clair - Vulnerability Static Analysis for Containers

•    Go

Note: The master branch may be in an unstable or even broken state during development. Please use releases instead of the master branch in order to get stable binaries.Clair is an open source project for the static analysis of vulnerabilities in application containers (currently including appc and docker).

phan - Phan is a static analyzer for PHP

•    PHP

Phan is a static analyzer for PHP that prefers to minimize false-positives. Phan attempts to prove incorrectness rather than correctness.Phan looks for common issues and will verify type compatibility on various operations when type information is available or can be deduced. Phan does not have a strong understanding of flow control and does not attempt to track values.

tslint - :vertical_traffic_light: An extensible linter for the TypeScript language

•    TypeScript

An extensible static analysis linter for the TypeScript language

FindBugs - Static Analysis Tool for Java

•    Java

FindBugs uses static analysis to look for bugs in Java code. it can analyze programs compiled for any version of Java. Eclipse and Maven plugins are available. FindBugs has been downloaded more than 700,000 times.

go-tools - A collection of tools and libraries for working with Go code, including linters and static analysis

•    Go

honnef.co/go/tools/... is a collection of tools and libraries for working with Go code, including linters and static analysis.These tools are supported by patrons on Patreon and sponsors. If you use these tools at your company, consider purchasing commercial support.

panopticon - A libre cross-platform disassembler.

•    Rust

If you simply want to use Panopticon follow the install instructions on the website.Panopticon builds with Rust stable. The only dependencies aside from a working Rust stable toolchain and Cargo you need is Qt 5.5 or higher.

goreporter - A Golang tool that does static analysis, unit testing, code review and generate code quality report

•    Go

Install goreporter (see above).You have to confirm that your project is operational. In particular, the problem with vendor, when the package is not found in the default path, goreporter will look again from the possible vendor path.

csslint - Automated linting of Cascading Stylesheets

•    Javascript

CSSLint is an open source CSS code quality tool originally written by Nicholas C. Zakas and Nicole Sullivan. It was released in June 2011 at the Velocity conference.A lint tool performs static analysis of source code and flags patterns that might be errors or otherwise cause problems for the developer.

PHPStan - PHP Static Analysis Tool - discover bugs in your code without running it!

•    PHP

PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code.PHPStan moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line.

PHP_CodeSniffer - PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards

•    PHP

PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent. PHP_CodeSniffer requires PHP version 5.4.0 or greater, although individual sniffs may have additional requirements such as external applications and scripts. See the Configuration Options manual page for a list of these requirements.

jedi - Awesome autocompletion and static analysis library for python.

•    Python

If you have specific questions, please add an issue or ask on Stack Overflow with the label python-jedi. Jedi is a static analysis tool for Python that can be used in IDEs/editors. Its historic focus is autocompletion, but does static analysis for now as well. Jedi is fast and is very well tested. It understands Python on a deeper level than all other static analysis frameworks for Python.

i18n-tasks - Manage translation and localization with static analysis, for Ruby i18n

•    Ruby

i18n-tasks helps you find and manage missing and unused translations. i18n-tasks can be used with any project using the ruby i18n gem (default in Rails).

brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications

•    Ruby

Brakeman is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities. Check out Brakeman Pro if you are looking for a commercially-supported version with a GUI and advanced features.

cppcheck - static analysis of C/C++ code

•    C++

If you find Cppcheck useful for you, feel free to make a donation. The original name of this program was "C++check", but it was later changed to "Cppcheck".

PHP-Parser - A PHP parser written in PHP

•    PHP

This is a PHP 5.2 to PHP 7.2 parser written in PHP. Its purpose is to simplify static code analysis and manipulation. Documentation for version 4.x (stable; for running on PHP >= 7.0; for parsing PHP 5.2 to PHP 7.2).

credo - A static code analysis tool for the Elixir language with a focus on code consistency and teaching

•    Elixir

Credo is a static code analysis tool for the Elixir language with a focus on teaching and code consistency. It implements its own style guide.

psalm - A static analysis tool for finding errors in PHP applications

•    PHP

Psalm is a static analysis tool for finding errors in PHP applications, built on top of PHP Parser. It's able to find a large number issues, but it can also be configured to only care about a small subset of those.

awesome-static-analysis - A curated list of static analysis tools, linters and code quality checkers for various programming languages

This is a collection of static analysis tools and code quality checkers. Pull requests are very welcome! Note: ©️ stands for proprietary software. All other tools are Open Source. To the extent possible under law, Matthias Endler has waived all copyright and related or neighboring rights to this work. Title image Designed by Freepik.

go-callvis - Visualize call graph of your Go program using dot format.

•    Go

go-callvis is a development tool to help visualize call graph of your Go program using Graphviz's dot format. Purpose of this tool is to provide a visual overview of your program by using the data from call graph and its relations with packages and types. This is especially useful in larger projects where the complexity of the code rises or when you are just simply trying to understand code structure of somebody else.

phpinspectionsea - A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

•    Java

This project is an OSS Static Code Analysis tool for PhpStorm (2016.2+) and Idea Ultimate. Some of inspections are expecting conditional statements (e.g. "if") to use group statement for wrapping body expressions. If this requirement is met then additional inspections are applied to the source code.