The Top 96 Static Code Analysis Open Source Projects

Awesome Open Source

Awesome Open Source

Combined Topics

static-code-analysis x

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210

The Top 96 Static Code Analysis Open Source Projects

Categories > Software Quality > Static Code Analysis

Standard ⭐ 24,978

🌟 JavaScript Style Guide, with linter & automatic code fixer

Eslint ⭐ 17,763

Find and fix problems in your JavaScript code.

Infer ⭐ 11,983

A static analyzer for Java, C, C++, and Objective-C

Rubocop ⭐ 11,250

A Ruby static code analyzer and formatter, based on the community Ruby style guide.

Phpstan ⭐ 9,529

PHP Static Analysis Tool - discover bugs in your code without running it!

Static Analysis ⭐ 8,171

A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.

Checkstyle ⭐ 5,757

Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

Gosec ⭐ 3,901

Golang security checker

An extensible multilanguage static code analyzer.

Pylint ⭐ 3,173

It's not just a linter that annoys you!

Pytype ⭐ 3,075

A static type analyzer for Python code

Bandit ⭐ 2,933

Bandit is a tool designed to find common security issues in Python code.

Reviewdog ⭐ 2,919

🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

Nullaway ⭐ 2,881

A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

Semgrep ⭐ 2,704

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Revive ⭐ 2,494

🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

Larastan ⭐ 2,407

⚗️ Adds static analysis to Laravel improving developer productivity and code quality

Codelyzer ⭐ 2,396

Static analysis for Angular projects.

Spotbugs ⭐ 2,168

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

Codeclimate ⭐ 2,150

Code Climate CLI

Eslint Config Standard ⭐ 2,038

ESLint Config for JavaScript Standard Style

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

I18n Tasks ⭐ 1,667

Manage translation and localization with static analysis, for Ruby i18n

Rubberduck ⭐ 1,245

Every programmer needs a rubberduck. COM add-in for the VBA & VB6 IDE (VBE).

Phpinspectionsea ⭐ 1,187

A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

Tscancode ⭐ 1,091

A static code analyzer for C++, C#, Lua

Flake8 ⭐ 1,065

The official GitHub mirror of https://gitlab.com/pycqa/flake8

Kube Score ⭐ 1,064

Kubernetes object analysis with recommendations for improved reliability and security

Eslint Plugin Node ⭐ 727

Additional ESLint's rules for Node.js

Sonar Java ⭐ 720

☕️ SonarSource Static Analyzer for Java Code Quality and Security

Stacoan ⭐ 693

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Scalastyle ⭐ 678

Sonarjs ⭐ 671

SonarSource Static Analyzer for JavaScript and TypeScript

Jackhammer ⭐ 630

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Pep8speaks ⭐ 541

A GitHub app to automatically review Python code style over Pull Requests

Phpdoc Parser ⭐ 531

Next-gen phpDoc parser with support for intersection types and generics

Security Code Scan ⭐ 516

Vulnerability Patterns Detector for C# and VB.NET

Phpcs Security Audit ⭐ 512

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

Sonar Dotnet ⭐ 457

Code analyzer for C# and VB.NET projects https://redirect.sonarsource.com/plugins/vbnet.html

Rubocop Rails ⭐ 420

A RuboCop extension focused on enforcing Rails best practices and coding conventions.

Prealloc ⭐ 413

prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated.

Eslint Config Standard React ⭐ 411

ESLint Shareable Config for React/JSX support in JavaScript Standard Style

Souffle ⭐ 401

Soufflé is a variant of Datalog for tool designers crafting analyses in Horn clauses. Soufflé synthesizes a native parallel C++ program from a logic specification.

Droidefense: Advance Android Malware Analysis Framework

Php Parser ⭐ 384

🌿 NodeJS PHP Parser - extract AST or tokens (PHP5 and PHP7)

T.J. Watson Libraries for Analysis

Sharpen ⭐ 341

Visual Studio extension that intelligently introduces new C# features into your existing codebase

Phpstan Symfony ⭐ 341

Symfony extension for PHPStan

Rubocop Performance ⭐ 323

An extension of RuboCop focused on code performance checks.

