haxe-checkstyle - Haxe Checkstyle

  •        4

Haxe Checkstyle is a static analysis tool to help developers write Haxe code that adheres to a coding standard. It automates the process of checking Haxe code to spare developers of this boring (but important) task.



grunt : latest
grunt-cli : latest



Related Projects

Checkstyle - Checks Java coding standard

  •    Java

Checkstyle is a tool to help programmers write Java code that adheres to a coding standard. Checkstyle is highly configurable and can be made to support almost any coding standard. Checkstyle provides checks that find class design problems, duplicate code, or bug patterns like double checked locking. This tool could be integrated as Ant task.

CodeNarc - Static Analysis for Groovy

  •    Groovy

CodeNarc analyzes Groovy code for defects, bad practices, inconsistencies, style issues, coding standards, best practices and more. CodeNarc triggers violations based on rules which are predefined or custom rules. The static analysis report is generated in XML or HTML format. It is well integrated with the Ant Task and plugins exist for Maven, Gradle, Grails, Griffon, Sonar and Hudson.

Semgrep - Lightweight static analysis for many languages

  •    Python

Semgrep is a command-line tool for offline static analysis. Use pre-built or custom rules to enforce code and security standards in your codebase. Semgrep combines the convenient and iterative style of grep with the powerful features of an Abstract Syntax Tree (AST) matcher and limited dataflow. Easily find function calls, class or method definitions, and more without having to understand ASTs or wrestle with regexes.

tailor - Cross-platform static analyzer and linter for Swift.

  •    Java

Tailor is a cross-platform static analysis and lint tool for source code written in Apple's Swift programming language. It analyzes your code to ensure consistent styling and help avoid bugs. Tailor supports Swift 3.0.1 out of the box and helps enforce style guidelines outlined in the The Swift Programming Language, GitHub, Ray Wenderlich, and Coursera style guides. It supports cross-platform usage and can be run on Mac OS X via your shell or integrated with Xcode, as well as on Linux and Windows.

jsprime - a javascript static security analysis tool

  •    Javascript

Today, more and more developers are switching to JavaScript as their first choice of language. The reason is simple JavaScript has now been started to be accepted as the mainstream programming for applications, be it on the web or on the mobile; be it on client-side, be it on the server side. JavaScript flexibility and its loose typing is friendly to developers to create rich applications at an unbelievable speed. Major advancements in the performance of JavaScript interpreters, in recent days, have almost eliminated the question of scalability and throughput from many organizations. So the point is JavaScript is now a really important and powerful language we have today and it's usage growing everyday. From client-side code in web applications it grew to server-side through Node.JS and it's now supported as proper language to write applications on major mobile operating system platforms like Windows 8 apps and the upcoming Firefox OS apps. But the problem is, many developers practice insecure coding which leads to many client side attacks, out of which DOM XSS is the most infamous. We tried to understand the root cause of this problem and figured out is that there are not enough practically usable tools that can solve real-world problems. Hence as our first attempt towards solving this problem, we want to talk about JSPrime: A JavaScript static analysis tool for the rest of us. It's a very light-weight and very easy to use point-and-click tool! The static analysis tool is based on the very popular Esprima ECMAScript parser by Aria Hidayat.

PHP_CodeSniffer - PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards

  •    PHP

PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent. PHP_CodeSniffer requires PHP version 5.4.0 or greater, although individual sniffs may have additional requirements such as external applications and scripts. See the Configuration Options manual page for a list of these requirements.

Codelyzer - Static analysis for Angular projects.

  •    TypeScript

A set of tslint rules for static code analysis of Angular TypeScript projects.You can run the static code analyzer over web apps, NativeScript, Ionic, etc.

linter - Static Analysis Compiler Plugin for Scala

  •    Scala

Linter is a Scala static analysis compiler plugin which adds compile-time checks for various possible bugs, inefficiencies, and style problems. Please help support the development of Linter.

credo - A static code analysis tool for the Elixir language with a focus on code consistency and teaching

  •    Elixir

Credo is a static code analysis tool for the Elixir language with a focus on teaching and code consistency. It implements its own style guide.

JAADAS - Joint Advanced Defect assEsment for android applications

  •    Java

This is Joint Advanced Defect Assessment framework for android applications (JAADS, original name JADE renamed to avoid potential trademark issue), written in 2014. JAADAS is a tool written in Java and Scala with the power of Soot to provide both interprocedure and intraprocedure static analysis for android applications. Its features include API misuse analysis, local-denial-of-service (intent crash) analysis, inter-procedure style taint flow analysis (from intent to sensitive API, i.e. getting a parcelable from intent, and use it to start activity). JAADAS can also combines multidex into one and analysis them altogether. Most of JAADAS's detection capabilities can be defined in groovy config file and text file (soot's source and sink file).

pylint - It's not just a linter that annoys you!

  •    Python

Pylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions. It's highly configurable, having special pragmas to control its errors and warnings from within your code, as well as from an extensive configuration file. It is also possible to write your own plugins for adding your own checks or for extending pylint in one way or another.

android-check - Static code analysis plugin for Android project. (Checkstyle, PMD)

  •    Groovy

Static code analysis plugin for Android project. Recommended configuration is a default one (empty).

PMD - An extensible cross-language static code analyzer

  •    Java

PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, PLSQL, Apache Velocity, XML, XSL.

prealloc - prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated

  •    Go

prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated. Similar to other Go static analysis tools (such as golint, go vet), prealloc can be invoked with one or more filenames, directories, or packages named by its import path. Prealloc also supports the ... wildcard.

languagetool - Style and Grammar Checker for 25+ Languages

  •    Java

LanguageTool is an Open Source proofreading software for English, French, German, Polish, Russian, and more than 20 other languages. It finds many errors that a simple spell checker cannot detect. LanguageTool is freely available under the LGPL 2.1 or later.

jedi - Awesome autocompletion and static analysis library for python.

  •    Python

If you have specific questions, please add an issue or ask on Stack Overflow with the label python-jedi. Jedi is a static analysis tool for Python that can be used in IDEs/editors. Its historic focus is autocompletion, but does static analysis for now as well. Jedi is fast and is very well tested. It understands Python on a deeper level than all other static analysis frameworks for Python.

Mobile-Security-Framework-MobSF - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing

  •    Python

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.

awesome-static-analysis - A curated list of static analysis tools, linters and code quality checkers for various programming languages


This is a collection of static analysis tools and code quality checkers. Pull requests are very welcome! Note: ©️ stands for proprietary software. All other tools are Open Source. To the extent possible under law, Matthias Endler has waived all copyright and related or neighboring rights to this work. Title image Designed by Freepik.