Displaying 1 to 20 from 122 results

clair - Vulnerability Static Analysis for Containers


Note: The master branch may be in an unstable or even broken state during development. Please use releases instead of the master branch in order to get stable binaries.Clair is an open source project for the static analysis of vulnerabilities in application containers (currently including appc and docker).

phan - Phan is a static analyzer for PHP


Phan is a static analyzer for PHP that prefers to minimize false-positives. Phan attempts to prove incorrectness rather than correctness.Phan looks for common issues and will verify type compatibility on various operations when type information is available or can be deduced. Phan does not have a strong understanding of flow control and does not attempt to track values.

FindBugs - Static Analysis Tool for Java


FindBugs uses static analysis to look for bugs in Java code. it can analyze programs compiled for any version of Java. Eclipse and Maven plugins are available. FindBugs has been downloaded more than 700,000 times.




go-tools - A collection of tools and libraries for working with Go code, including linters and static analysis


honnef.co/go/tools/... is a collection of tools and libraries for working with Go code, including linters and static analysis.These tools are supported by patrons on Patreon and sponsors. If you use these tools at your company, consider purchasing commercial support.

panopticon - A libre cross-platform disassembler.


If you simply want to use Panopticon follow the install instructions on the website.Panopticon builds with Rust stable. The only dependencies aside from a working Rust stable toolchain and Cargo you need is Qt 5.5 or higher.

PMD - An extensible cross-language static code analyzer


PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, PLSQL, Apache Velocity, XML, XSL.

goreporter - A Golang tool that does static analysis, unit testing, code review and generate code quality report


Install goreporter (see above).You have to confirm that your project is operational. In particular, the problem with vendor, when the package is not found in the default path, goreporter will look again from the possible vendor path.


csslint - Automated linting of Cascading Stylesheets


CSSLint is an open source CSS code quality tool originally written by Nicholas C. Zakas and Nicole Sullivan. It was released in June 2011 at the Velocity conference.A lint tool performs static analysis of source code and flags patterns that might be errors or otherwise cause problems for the developer.

PHPStan - PHP Static Analysis Tool - discover bugs in your code without running it!


PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code.PHPStan moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line.

PHP_CodeSniffer - PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards


PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent. PHP_CodeSniffer requires PHP version 5.4.0 or greater, although individual sniffs may have additional requirements such as external applications and scripts. See the Configuration Options manual page for a list of these requirements.

jedi - Awesome autocompletion and static analysis library for python.


If you have specific questions, please add an issue or ask on Stack Overflow with the label python-jedi. Jedi is a static analysis tool for Python that can be used in IDEs/editors. Its historic focus is autocompletion, but does static analysis for now as well. Jedi is fast and is very well tested. It understands Python on a deeper level than all other static analysis frameworks for Python.

i18n-tasks - Manage translation and localization with static analysis, for Ruby i18n


i18n-tasks helps you find and manage missing and unused translations. i18n-tasks can be used with any project using the ruby i18n gem (default in Rails).

brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications


Brakeman is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities. Check out Brakeman Pro if you are looking for a commercially-supported version with a GUI and advanced features.

cppcheck - static analysis of C/C++ code


If you find Cppcheck useful for you, feel free to make a donation. The original name of this program was "C++check", but it was later changed to "Cppcheck".

PHP-Parser - A PHP parser written in PHP


This is a PHP 5.2 to PHP 7.2 parser written in PHP. Its purpose is to simplify static code analysis and manipulation. Documentation for version 4.x (stable; for running on PHP >= 7.0; for parsing PHP 5.2 to PHP 7.2).

credo - A static code analysis tool for the Elixir language with a focus on code consistency and teaching


Credo is a static code analysis tool for the Elixir language with a focus on teaching and code consistency. It implements its own style guide.

psalm - A static analysis tool for finding errors in PHP applications


Psalm is a static analysis tool for finding errors in PHP applications, built on top of PHP Parser. It's able to find a large number issues, but it can also be configured to only care about a small subset of those.

awesome-static-analysis - A curated list of static analysis tools, linters and code quality checkers for various programming languages


This is a collection of static analysis tools and code quality checkers. Pull requests are very welcome! Note: ©️ stands for proprietary software. All other tools are Open Source. To the extent possible under law, Matthias Endler has waived all copyright and related or neighboring rights to this work. Title image Designed by Freepik.