Phpstan Doctrine ⭐ 315

Doctrine extensions for PHPStan

Awesome Standard ⭐ 294

Documenting the explosion of packages in the standard ecosystem!

Phpstan Strict Rules ⭐ 285

Extra strict and opinionated rules for PHPStan

Sonar Php ⭐ 284

🐘 SonarPHP: PHP static analyzer for SonarQube & SonarLint

Chronos ⭐ 272

Chronos - A static race detector for the go language

Warnings Ng Plugin ⭐ 238

Jenkins Warnings Plugin - Next Generation

[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.

Eslint Plugin Markdown ⭐ 235

Lint JavaScript code blocks in Markdown documents

Phpstan Phpunit ⭐ 235

PHPUnit extensions and rules for PHPStan

Vue Eslint Parser ⭐ 223

The ESLint custom parser for `.vue` files.

Progpilot ⭐ 220

A static analysis tool for security

Forbidden Apis ⭐ 215

Policeman's Forbidden API Checker

Sputnik ⭐ 188

Static code review for your Gerrit patchsets. Runs Checkstyle, PMD, FindBugs, Scalastyle, CodeNarc, JSLint for you!

Tombstone ⭐ 170

Dead code detection with tombstones for PHP 🪦🧟

Coveragechecker ⭐ 158

Allows old code to use new standards

Phpstan Deprecation Rules ⭐ 155

PHPStan rules for detecting usage of deprecated classes, methods, properties, constants and traits.

Static code analysis for CFML (a linter)

Walkmod Core ⭐ 151

walkmod: an open source tool to fix coding style issues

Perl Critic ⭐ 148

The leading static analyzer for Perl. Configurable, extensible, powerful.

Wpbullet ⭐ 147

A static code analysis for WordPress (and PHP)

[DEPRECATED] Find Python web-app bugs delightfully fast, without changing your workflow. 🍱

Type Analyzer for JavaScript

Sonar Pmd ⭐ 139

☕️ PMD Plugin for SonarQube

Static program analysis for TIP

Owasp Orizon ⭐ 129

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

Feram finds & fixes bugs in your commits

Fb Contrib ⭐ 121

a FindBugs/SpotBugs plugin for doing static code analysis for java code bases

Grepbugs ⭐ 116

A regex based source code scanner.

Nsdepcop ⭐ 108

NsDepCop is a static code analysis tool that helps to enforce namespace dependency rules in C# projects. No more unplanned or unnoticed dependencies in your system.

Abaplint ⭐ 103

Standalone linter for ABAP

A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.

Npgsql.fsharp.analyzer ⭐ 97

F# analyzer that provides embedded SQL syntax analysis, type-checking for parameters and result sets and nullable column detection when writing queries using Npgsql.FSharp.

Violations Lib ⭐ 92

Java library for parsing report files from static code analysis.

Unimport ⭐ 91

A linter, formatter for finding and removing unused import statements.

Sourcecodesniffer ⭐ 87

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

Codecharta ⭐ 85

CodeCharta visualizes multiple code metrics using 3D tree maps.

Eslint Config Standard Jsx ⭐ 79

ESLint Shareable Config for JSX support in JavaScript Standard Style

🐞 Primitive Erlang Security Tool

Maven Examples ⭐ 72

List of Maven examples

Functional, composable, asynchronous, type-safe Python.

Whispers ⭐ 66

Identify hardcoded secrets and dangerous behaviours

Hydiomatic ⭐ 65

The Hy Transformer

Devreplay ⭐ 36

A linter that replay your developing style

cfmt is a tool to wrap Go comments over a certain length to a new line.

Rubocop Packaging ⭐ 27

A RuboCop extension focused on enforcing upstream best practices and coding conventions.

Eslint Plugin ⭐ 19

ESLint configurations and additional rules for me

1-96 of 96 projects

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210