Static Analysis &amp; Code Quality

#clojurescript#linter#editor-integration

clj-kondo

A static analyzer and linter for Clojure, ClojureScript, and EDN that detects errors and enforces style without executing code.

Stars1,828

Forks301

Last commit6 days ago

credo

A static code analysis tool for Elixir focusing on code consistency, refactoring opportunities, and teaching best practices.

#elixir#developer-tools#linter

Stars5,167

Forks440

Last commit5 days ago

dialyxir

Mix tasks to simplify using Dialyzer for static type analysis in Elixir projects.

#elixir#plt-management#code-quality

Stars1,788

Forks160

Last commit5 months ago

sobelow

Security-focused static analysis tool for Elixir and Phoenix applications, detecting common vulnerabilities.

#elixir#phoenix-framework#vulnerability-detection

Stars1,778

Forks119

#developer-tools#error#linter

errcheck

A static analysis tool that finds unchecked errors in Go code.

Stars2,480

Forks141

#hacktoberfest#idiomatic-go#conventions

go-critic

A highly extensible Go source code linter providing opinionated checks for bugs, performance, and style issues.

Stars2,042

Forks131

#cyclomatic-complexity#developer-tools#software-metrics

gocyclo

A Go tool that calculates cyclomatic complexity of functions to identify code needing refactoring.

Stars1,560

Forks94

#developer-tools#style#gofmt

gofumpt

A stricter Go code formatter that enforces additional formatting rules beyond gofmt while maintaining compatibility.

Stars3,917

Forks126

#false-positive-reduction#source-to-sink-tracing#static-code-analysis

gokart

A static analysis tool for Go that finds vulnerabilities using SSA form and source-to-sink tracing to reduce false positives.

Stars2,165

Forks108

#developer-tools#linter#code-style

golint

A deprecated linter for Go source code that checks for style violations according to Go conventions.

Stars3,968

Forks477

Last commit5 years ago

goreporter

A Go tool that runs multiple linters concurrently to perform static analysis, unit testing, and generate comprehensive code quality reports.

#unit-test#developer-tools#unit-testing

Stars3,127

Forks263

Last commit7 years ago

Reviewdog

Automated code review tool that integrates with any linter and posts results as comments on pull requests.

#developer-tools#lint#linter

Stars9,236

Forks483

#haskell#developer-tools#code-linter

HLint

A tool for suggesting possible improvements to Haskell code, such as using alternative functions, simplifying code, and spotting redundancies.

Stars1,590

Forks209

#ide-plugin#developer-tools#code-formatter

google-java-format

A tool that automatically reformats Java source code to comply with Google Java Style guidelines.

Stars6,116

Forks918

#nullability-analysis#null-safety#annotation-processor

NullAway

A fast, annotation-based null checker for Java that eliminates NullPointerExceptions with low build-time overhead.

A JavaScript code quality and coverage tool that enforces strict coding standards and generates test coverage reports.

#developer-tools#jslint#zero-dependency

Stars3,664

Forks473

#eslint-wrapper#developer-tools#automated-fixes

An opinionated, zero-config ESLint wrapper for JavaScript and TypeScript with great defaults and automatic fixes.

Stars7,970

Forks304

Last commit22 days ago

deptrac

A static code analysis tool for PHP that enforces architectural layers and dependencies between classes.

#dev-tools#architecture-enforcement#ci-cd

Stars2,924

Forks152

#hacktoberfest#pre-commit#composer-plugin

GrumPHP

A PHP git hook manager that runs automated code quality checks on commits to enforce team standards.

Stars4,286

Forks446

Last commit8 days ago

Larastan

A PHPStan extension for Laravel that adds static code analysis to catch bugs and improve code quality.

#developer-tools#laravel#code-quality

Stars6,371

Forks493

#developer-tools#analyzer#linter

phan

A static analyzer for PHP that minimizes false positives by attempting to prove incorrectness rather than correctness.

Stars5,614

Forks368

#code-manipulation#php#development-tools

PHP Insights

Instant PHP quality checks from your console, analyzing code quality, architecture, and coding style.

#quality#magento#style

Stars5,591

Forks295

Last commit6 days ago

PHP Parser

A PHP parser written in PHP for static code analysis and manipulation via an abstract syntax tree (AST).

Stars17,426

Forks1,120

#maintainability#cli-tool#code-quality

phploc

A command-line tool for quickly measuring the size and complexity of PHP projects.

Stars2,346

Forks162

#developer-tools#vscode-extension#command-line-tool

pyright

A high-performance, standards-based static type checker for Python with command-line and VS Code support.

A Python linter focused on modernizing and improving code elegance, readability, and simplicity.

