Static Analysis & Code Quality

A C# library for specifying and asserting architecture rules in automated tests, based on ArchUnit for Java.

A Roslyn analyzer for C# that enforces good practices in design, usage, security, performance, and style.

A comprehensive set of code analysis tools, refactorings, and client libraries for C# development, built on the Roslyn compiler platform.

A Roslyn-based static analyzer for C# and VB.NET that detects bugs, vulnerabilities, and code smells to improve code quality and security.

A Qt-oriented static code analyzer based on Clang that provides over 50 Qt-specific compiler warnings and automatic fix-its.

A command-line tool that analyzes C source code files and outputs dozens of code quality metrics related to size, complexity, style, and preprocessor usage.

A static analyzer for C/C++ that detects runtime errors using abstract interpretation theory.

A static analyzer and linter for Clojure, ClojureScript, and EDN that detects errors and enforces style without executing code.

An IDE package for RAD Studio providing on-the-fly static code analysis and linting for Delphi, powered by SonarDelphi.

A modern, performant Delphi language analyzer plugin for SonarQube with semantic analysis and custom rule support.

A comprehensive static analysis and linting tool for the D programming language.

A static code analysis tool for Elixir focusing on code consistency, refactoring opportunities, and teaching best practices.

Mix tasks to simplify using Dialyzer for static type analysis in Elixir projects.

Security-focused static analysis tool for Elixir and Phoenix applications, detecting common vulnerabilities.

A command-line Erlang style reviewer that enforces code consistency and readability across your codebase.

A static analysis tool for F# that enforces coding conventions, detects code smells, and checks formatting rules.

A static analysis tool for Go that checks whether HTTP response bodies are properly closed to enable TCP connection reuse.

A Go static analysis tool that detects assignments and declarations with excessive blank identifiers.

A Go tool for detecting code clones in Go source files using suffix trees on serialized ASTs.

A static analysis tool that finds unchecked errors in Go code.

A Go tool that analyzes and fixes fmt.Errorf() calls to use the new %w error-wrapping verb directive.

A highly extensible Go source code linter providing opinionated checks for bugs, performance, and style issues.

A Go static analysis tool that uses AST and Rego policies for customizable code inspection.

A Go static analysis tool that finds repeated string and number literals that could be replaced by constants.

A Go tool that calculates cyclomatic complexity of functions to identify code needing refactoring.

A stricter Go code formatter that enforces additional formatting rules beyond gofmt while maintaining compatibility.

A static analysis tool for Go that finds vulnerabilities using SSA form and source-to-sink tracing to reduce false positives.

A deprecated linter for Go source code that checks for style violations according to Go conventions.

A Go tool that runs multiple linters concurrently to perform static analysis, unit testing, and generate comprehensive code quality reports.

An interactive command-line tool for analyzing and debugging Go goroutine dumps with filtering, deduplication, and diff capabilities.

Detects ineffectual assignments in Go code where variables are assigned but never used.

A command-line tool that lints files for maximum line length, with special support for Go source files.

A fast command-line tool to find and correct common English misspellings in source code and text files.

A Go static analysis tool that identifies naked returns in functions exceeding a specified line length.

A Go static analysis tool that aggressively finds unused arguments in function declarations to encourage cleaner code.

A Go static analysis tool that identifies slice declarations that could be preallocated for better performance.

Automated code review tool that integrates with any linter and posts results as comments on pull requests.

A static analyzer for Go that recommends struct field rearrangements to maximize memory allocation efficiency.

Reports unused function parameters and results in Go code while minimizing false positives.

A Go linter that enforces consistent whitespace and empty line usage to improve code readability.

A tool for suggesting possible improvements to Haskell code, such as using alternative functions, simplifying code, and spotting redundancies.

A Haskell tool for whole-program dead-code analysis using GHC's HIE files to detect unused code across module boundaries.

A Java library for calculating class-level and method-level code metrics via static analysis, without requiring compiled code.

A pluggable type-checking framework for Java that detects and prevents bugs through custom type qualifiers.

