Pyright is a fast type checker meant for large Python source bases. It can run in a “watch” mode and performs fast incremental updates when files are modified. Pyright does not require a Python environment or imported third-party packages to be installed. Pyright includes both a command-line tool and an extension for Visual Studio Code that implements the Language Server Protocol.
https://github.com/Microsoft/pyrightTags | static-code-analysis code-analysis static-checker |
Implementation | Python |
License | MIT |
Platform | Windows Linux |
GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For instance, a SQL query that is concatenated with a variable might traditionally be flagged as SQL injection; however, GoKart can figure out if the variable is actually a constant or constant equivalent, in which case there is no vulnerability. Static analysis is a powerful technique for finding vulnerabilities in source code. However, the approach has suffered from being noisy - that is, many static analysis tools find quite a few "vulnerabilities" that are not actually real. This has led to developer friction as users get tired of the tools "crying wolf" one time too many.
security static-code-analysis static-analysis security-toolsMicrosoft Application Inspector is a software source code characterization tool that helps identify coding features of first or third party software components based on well-known library/API calls and is helpful in security and non-security use cases. It uses hundreds of rules and regex patterns to surface interesting characteristics of source code to aid in determining what the software is or what it does from what file operations it uses, encryption, shell operations, cloud API's, frameworks and more and has received industry attention as a new and valuable contribution to OSS on ZDNet, SecurityWeek, CSOOnline, Linux.com/news, HelpNetSecurity, Twitter and more and was first featured on Microsoft.com. Application Inspector is different from traditional static analysis tools in that it doesn't attempt to identify "good" or "bad" patterns; it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security such as the use of cryptography and more. This can be extremely helpful in reducing the time needed to determine what Open Source or other components do by examining the source directly rather than trusting to limited documentation or recommendations.
detection static-analysis security-scanner security-tools software-characterization application-inspectorSemgrep is a command-line tool for offline static analysis. Use pre-built or custom rules to enforce code and security standards in your codebase. Semgrep combines the convenient and iterative style of grep with the powerful features of an Abstract Syntax Tree (AST) matcher and limited dataflow. Easily find function calls, class or method definitions, and more without having to understand ASTs or wrestle with regexes.
static-analysis code-analysis static-code-analysis code-standardsAdds static typing to JavaScript to improve developer productivity and code quality.
static-code-checker code-analysis code-qualityJSHint is a community-driven tool to detect errors in JavaScript code and enforce your team's coding conventions.
static-code-checker code-analysis code-quality lintSpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community. SpotBugs is a program which uses static analysis to look for bugs in Java code.
findbugs static-analysis code-analysis static-code-analysis linterThis is a collection of static analysis tools and code quality checkers. Pull requests are very welcome! Note: ©️ stands for proprietary software. All other tools are Open Source. To the extent possible under law, Matthias Endler has waived all copyright and related or neighboring rights to this work. Title image Designed by Freepik.
static-analysis quality static-analyzers awesome linter list code-quality awesome-list programming-languageThis project is an OSS Static Code Analysis tool for PhpStorm (2016.2+) and Idea Ultimate. Some of inspections are expecting conditional statements (e.g. "if") to use group statement for wrapping body expressions. If this requirement is met then additional inspections are applied to the source code.
phpstorm static-analysis php7 awesome intellij intellij-plugin static-code-analysis static-analyzer phpstorm-pluginCredo is a static code analysis tool for the Elixir language with a focus on teaching and code consistency. It implements its own style guide.
elixir code-analysis static-analysis linter credoPHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code.PHPStan moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line.
phpstan static-analysis php7 testing static-code-analysis static-analyzerPMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, PLSQL, Apache Velocity, XML, XSL.
code-analysis code-quality static-analysis static-code-analysis duplicate-codeThe Checker Framework enhances Java's type system to make it more powerful and useful. This lets software developers detect and prevent errors in their Java programs. The Checker Framework includes compiler plug-ins ("checkers") that find bugs or verify their absence. It also permits you to write your own compiler plug-ins.
code-analysis static-code-analysis find-bugsInspects source code for security problems by scanning the Go AST. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License here.
security security-tools security-automation static-analysis static-code-analysisprealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated. Similar to other Go static analysis tools (such as golint, go vet), prealloc can be invoked with one or more filenames, directories, or packages named by its import path. Prealloc also supports the ... wildcard.
static-code-analysis static-analyzer static-analysis prealloc-suggestions sliceA set of tslint rules for static code analysis of Angular TypeScript projects.You can run the static code analyzer over web apps, NativeScript, Ionic, etc.
codelyzer angular tslint linting static-code-analysis style-guide angular-cli styleguide nglint lintFindBugs uses static analysis to look for bugs in Java code. it can analyze programs compiled for any version of Java. Eclipse and Maven plugins are available. FindBugs has been downloaded more than 700,000 times.
code-quality static-analysis code-analysisPylint is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions. It's highly configurable, having special pragmas to control its errors and warnings from within your code, as well as from an extensive configuration file. It is also possible to write your own plugins for adding your own checks or for extending pylint in one way or another.
static-analysis linter static-code-analysis code-quality pep8Shareable configs are designed to work with the extends feature of .eslintrc files. You can learn more about Shareable Configs on the official ESLint website.Note: We omitted the eslint-config- prefix since it is automatically assumed by ESLint.
development ecmascript es6 eslint linter standard static-code-analysis style-guide nodejs javascript-standard-style check checker code code-checker code-linter code-standards code-style enforce eslintconfig hint jscs jshint lint policy quality simple standard-style style style-checker style-linter verifyMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.
static-analysis dynamic-analysis mobsf android-security mobile-security windows-mobile-security ios-security mobile-security-framework api-testing web-security malware-analysis runtime-security ci-cd devsecops apk ipaSPDisposeCheck Static Code Analysis Ruleset allows SharePoint 2010 developers to ensure SharePoint APIs are properly disposed using Visual Studio 2012.
sharepoint sharepoint-2010 spdisposecheck static-code-analysis visual-studio-2012
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.