#ast-analysis#readability#developer-tools

Stars2,527

Forks58

Last commit20 days ago

vulture

A fast static analysis tool that finds unused (dead) code in Python programs to improve code quality.

#code-cleanup#developer-tools#pre-commit

Stars4,543

Forks184

#schema-linter#database#rails

Active Record Doctor

A Ruby gem that detects database issues in Rails applications before they reach production.

Stars1,913

Forks67

#mongoid#rails-performance#query-profiling

Bullet

A Ruby gem that detects N+1 queries, unused eager loading, and missing counter caches to improve application performance.

Stars7,312

Forks454

#dependency-checker#patch-management#bundler-audit

bundle-audit

A security audit tool for Ruby projects that checks Gemfile.lock for vulnerable gem versions and insecure sources.

Stars2,747

Forks245

Last commit4 months ago

Fasterer

A Ruby command-line tool that suggests performance improvements by analyzing code patterns against faster alternatives.

#ruby-gem#cli-tool#code-quality

Stars1,823

Forks76

#parsing#quality#code-smells

reek

A static analysis tool that detects code smells in Ruby classes, modules, and methods to improve code quality.

Stars4,125

Forks282

Last commit14 days ago

rubycritic

A Ruby gem that wraps static analysis tools to generate comprehensive code quality reports with visual insights.

#software-maintenance#code-metrics#continuous-integration

Stars3,485

Forks232

#developer-tools#automated-fixes#linter

Standard Ruby

A Ruby linter and formatter with an unconfigurable, opinionated ruleset built on RuboCop.

Stars2,892

Forks231

Last commit3 days ago

cargo udeps

A Cargo subcommand to find unused dependencies in Rust projects' Cargo.toml files.

#cargo-subcommand#rust-ecosystem#build-optimization

Stars2,090

Forks51

#derive-macros#cargo-subcommand#procedural-macros

cargo-expand

A Cargo subcommand to show the result of Rust macro expansion and #[derive] expansion for debugging.

Stars3,071

Forks76

#developer-tools#dependency-analysis#security-auditing

cargo-geiger

A cargo plugin that detects and reports usage of unsafe Rust code in crates and their dependencies.

Stars1,573

Forks75

#safety-critical#verification#ci-cd

kani

A bit-precise model checker for verifying safety and correctness properties in Rust code.

A tool for formatting Rust code according to the official Rust style guidelines.

#developer-tools#codeformatter#code-formatter

Stars6,803

Forks1,003

#svg-generation#memory-management#learning-aid

RustViz

Generates interactive visualizations of ownership and borrowing in Rust programs to aid learning.

Stars2,825

Forks80

shellharden

A syntax highlighter and tool to semi-automatically rewrite shell scripts for ShellCheck conformance, focusing on proper quoting.

#shellcheck#devops#lint

Stars4,778

Forks134

#developer-tools#code-formatter#swift-package-manager

SwiftFormat

A command-line tool and Xcode extension for formatting Swift code with extensive rule customization.

Stars8,781

Forks685

#developer-tools#angular-cli#typescript

Angular ESLint

A monorepo providing tooling to lint Angular projects with ESLint, including TypeScript and HTML template rules.

An extensible static analysis tool that checks TypeScript code for readability, maintainability, and functionality errors.

#linting-rules#developer-tools#automated-fixes

Stars5,907

Forks878

Last commit5 years ago

TypeScript ESLint

Monorepo for tooling that enables ESLint to support TypeScript, providing powerful static analysis for JavaScript and TypeScript.

#developer-tools#open-source#plugin

Stars16,216

Forks2,904

Last commit1 day ago

Multiple languages

16 projects

ale

Asynchronous linting and fixing for Vim/Neovim with Language Server Protocol (LSP) support.

#vimscript#code-fixing#linter

Stars13,991

Forks1,486

Last commit9 days ago

ApplicationInspector

A source code analyzer that identifies features and characteristics in software components using static analysis and a JSON rules engine.

#multi-language#dotnet-tool#rules-engine

Stars4,388

Forks367

#privacy-compliance#code-security#data-flow-analysis

Bearer

Static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.

Stars2,628

Forks143

#metaprogramming#classpath-scanner#annotation-processing

ClassGraph

An ultra-fast parallelized classpath and module scanner for JVM languages that indexes class metadata without loading classes.

Stars2,976

Forks302

Last commit6 months ago

codeql

Standard libraries and queries for CodeQL, powering GitHub Advanced Security and static application security testing.

#codeql#vulnerability-detection#security

A command-line tool for automatically formatting .NET code to follow style guidelines and conventions.

