The Top 102 Static Code Analysis Open Source Projects

Awesome Open Source

Awesome Open Source

Combined Topics

static-code-analysis x

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210

The Top 102 Static Code Analysis Open Source Projects

Categories > Software Quality > Static Code Analysis

Standard ⭐ 25,771

🌟 JavaScript Style Guide, with linter & automatic code fixer

Eslint ⭐ 18,870

Find and fix problems in your JavaScript code.

Infer ⭐ 12,448

A static analyzer for Java, C, C++, and Objective-C

Rubocop ⭐ 11,409

A Ruby static code analyzer and formatter, based on the community Ruby style guide.

Phpstan ⭐ 10,034

PHP Static Analysis Tool - discover bugs in your code without running it!

Static Analysis ⭐ 8,809

A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.

Checkstyle ⭐ 6,122

Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

Semgrep ⭐ 4,988

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Gosec ⭐ 4,511

Golang security checker

An extensible multilanguage static code analyzer.

Reviewdog ⭐ 3,488

🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

Pylint ⭐ 3,452

It's not just a linter that annoys you!

Bandit ⭐ 3,365

Bandit is a tool designed to find common security issues in Python code.

Pytype ⭐ 3,362

A static type analyzer for Python code

Nullaway ⭐ 2,983

A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

Larastan ⭐ 2,895

⚗️ Adds static analysis to Laravel improving developer productivity and code quality.

Revive ⭐ 2,863

🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

Codelyzer ⭐ 2,420

Static analysis for Angular projects.

Spotbugs ⭐ 2,400

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

Codeclimate ⭐ 2,224

Code Climate CLI

Eslint Config Standard ⭐ 2,150

ESLint Config for JavaScript Standard Style

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

I18n Tasks ⭐ 1,706

Manage translation and localization with static analysis, for Ruby i18n

Flake8 ⭐ 1,388

flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.

Rubberduck ⭐ 1,382

Every programmer needs a rubberduck. COM add-in for the VBA & VB6 IDE (VBE).

Kube Score ⭐ 1,288

Kubernetes object analysis with recommendations for improved reliability and security

Phpinspectionsea ⭐ 1,248

A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

Tscancode ⭐ 1,212

A static code analyzer for C++, C#, Lua

Sonar Java ⭐ 801

☕️ SonarSource Static Analyzer for Java Code Quality and Security

Eslint Plugin Node ⭐ 773

Additional ESLint's rules for Node.js

Stacoan ⭐ 730

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Sonarjs ⭐ 728

SonarSource Static Analyzer for JavaScript and TypeScript

Scalastyle ⭐ 677

Jackhammer ⭐ 646

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Phpdoc Parser ⭐ 614

Next-gen phpDoc parser with support for intersection types and generics

Security Code Scan ⭐ 598

Vulnerability Patterns Detector for C# and VB.NET

Phpcs Security Audit ⭐ 568

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

Pep8speaks ⭐ 555

A GitHub app to automatically review Python code style over Pull Requests

Sonar Dotnet ⭐ 490

Code analyzer for C# and VB.NET projects https://redirect.sonarsource.com/plugins/vbnet.html

Souffle ⭐ 480

Soufflé is a variant of Datalog for tool designers crafting analyses in Horn clauses. Soufflé synthesizes a native parallel C++ program from a logic specification.

Rubocop Rails ⭐ 478

A RuboCop extension focused on enforcing Rails best practices and coding conventions.

T.J. Watson Libraries for Analysis

Prealloc ⭐ 434

prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated.

Eslint Config Standard React ⭐ 417

ESLint Shareable Config for React/JSX support in JavaScript Standard Style

Php Parser ⭐ 416

🌿 NodeJS PHP Parser - extract AST or tokens (PHP5 and PHP7)

Phpstan Symfony ⭐ 400

Symfony extension for PHPStan

Droidefense: Advance Android Malware Analysis Framework

Rubocop Performance ⭐ 377

An extension of RuboCop focused on code performance checks.

Phpstan Doctrine ⭐ 371

Doctrine extensions for PHPStan

Sharpen ⭐ 366

Visual Studio extension that intelligently introduces new C# features into your existing codebase

Phpstan Strict Rules ⭐ 321

Extra strict and opinionated rules for PHPStan

Awesome Standard ⭐ 306

Documenting the explosion of packages in the standard ecosystem!

