffered from being noisy - that is, many static analysis tools find quite a few "vulnerabilities" that are not actually real. This has led to developer friction as users get tired of the tools "crying wolf" one time too many.

ApplicationInspector - A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine

  •    CSharp

Microsoft Application Inspector is a software source code characterization tool that helps identify coding features of first or third party software components based on well-known library/API calls and is helpful in security and non-security use cases. It uses hundreds of rules and regex patterns to surface interesting characteristics of source code to aid in determining what the software is or what it does from what file operations it uses, encryption, shell operations, cloud API's, frameworks and more and has received industry attention as a new and valuable contribution to OSS on ZDNet, SecurityWeek, CSOOnline,, HelpNetSecurity, Twitter and more and was first featured on Application Inspector is different from traditional static analysis tools in that it doesn't attempt to identify "good" or "bad" patterns; it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security such as the use of cryptography and more. This can be extremely helpful in reducing the time needed to determine what Open Source or other components do by examining the source directly rather than trusting to limited documentation or recommendations.

ideavim - Vim emulation plug-in for IDEs based on the IntelliJ platform.

  •    Java

IdeaVim is a Vim emulation plugin for IDEs based on the IntelliJ platform. IdeaVim can be used with IntelliJ IDEA, RubyMine, PyCharm, PhpStorm, WebStorm, AppCode, CLion, DataGrip and Android Studio.Use the IDE's plugin manager to install the latest version of the plugin. Start the IDE normally and enable the Vim emulation using "Tools | Vim Emulator" menu item. At this point you must use Vim keystrokes in all editors.

linter - Static Analysis Compiler Plugin for Scala

  •    Scala

Linter is a Scala static analysis compiler plugin which adds compile-time checks for various possible bugs, inefficiencies, and style problems. Please help support the development of Linter.

Infer - A static analyzer for Java, C and Objective-C

  •    OCaml

A static analyzer for Java, C and Objective-C. It is a tool to detect bugs in Android and iOS apps.

jedi - Awesome autocompletion and static analysis library for python.

  •    Python

If you have specific questions, please add an issue or ask on Stack Overflow with the label python-jedi. Jedi is a static analysis tool for Python that can be used in IDEs/editors. Its historic focus is autocompletion, but does static analysis for now as well. Jedi is fast and is very well tested. It understands Python on a deeper level than all other static analysis frameworks for Python.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.