PHPStan - PHP Static Analysis Tool - discover bugs in your code without running it!

  •        100

PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code.PHPStan moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line.

https://github.com/phpstan/phpstan

Tags
Implementation
License
Platform

   




Related Projects

larastan - Larastan - Discover bugs in your code without running it. A Phpstan wrapper for Laravel.

  •    PHP

Larastan was created by, and is maintained by Nuno Maduro, and is a phpstan/phpstan wrapper for Laravel. Larastan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. Once you have installed Larastan, you may start analyzing your code using the code:analyse Artisan command.

phpinspectionsea - A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

  •    Java

This project is an OSS Static Code Analysis tool for PhpStorm (2016.2+) and Idea Ultimate. Some of inspections are expecting conditional statements (e.g. "if") to use group statement for wrapping body expressions. If this requirement is met then additional inspections are applied to the source code.

prealloc - prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated

  •    Go

prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated. Similar to other Go static analysis tools (such as golint, go vet), prealloc can be invoked with one or more filenames, directories, or packages named by its import path. Prealloc also supports the ... wildcard.

phan - Phan is a static analyzer for PHP

  •    PHP

Phan is a static analyzer for PHP that prefers to minimize false-positives. Phan attempts to prove incorrectness rather than correctness. Phan looks for common issues and will verify type compatibility on various operations when type information is available or can be deduced. Phan has a good (but not comprehensive) understanding of flow control and does not attempt to track values.

PMD - An extensible cross-language static code analyzer

  •    Java

PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, PLSQL, Apache Velocity, XML, XSL.


Mobile-Security-Framework-MobSF - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing

  •    Python

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.

Codelyzer - Static analysis for Angular projects.

  •    TypeScript

A set of tslint rules for static code analysis of Angular TypeScript projects.You can run the static code analyzer over web apps, NativeScript, Ionic, etc.

codechecker - CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy

  •    Python

CodeChecker is a static analysis infrastructure built on the LLVM/Clang Static Analyzer toolchain, replacing scan-build in a Linux or macOS (OS X) development environment. In OSX environment the intercept-build tool from scan-build is used to log the compiler invocations.

Infer - A static analyzer for Java, C and Objective-C

  •    OCaml

A static analyzer for Java, C and Objective-C. It is a tool to detect bugs in Android and iOS apps.

psalm - A static analysis tool for finding errors in PHP applications

  •    PHP

Psalm is a static analysis tool for finding errors in PHP applications, built on top of PHP Parser. It's able to find a large number issues, but it can also be configured to only care about a small subset of those.

awesome-static-analysis - A curated list of static analysis tools, linters and code quality checkers for various programming languages

  •    

This is a collection of static analysis tools and code quality checkers. Pull requests are very welcome! Note: ©ï¸ stands for proprietary software. All other tools are Open Source. To the extent possible under law, Matthias Endler has waived all copyright and related or neighboring rights to this work. Title image Designed by Freepik.

phan - Phan is a static analyzer for PHP

  •    PHP

Phan is a static analyzer for PHP that prefers to minimize false-positives. Phan attempts to prove incorrectness rather than correctness.Phan looks for common issues and will verify type compatibility on various operations when type information is available or can be deduced. Phan does not have a strong understanding of flow control and does not attempt to track values.

SpotBugs - FindBugs' successor, A tool for static analysis to look for bugs in Java code.

  •    Java

SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community. SpotBugs is a program which uses static analysis to look for bugs in Java code.

rubocop - A Ruby static code analyzer and formatter, based on the community Ruby style guide.

  •    Ruby

RuboCop is a Ruby static code analyzer and code formatter. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide. RuboCop is extremely flexible and most aspects of its behavior can be tweaked via various configuration options.

tailor - Cross-platform static analyzer and linter for Swift.

  •    Java

Tailor is a cross-platform static analysis and lint tool for source code written in Apple's Swift programming language. It analyzes your code to ensure consistent styling and help avoid bugs. Tailor supports Swift 3.0.1 out of the box and helps enforce style guidelines outlined in the The Swift Programming Language, GitHub, Ray Wenderlich, and Coursera style guides. It supports cross-platform usage and can be run on Mac OS X via your shell or integrated with Xcode, as well as on Linux and Windows.

credo - A static code analysis tool for the Elixir language with a focus on code consistency and teaching

  •    Elixir

Credo is a static code analysis tool for the Elixir language with a focus on teaching and code consistency. It implements its own style guide.

jsprime - a javascript static security analysis tool

  •    Javascript

Today, more and more developers are switching to JavaScript as their first choice of language. The reason is simple JavaScript has now been started to be accepted as the mainstream programming for applications, be it on the web or on the mobile; be it on client-side, be it on the server side. JavaScript flexibility and its loose typing is friendly to developers to create rich applications at an unbelievable speed. Major advancements in the performance of JavaScript interpreters, in recent days, have almost eliminated the question of scalability and throughput from many organizations. So the point is JavaScript is now a really important and powerful language we have today and it's usage growing everyday. From client-side code in web applications it grew to server-side through Node.JS and it's now supported as proper language to write applications on major mobile operating system platforms like Windows 8 apps and the upcoming Firefox OS apps. But the problem is, many developers practice insecure coding which leads to many client side attacks, out of which DOM XSS is the most infamous. We tried to understand the root cause of this problem and figured out is that there are not enough practically usable tools that can solve real-world problems. Hence as our first attempt towards solving this problem, we want to talk about JSPrime: A JavaScript static analysis tool for the rest of us. It's a very light-weight and very easy to use point-and-click tool! The static analysis tool is based on the very popular Esprima ECMAScript parser by Aria Hidayat.





We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.