A Java bytecode analyzer that detects and blocks forbidden API calls during builds with Ant, Maven, or Gradle.

A tool that automatically reformats Java source code to comply with Google Java Style guidelines.

A fast, annotation-based null checker for Java that eliminates NullPointerExceptions with low build-time overhead.

A Maven plugin that identifies and prioritizes God Classes, Highly Coupled classes, and Class Cycles in Java codebases for refactoring.

A Java library for parsing static code analysis reports from 79+ tools into a unified format.

A JavaScript complexity analysis library that calculates maintainability, cyclomatic complexity, and Halstead metrics from ASTs.

A JavaScript code quality and coverage tool that enforces strict coding standards and generates test coverage reports.

A monorepo containing tools for developing, building, and testing Polymer web components.

An opinionated, zero-config ESLint wrapper for JavaScript and TypeScript with great defaults and automatic fixes.

A static code analyzer for Julia that uses type inference to detect potential bugs and type instabilities without requiring type annotations.

A static code analysis library for Julia that powers language server features like error detection and reference resolution.

A static analyzer and linter for Lua code that detects undefined globals, unused variables, and other issues.

A luac-based static analyzer that detects undeclared global variable usage in Lua code to catch typing errors.

A static and symbolic analysis tool for finding memory safety bugs in browser code and other software.

A research prototype tool for modular formal verification of C, Rust, and Java programs using separation logic.

A PHP tool that identifies files needing refactoring by analyzing commit frequency and cyclomatic complexity.

A fast, zero-dependency PHP tool that detects unused, shadow, and misplaced Composer dependencies.

A static analysis tool that detects architectural flaws and dependency issues in PHP applications before they become maintenance nightmares.

A static analysis tool that scans PHP projects for usages of deprecated code, with special support for Symfony.

A static code analysis tool for PHP that enforces architectural layers and dependencies between classes.

A proof-of-concept tool that detects design patterns and anti-patterns in PHP source code.

A PHP git hook manager that runs automated code quality checks on commits to enforce team standards.

A PHPStan extension for Laravel that adds static code analysis to catch bugs and improve code quality.

A parallel PHP syntax checker with multiple output formats and Git blame integration.

A static security scanner for PHP code that identifies potential vulnerabilities without executing the code.

A static analyzer for PHP that minimizes false positives by attempting to prove incorrectness rather than correctness.

A PHPStan extension for verifying architectural rules in PHP code using natural language definitions.

A static analysis tool that detects weak boolean assumptions in PHP code and suggests converting them to assertions.

Instant PHP quality checks from your console, analyzing code quality, architecture, and coding style.

A PHP tool that compares two source code sets and suggests the appropriate semantic version (MAJOR, MINOR, PATCH) based on detected changes.

A PHP parser written in PHP for static code analysis and manipulation via an abstract syntax tree (AST).

A PHP library for spell checking that supports multiple backends like Aspell, Hunspell, and Ispell.

A PHP tool to enforce architectural constraints and prevent design violations in your codebase.

A command-line tool for quickly measuring the size and complexity of PHP projects.

A static analysis tool that detects magic numbers in PHP code to improve readability and maintainability.

A Docker image providing a comprehensive suite of static analysis and quality assurance tools for PHP projects.

A CLI tool that unifies multiple PHP quality assurance and static analysis tools under a single command interface.

A static application security testing (SAST) tool for PHP that detects vulnerabilities like XSS through taint analysis.

A static reflection library for PHP that analyzes code structure and DocBlocks without executing it.

A static analysis engine for PHP that detects type mismatches in function arguments, return values, and method calls.

A standalone linting tool for Twig template files to catch syntax errors and enforce coding standards.

Removes unused imports and unused variables from Python code using pyflakes.

A customizable Python linting engine that allows project-specific static analysis rules through AST expressions and regex patterns.

A static analysis tool that enforces secure coding practices and best practices for Python.

A Python tool that scans codebases for potentially dangerous patterns like hardcoded passwords or accidental diff checkins.

A tool that parses lint errors and reports them as comments on GitHub pull requests.