Chronos ⭐ 300

Chronos - A static race detector for the go language

Sonar Php ⭐ 299

🐘 SonarPHP: PHP static analyzer for SonarQube & SonarLint

Phpstan Phpunit ⭐ 276

PHPUnit extensions and rules for PHPStan

[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.

Warnings Ng Plugin ⭐ 260

Jenkins Warnings Plugin - Next Generation

Eslint Plugin Markdown ⭐ 255

Lint JavaScript code blocks in Markdown documents

Vue Eslint Parser ⭐ 254

The ESLint custom parser for `.vue` files.

Progpilot ⭐ 240

A static analysis tool for security

Forbidden Apis ⭐ 230

Policeman's Forbidden API Checker

Prevent Kubernetes misconfigurations from reaching production (again 😤 )! Datree is a CLI tool to ensure K8s manifests and Helm charts follow best practices as well as your organization’s policies. See our docs: https://hub.datree.io

Sputnik ⭐ 190

Static code review for your Gerrit patchsets. Runs Checkstyle, PMD, FindBugs, Scalastyle, CodeNarc, JSLint for you!

Tryceratops ⭐ 186

A linter to manage all your python exceptions and try/except blocks (limited only for those who like dinosaurs).

Tombstone ⭐ 178

Dead code detection with tombstones for PHP 🪦🧟

Phpstan Deprecation Rules ⭐ 176

PHPStan rules for detecting usage of deprecated classes, methods, properties, constants and traits.

Coveragechecker ⭐ 162

Allows old code to use new standards

Static code analysis for CFML (a linter)

Type Analyzer for JavaScript

Walkmod Core ⭐ 154

walkmod: an open source tool to fix coding style issues

Wpbullet ⭐ 153

A static code analysis for WordPress (and PHP)

Sonar Pmd ⭐ 152

☕️ PMD Plugin for SonarQube

Perl Critic ⭐ 151

The leading static analyzer for Perl. Configurable, extensible, powerful.

Static program analysis for TIP

Elm Review ⭐ 149

Analyzes Elm projects, to help find mistakes before your users find them.

[DEPRECATED] Find Python web-app bugs delightfully fast, without changing your workflow. 🍱

Owasp Orizon ⭐ 134

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

Abaplint ⭐ 134

Standalone linter for ABAP

Fb Contrib ⭐ 128

a FindBugs/SpotBugs plugin for doing static code analysis for java code bases

Feram finds & fixes bugs in your commits

Grepbugs ⭐ 120

A regex based source code scanner.

Nsdepcop ⭐ 120

NsDepCop is a static code analysis tool that helps to enforce namespace dependency rules in C# projects. No more unplanned or unnoticed dependencies in your system.

Npgsql.fsharp.analyzer ⭐ 117

F# analyzer that provides embedded SQL syntax analysis, type-checking for parameters and result sets and nullable column detection when writing queries using Npgsql.FSharp.

A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.

Unimport ⭐ 107

A linter, formatter for finding and removing unused import statements.

Functional, composable, asynchronous, type-safe Python.

Violations Lib ⭐ 98

Java library for parsing report files from static code analysis.

Phpstan Webmozart Assert ⭐ 96

PHPStan extension for webmozart/assert

Static call graph generator. The official Python 3 version. Development repo.

Codecharta ⭐ 89

CodeCharta visualizes multiple code metrics using 3D tree maps.

Sourcecodesniffer ⭐ 87

The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.

Maven Examples ⭐ 86

List of Maven examples

🐞 Primitive Erlang Security Tool

Eslint Config Standard Jsx ⭐ 79

ESLint Shareable Config for JSX support in JavaScript Standard Style

Codeclimate Eslint ⭐ 73

Code Climate Engine for ESLint

Hydiomatic ⭐ 67

The Hy Transformer

Whispers ⭐ 66

Identify hardcoded secrets and dangerous behaviours

Devreplay ⭐ 39

A linter that replay your developing style

Rubocop Packaging ⭐ 28

A RuboCop extension focused on enforcing upstream best practices and coding conventions.

1-100 of 102 projects

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210