#developer-tools#command-line-tool#visual-studio

Stars1,945

Forks172

#developer-tools#pluggable#linter

ESLint

A pluggable linting utility for identifying and reporting patterns in JavaScript and ECMAScript code.

Stars27,207

Forks4,971

#compiler-infrastructure#minifier#compiler

oxc

A collection of high-performance JavaScript and TypeScript tools written in Rust, powering modern development toolchains.

A set of tools and APIs for static analysis, code visualization, navigation, and style-preserving source transformations across multiple languages.

#code-querying#multi-language#source-transformation

Stars2,438

Forks203

Last commit7 years ago

Pronto

A Ruby gem for automated code review that runs analysis quickly by checking only relevant changes in pull requests.

#developer-tools#gitlab-ci#ruby-gem

Stars2,665

Forks249

#hacktoberfest#csharp#maintainability

Roslyn Analyzers

Roslyn-based analyzers for .NET code quality, security, and maintainability, replacing legacy FxCop.

Open source CNAPP that hunts for threats in cloud native platforms, ranks them by risk, and visualizes attack paths.

#container-security#vulnerability-management#compliance-scanning

Stars5,255

Forks640

#sbom#container-security#vulnerability

trivy

A comprehensive security scanner that finds vulnerabilities, misconfigurations, secrets, and SBOMs in containers, Kubernetes, code, and clouds.

Stars34,670

Forks307

#clang#gcc#static-code-analysis

TscanCode

A fast, accurate static code analyzer for C/C++, C#, and Lua that detects defects early in development.

Stars2,116

Forks602

#python-tool#grammar-based#tokenization

Undebt

A fast, straightforward, reliable tool for performing massive, automated code refactoring using custom Python patterns.

Stars1,627

Forks57

Last commit5 years ago

weggli

A fast semantic search tool for C/C++ codebases that uses AST pattern matching to help security researchers find interesting functionality.

#vulnerability-discovery#c#pattern-matching

Stars2,486

Forks143

#hacktoberfest#disassembly#vulnerability-discovery

Other

30 projects

angr

A platform-agnostic binary analysis framework for disassembly, symbolic execution, and program analysis.

Bloaty is a size profiler for binaries that analyzes what's taking up space inside executable files.

#pe-coff#webassembly#size-profiler

Stars5,426

Forks374

#developer-tools#css-linting#style-enforcement

CSScomb

A coding style formatter for CSS that sorts properties and enforces consistent formatting.

Stars3,328

Forks449

Last commit3 years ago

Gixy - Nginx configuration static analyzer

A static analysis tool for detecting security misconfigurations and flaws in Nginx configuration files.

#devops#web-server#vulnerability-detection

Stars8,554

Forks448

#aws-cloudformation#devops#cfn-lint

cfn-python-lint

A linter that validates AWS CloudFormation templates against AWS resource schemas and best practices.

Static vulnerability analysis for container images (OCI/Docker) via an API that indexes and matches against known security flaws.

#container-security#vulnerabilities#oci

Stars10,970

Forks1,201

Last commit1 day ago

Haskell Dockerfile Linter

A smarter Dockerfile linter that helps you build best practice Docker images by parsing the Dockerfile AST and linting inline bash.

#haskell#container-security#shellcheck

Stars12,073

Forks491

Last commit7 days ago

Reviewdog

Automated code review tool that integrates with any linter and posts results as comments on pull requests.

#developer-tools#lint#linter

Stars9,236

Forks483

#developer-tools#angular-cli#typescript

deno_lint

A blazing fast Rust crate for linting JavaScript and TypeScript code, powering Deno's linter and usable with Node.js.

#linter#deno#nodejs

Stars1,582

Forks183

Last commit22 days ago

Angular ESLint

A monorepo providing tooling to lint Angular projects with ESLint, including TypeScript and HTML template rules.

An HTML linter that checks for common mistakes and ensures correct Bootstrap markup structure.

#html-linter#build-tools#linter

Stars2,385

Forks310

Last commit4 years ago

chart-testing

A CLI tool for linting and testing Helm charts, designed for CI/CD pipelines and pull request validation.

#helm#devops#kubernetes

Stars1,627

Forks246

Last commit3 days ago

kube-linter

A static analysis tool that checks Kubernetes YAML files and Helm charts for security and production readiness best practices.

#hacktoberfest#helm#devops

A PHPStan extension for Laravel that adds static code analysis to catch bugs and improve code quality.

#developer-tools#laravel#code-quality

Stars6,371

Forks493

#developer-tools#automated-fixes#lint

markdownlint

A Node.js style checker and lint tool for Markdown/CommonMark files to enforce consistency and standards.