Audits Python environments, requirements files, and dependency trees for known security vulnerabilities and can automatically fix them.

A high-performance, standards-based static type checker for Python with command-line and VS Code support.

A Python linter focused on modernizing and improving code elegance, readability, and simplicity.

A fast static analysis tool that finds unused (dead) code in Python programs to improve code quality.

A command-line tool for tracking and reporting on code complexity and timing metrics across git revisions in Python projects.

A sophisticated static dataflow analysis framework for the R programming language, enabling code linting, program slicing, and dependency analysis.

Static code analysis tool for R that checks for style adherence, syntax errors, and potential semantic issues.

An implementation of the Language Server Protocol (LSP) for the R programming language.

A linter, debugger, and language server for Rego that identifies mistakes, enforces best practices, and enhances policy development.

A Ruby gem that detects database issues in Rails applications before they reach production.

A Ruby gem that detects N+1 queries, unused eager loading, and missing counter caches to improve application performance.

A security audit tool for Ruby projects that checks Gemfile.lock for vulnerable gem versions and insecure sources.

A Ruby gem that detects inconsistencies between ActiveRecord models and database schema to prevent data issues.

A static analysis security scanner for Ruby web applications, supporting Rails, Sinatra, and Padrino frameworks.

A Ruby tool to lint ERB and HTML files using built-in and custom linters for code quality and security.

A fast and precise formatter for ERB (Embedded Ruby) files with editor integration and configurable line length.

A Ruby command-line tool that suggests performance improvements by analyzing code patterns against faster alternatives.

A Ruby gem that normalizes and beautifies HTML, including embedded Ruby code, ideal for Rails templates.

A static analysis tool that detects code smells in Ruby classes, modules, and methods to improve code quality.

A Ruby static code analyzer that parses Ruby code and warns about object-oriented design issues based on configurable checks.

A Ruby code dependency graph interactive visualizer that generates self-contained HTML visualizations.

A Ruby gem that wraps static analysis tools to generate comprehensive code quality reports with visual insights.

An opinionated Ruby code formatter that enforces a consistent style with minimal configuration.

A RubyCritic extension that calculates a SkunkScore to identify the most complex code with the least test coverage for refactoring prioritization.

A Ruby linter and formatter with an unconfigurable, opinionated ruleset built on RuboCop.

A static type checker for Ruby that supports gradual typing through explicit type annotations and signatures.

A Cargo subcommand to find unused dependencies in Rust projects' Cargo.toml files.

Compares a Rust crate's public API between branches, detects breaking changes, and suggests the next semantic version.

A static analyzer for Rust programs that computes stack usage and generates call graphs, primarily for embedded systems.

A Cargo subcommand to show the result of Rust macro expansion and #[derive] expansion for debugging.

A cargo plugin that detects and reports usage of unsafe Rust code in crates and their dependencies.

A cargo subcommand to display assembly, LLVM-IR, MIR, and WASM generated for Rust code.

A Rust tool that checks and fixes spelling and grammar mistakes in documentation using hunspell and nlprule.

A bit-precise model checker for verifying safety and correctness properties in Rust code.

A static analysis tool for Rust that detects concurrency bugs, memory bugs, and panic locations.

Embed dependency information into Rust binaries for vulnerability auditing in production.

A tool for formatting Rust code according to the official Rust style guidelines.

Generates interactive visualizations of ownership and borrowing in Rust programs to aid learning.

A PostgreSQL database schema linter that identifies schema problems like missing primary keys and unindexed foreign keys.

A static analysis tool that spots security vulnerabilities in PostgreSQL extension scripts and SQL code.

A CLI tool and VS Code extension for formatting SQL to maintain consistent style and improve readability.

A simple command-line SQL linter that checks syntax against ANSI and PostgreSQL standards.

A Scala compiler plugin for static code analysis that detects bugs, non-idiomatic code, and style violations.

A syntax highlighter and tool to semi-automatically rewrite shell scripts for ShellCheck conformance, focusing on proper quoting.

