Static Analysis

#rector#framework-migration#dev-tools

RectorPHP

Automated PHP code upgrades and refactoring tool that instantly updates PHP versions and major frameworks.

Stars10.3k

Forks739

Last commit8 days ago

codeqlCodeQL

Standard libraries and queries for CodeQL, powering GitHub Advanced Security and static application security testing.

#codeql#vulnerability-detection#security

Stars9.5k

Forks2.0k

Last commit1 day ago

Android SecurityMakefile

A comprehensive, curated collection of tools, research, and resources for Android application security analysis and reverse engineering.

#vulnerability-assessment#mobile-security#android

Stars9.4k

Forks1.5k

Last commit

android-security-awesomeMakefile

A comprehensive, curated collection of tools, research, and resources for Android application security analysis and penetration testing.

#vulnerability-assessment#mobile-security#android

A comprehensive ESLint plugin providing React-specific linting rules to enforce best practices and catch common errors.

#developer-tools#lint#ecmascript

Stars9.3k

Forks2.7k

Last commit23 days ago

ReviewdogGo

Automated code review tool that integrates with any linter and posts results as comments on pull requests.

#developer-tools#lint#linter

Stars9.2k

Forks483

#developer-tools#open-source#code-quality

JSHintJavaScript

A community-driven static code analysis tool that detects errors and potential problems in JavaScript code.

Stars9.1k

Forks1.6k

Last commit1 year ago

CheckstyleJava

A development tool that helps programmers write Java code adhering to configurable coding standards and best practices.

#hacktoberfest#development-tool#coding-standards

A CLI tool and Go library for generating Software Bill of Materials (SBOM) from container images and filesystems.

#sbom#container-security#cyclonedx

A CLI tool and Go library for generating Software Bill of Materials (SBOM) from container images and filesystems.

#sbom#container-security#cyclonedx

Stars8.8k

Forks836

Last commit1 day ago

Golang Security CheckerGo

A static analysis tool that scans Go source code for security vulnerabilities by analyzing the AST and SSA representations.

#ast-analysis#taint-analysis#security-automation

Stars8.8k

Forks689

Last commit4 days ago

shGo

A Go library and toolset for parsing, formatting, and interpreting POSIX Shell, Bash, and Zsh scripts.

#developer-tools#code-formatter#interpreter

Stars8.7k

Forks394

Last commit16 days ago

checkovPython

A static code analysis tool that scans infrastructure as code, container images, and open source packages for security misconfigurations and vulnerabilities.

#aws-security#azure#kubernetes

Stars8.7k

Forks1.3k

Last commit4 days ago

CheckovPython

A static code analysis tool that scans infrastructure as code, container images, and open source packages for security misconfigurations and vulnerabilities.

#aws-security#azure#static-code-analysis

Stars8.7k

Forks1.3k

Last commit4 days ago

Gixy - Nginx configuration static analyzerPython

A static analysis tool for detecting security misconfigurations and flaws in Nginx configuration files.

#devops#web-server#vulnerability-detection

Stars8.6k

Forks448

Last commit1 year ago

retdecC++

A retargetable machine-code decompiler based on LLVM, supporting multiple architectures and file formats.

#disassembler#malware-analysis#binary-analysis

Stars8.5k

Forks991

Last commit9 months ago

sccGo

A very fast and accurate code counter with complexity calculations, COCOMO/LOCOMO estimates, and unique line metrics written in pure Go.

#developer-tools#statistics#code-metrics

Stars8.3k

Forks312

Last commit11 days ago

XOTypeScript

An opinionated, zero-config ESLint wrapper for JavaScript/TypeScript with great defaults and automatic fixes.

#developer-tools#zero-config#linter

Stars8.0k

Forks304

Last commit22 days ago

xoTypeScript

An opinionated, zero-config ESLint wrapper for JavaScript and TypeScript with great defaults and automatic fixes.

#eslint-wrapper#developer-tools#automated-fixes

Stars8.0k

Forks304

Last commit22 days ago

arkregexTypeScript

A TypeScript validator that maintains 1:1 type-safety from editor to runtime with optimized performance.

#parsing#developer-tools#runtime-typechecking

Stars7.7k

Forks140

#vulnerabilities#rails#vulnerability-detection

ClassySharkJava

A standalone binary inspection tool for Android developers to browse executables and analyze bytecode.

#dex#bytecode-viewer#jar

Stars7.6k

Forks874

Last commit2 years ago

brakemanRuby

A static analysis security vulnerability scanner for Ruby on Rails applications.

Stars7.2k

Forks766

#developer-tools#build-tools#bug-detection

error-proneJava

A static analysis tool for Java that catches common programming mistakes at compile-time.

Stars7.2k

Forks789

#type-check#developer-tools#taint-analysis

pyre-checkOCaml

A performant, incremental type checker for Python with integrated security analysis via Pysa.

Stars7.2k

Forks449

Last commit2 days ago

tfsecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

#google-cloud-platform#multi-cloud#azure

#google-cloud-platform#azure#terraform-security

tfsecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

#google-cloud-platform#multi-cloud#azure

TFSecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

#rego#google-cloud-platform#multi-cloud

TfsecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

#hacktoberfest#code-smells#developer-tools

DetektKotlin

A static code analysis tool for Kotlin that identifies code smells and enforces coding standards.

A state-of-the-art static analysis linter for Go that finds bugs, performance issues, and enforces style rules.

#developer-tools#linter#bug-detection

Stars6.8k

Forks410

#developer-tools#linter#bug-detection

staticcheckGo

A state-of-the-art static analysis linter for Go that finds bugs, performance issues, and enforces style rules.

Stars6.8k

Forks410

#safe-ffi#ffi#c-plus-plus

cxxRust

A safe, zero-overhead FFI bridge for calling C++ code from Rust and Rust code from C++.

Stars6.7k

Forks404

Last commit2 days ago

cppcheckC++

A static analysis tool for detecting bugs and undefined behavior in C and C++ code.

#undefined-behavior#c-cpp#bug-detection

Stars6.6k

Forks1.6k