Stars6,020

Forks899

#markdownlint#ruby-gem#cli-tool

mdl

A Ruby-based tool to check Markdown files and flag style issues with configurable rules.

Stars2,033

Forks240

Last commit5 days ago

goreporter

A Go tool that runs multiple linters concurrently to perform static analysis, unit testing, and generate comprehensive code quality reports.

#unit-test#developer-tools#unit-testing

Stars3,127

Forks263

Last commit7 years ago

Active Record Doctor

A Ruby gem that detects database issues in Rails applications before they reach production.

#schema-linter#database#rails

Stars1,913

Forks67

#mongoid#rails-performance#query-profiling

Bullet

A Ruby gem that detects N+1 queries, unused eager loading, and missing counter caches to improve application performance.

Stars7,312

Forks454

#enterprise-security#secret-detection#pre-commit-hook

detect-secrets

An enterprise-friendly Python tool for detecting and preventing secrets from entering codebases with a baseline approach.

Stars4,485

Forks545

Last commit21 days ago

Gitleaks

A tool for detecting secrets like passwords, API keys, and tokens in git repositories, directories, and stdin.

#token-detection#hacktoberfest#api-key-scanner

Stars26,224

Forks1,997

#false-positive-reduction#source-to-sink-tracing#static-code-analysis

gokart

A static analysis tool for Go that finds vulnerabilities using SSA form and source-to-sink tracing to reduce false positives.

Stars2,165

Forks108

#container-security#vulnerability#sbom-analysis

Grype

A vulnerability scanner for container images, filesystems, and SBOMs to detect known security issues.

A bit-precise model checker for verifying safety and correctness properties in Rust code.

#safety-critical#verification#ci-cd

Automated security health metrics for open source projects, assessing security best practices and risks.

#supply-chain-security#security-scanning#openssf-scorecard

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

#google-cloud-platform#multi-cloud#azure

Stars6,987

Forks556

#high-severity-detection#infrastructure-security#plugin-system

Tsunami Security Scanner

A general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities.

Stars8,566

Forks920

Last commit8 days ago

mythril

A symbolic-execution-based security analysis tool for detecting vulnerabilities in Ethereum and EVM-compatible smart contracts.

#solidity#security-analysis#smart-contracts

Stars4,231

Forks810

Last commit25 days ago

slither

A static analysis framework for Solidity and Vyper smart contracts that detects vulnerabilities, enhances code comprehension, and enables custom analyses.

#solidity#smart-contracts#vyper

A command-line linter for English prose that checks writing style, grammar, and usage against advice from expert writers.

#prose#style#advice

Stars4,524

Forks180

#developer-tools#linter#bug-detection

More Collections

2 projects

go-tools

A state-of-the-art static analysis linter for Go that finds bugs, performance issues, and enforces style rules.

Stars6,760

Forks410

Last commit3 days ago

php-static-analysis-tools

A curated directory of static analysis tools for PHP, covering bug detection, coding standards, metrics, and automated fixes.

#phplint#developer-tools#security-analysis

Stars2,874

Forks245

Last commit29 days ago

Related Awesome Lists

Open Source Society University

The "Awesome Open Source Society University" project is a curated collection of resources aimed at individuals pursuing self-directed learning through open-source educational materials. This list encompasses a variety of categories including online courses, textbooks, lecture notes, and community-driven projects that promote open education. It is particularly beneficial for self-learners, educators, and anyone interested in alternative education models, providing them with the tools and knowledge to explore diverse subjects at their own pace. Users can discover innovative learning paths and connect with a community that values open knowledge sharing.

203.0k

Machine Learning

The "Awesome Machine Learning" project is a comprehensive collection of resources focused on the field of machine learning, which involves algorithms and statistical models that enable computers to perform tasks without explicit instructions. This list encompasses a wide range of categories, including libraries, frameworks, datasets, tutorials, research papers, and community resources. It is designed to benefit everyone from beginners looking to understand the basics to experienced practitioners seeking advanced techniques and tools. By exploring this collection, users can enhance their knowledge and skills in machine learning, paving the way for innovative applications and solutions in various domains.

72.2k

University Courses

The "Awesome University Courses" project is a curated resource list that compiles university-level courses from various disciplines available online. This list covers a wide range of subjects including computer science, mathematics, humanities, and social sciences, featuring courses from renowned institutions and platforms. It benefits students, educators, and lifelong learners by providing access to high-quality educational content that can enhance knowledge and skills. Whether you're looking to deepen your understanding of a specific topic or explore new fields, this collection offers a wealth of opportunities for academic growth and personal development.

67.5k