A command-line tool and Xcode extension for formatting Swift code with extensive rule customization.

A comprehensive development kit for creating self-contained, deployable Tcl applications across multiple platforms.

A monorepo providing tooling to lint Angular projects with ESLint, including TypeScript and HTML template rules.

An extensible static analysis tool that checks TypeScript code for readability, maintainability, and functionality errors.

CLI tool that generates interactive call graphs from TypeScript source files to visualize function dependencies.

Monorepo for tooling that enables ESLint to support TypeScript, providing powerful static analysis for JavaScript and TypeScript.

A language server for SystemVerilog providing linting and IDE integration.

A comprehensive VS Code extension providing syntax highlighting, linting, formatting, and language server support for Verilog, SystemVerilog, VHDL, and related hardware description languages.

A code size profiler for WebAssembly that analyzes call graphs to identify and eliminate bloat.

A full-featured language server and tooling suite for WebAssembly Text Format development with deep static analysis and editor integration.

Asynchronous linting and fixing for Vim/Neovim with Language Server Protocol (LSP) support.

A source code analyzer that identifies features and characteristics in software components using static analysis and a JSON rules engine.

Static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.

A multi-language static call graph generator that parses source code to visualize function dependencies across 20+ programming languages.

An ultra-fast parallelized classpath and module scanner for JVM languages that indexes class metadata without loading classes.

Standard libraries and queries for CodeQL, powering GitHub Advanced Security and static application security testing.

A fast, extensible multi-language dependency extraction tool for code analysis and visualization.

A security linting framework with IDE plugins and CLI tools that identifies vulnerabilities as developers write code.

Linter for dangerous Postgres migration patterns in Diesel and SQLx that prevents downtime from unsafe schema changes.

A command-line tool for automatically formatting .NET code to follow style guidelines and conventions.

A pluggable linting utility for identifying and reporting patterns in JavaScript and ECMAScript code.

A collection of high-performance JavaScript and TypeScript tools written in Rust, powering modern development toolchains.

A set of tools and APIs for static analysis, code visualization, navigation, and style-preserving source transformations across multiple languages.

A Ruby gem for automated code review that runs analysis quickly by checking only relevant changes in pull requests.

A pluggable JavaScript linter and code transformer with built-in support for JS, TS, JSX, Markdown, YAML, TOML, JSON, and more.

A Python-based linter that allows you to create custom linting rules using regular expressions.

A high-speed static analysis tool for enforcing dependency graph hygiene and removing unused code in JavaScript/TypeScript projects.

Roslyn-based analyzers for .NET code quality, security, and maintainability, replacing legacy FxCop.

Open-source static analysis tool for Python, TypeScript, and Go that detects dead code, security vulnerabilities, and AI-generated regressions.

A static analysis tool for Go that validates raw SQL queries to catch syntax errors and prevent SQL injections.

Open source CNAPP that hunts for threats in cloud native platforms, ranks them by risk, and visualizes attack paths.

A static code analyzer that validates TODO comments by linking them to open issues in supported issue trackers.

A comprehensive security scanner that finds vulnerabilities, misconfigurations, secrets, and SBOMs in containers, Kubernetes, code, and clouds.

A fast, accurate static code analyzer for C/C++, C#, and Lua that detects defects early in development.

A fast, straightforward, reliable tool for performing massive, automated code refactoring using custom Python patterns.

A comprehensive static analysis library for Java bytecode and JavaScript, supporting interprocedural dataflow, pointer analysis, and call graph construction.

A fast semantic search tool for C/C++ codebases that uses AST pattern matching to help security researchers find interesting functionality.

A platform-agnostic binary analysis framework for disassembly, symbolic execution, and program analysis.

Analyzes raw binary firmware to automatically detect loading address, endianness, and UDS command databases.

A lightweight static analysis tool that validates security and correctness characteristics of Windows PE and Linux ELF binaries.

Bloaty is a size profiler for binaries that analyzes what's taking up space inside executable files.

A static analysis tool that detects Common Weakness Enumerations (CWEs) in binary executables across multiple CPU architectures.

An abstract interpretation-based static analysis platform for disassembling and analyzing binary executables to recover control flow graphs.

A static analyzer for PE executables that identifies malicious indicators and aids in malware assessment.

A portable utility that identifies linkers, compilers, and packers used to create executable files across Windows, Linux, and macOS.

Embed dependency information into Rust binaries for vulnerability auditing in production.

A code size profiler for WebAssembly that analyzes call graphs to identify and eliminate bloat.

Analyzes un-instrumented ELF core files for memory leaks, growth, and corruption without requiring code instrumentation.

A coding style formatter for CSS that sorts properties and enforces consistent formatting.

Generate interactive line graphs visualizing CSS selector specificity across your stylesheet.

A static analysis tool for detecting security misconfigurations and flaws in Nginx configuration files.

An open-source policy-as-code tool that validates JSON/YAML data like CloudFormation and Kubernetes configs against custom rules.

A linter that validates AWS CloudFormation templates against AWS resource schemas and best practices.

A linting tool that scans AWS CloudFormation templates for insecure infrastructure patterns and security violations.

Static vulnerability analysis for container images (OCI/Docker) via an API that indexes and matches against known security flaws.

A smarter Dockerfile linter that helps you build best practice Docker images by parsing the Dockerfile AST and linting inline bash.

Automated code review tool that integrates with any linter and posts results as comments on pull requests.

A blazing fast Rust crate for linting JavaScript and TypeScript code, powering Deno's linter and usable with Node.js.

An advanced linter for Yocto/OpenEmbedded bitbake recipes that enforces style guidelines and detects common pitfalls.

A configurable linter and validator for Gherkin feature files, written in JavaScript.

A monorepo providing tooling to lint Angular projects with ESLint, including TypeScript and HTML template rules.

A Ruby tool to lint ERB and HTML files using built-in and custom linters for code quality and security.

An HTML linter that checks for common mistakes and ensures correct Bootstrap markup structure.

A Ruby gem that normalizes and beautifies HTML, including embedded Ruby code, ideal for Rails templates.

A monorepo containing tools for developing, building, and testing Polymer web components.

A CLI tool for linting and testing Helm charts, designed for CI/CD pipelines and pull request validation.

A best practices checker for Kubernetes clusters that analyzes resources and provides actionable feedback.

A Kubernetes RBAC static analysis tool that identifies security risks and visualizes RBAC design.

A customizable linter for validating Kubernetes resources against organization-defined standards.

A static analysis tool that checks Kubernetes YAML files and Helm charts for security and production readiness best practices.

A PHPStan extension for Laravel that adds static code analysis to catch bugs and improve code quality.

A configurable linter and analyzer for Makefiles that scans for potential issues and enforces best practices.

A Node.js style checker and lint tool for Markdown/CommonMark files to enforce consistency and standards.

A Ruby-based tool to check Markdown files and flag style issues with configurable rules.

Format and lint markdown code blocks using your favorite language-specific tools.

A Go tool that runs multiple linters concurrently to perform static analysis, unit testing, and generate comprehensive code quality reports.

A static analysis tool that scans Nix files for dead code like unused variable bindings and lambda arguments.

A linter and fixer for Nix code that highlights antipatterns and provides automated fixes.

A fast, zero-dependency PHP tool that detects unused, shadow, and misplaced Composer dependencies.

A linting tool for checking common errors and policy violations in RPM packages.

A pluggable linter and fixer to enforce Protocol Buffer style and conventions.

A Ruby gem that detects database issues in Rails applications before they reach production.

A Ruby gem that detects N+1 queries, unused eager loading, and missing counter caches to improve application performance.

A Ruby gem that detects inconsistencies between ActiveRecord models and database schema to prevent data issues.

A static analysis security scanner for Ruby web applications, supporting Rails, Sinatra, and Padrino frameworks.

A fast and precise formatter for ERB (Embedded Ruby) files with editor integration and configurable line length.

A RubyCritic extension that calculates a SkunkScore to identify the most complex code with the least test coverage for refactoring prioritization.