Static Analysis

android-security-awesomeMakefile

A comprehensive, curated collection of tools, research, and resources for Android application security analysis and penetration testing.

#vulnerability-assessment#mobile-security#android

Stars9.5k

Forks1.6k

Last commit

Android SecurityMakefile

A comprehensive, curated collection of tools, research, and resources for Android application security analysis and reverse engineering.

#vulnerability-assessment#mobile-security#android

Automated code review tool that integrates with any linter and posts results as comments on pull requests.

#developer-tools#lint#linter

A comprehensive ESLint plugin providing React-specific linting rules to enforce best practices and catch common errors.

#developer-tools#lint#ecmascript

Stars9.3k

Forks2.7k

Last commit26 days ago

SyftGo

A CLI tool and Go library for generating Software Bill of Materials (SBOM) from container images and filesystems.

#sbom#container-security#cyclonedx

A CLI tool and Go library for generating Software Bill of Materials (SBOM) from container images and filesystems.

#sbom#container-security#cyclonedx

A community-driven static code analysis tool that detects errors and potential problems in JavaScript code.

#developer-tools#open-source#code-quality

Stars9.1k

Forks1.6k

Last commit1 year ago

CheckstyleJava

A development tool that helps programmers write Java code adhering to configurable coding standards and best practices.

#hacktoberfest#development-tool#coding-standards

Stars8.9k

Forks4.1k

Golang Security CheckerGo

A static analysis tool that scans Go source code for security vulnerabilities by analyzing the AST and SSA representations.

#ast-analysis#taint-analysis#security-automation

A Go library and toolset for parsing, formatting, and interpreting POSIX Shell, Bash, and Zsh scripts.

#developer-tools#code-formatter#interpreter

Stars8.8k

Forks410

Last commit6 days ago

checkovPython

A static code analysis tool that scans infrastructure as code, container images, and open source packages for security misconfigurations and vulnerabilities.

#aws-security#azure#kubernetes

A static code analysis tool that scans infrastructure as code, container images, and open source packages for security misconfigurations and vulnerabilities.

#aws-security#azure#static-code-analysis

Stars8.8k

Forks1.3k

Gixy - Nginx configuration static analyzerPython

A static analysis tool for detecting security misconfigurations and flaws in Nginx configuration files.

#devops#web-server#vulnerability-detection

Stars8.6k

Forks451

Last commit1 year ago

retdecC++

A retargetable machine-code decompiler based on LLVM, supporting multiple architectures and file formats.

#disassembler#malware-analysis#binary-analysis

Stars8.5k

Forks992

Last commit13 days ago

sccGo

A very fast and accurate code counter with complexity calculations, COCOMO/LOCOMO estimates, and unique line metrics written in pure Go.

#developer-tools#statistics#code-metrics

Stars8.5k

Forks319

Last commit6 days ago

XOTypeScript

An opinionated, zero-config ESLint wrapper for JavaScript/TypeScript with great defaults and automatic fixes.

#developer-tools#zero-config#linter

Stars8.0k

Forks305

#eslint-wrapper#developer-tools#automated-fixes

xoTypeScript

An opinionated, zero-config ESLint wrapper for JavaScript and TypeScript with great defaults and automatic fixes.

Stars8.0k

Forks305

#parsing#developer-tools#runtime-typechecking

arkregexTypeScript

A TypeScript validator that maintains 1:1 type-safety from editor to runtime with optimized performance.

Stars7.8k

Forks145

Last commit6 days ago

ClassySharkJava

A standalone binary inspection tool for Android developers to browse executables and analyze bytecode.

#dex#bytecode-viewer#jar

Stars7.6k

Forks872

Last commit3 years ago

brakemanRuby

A static analysis security vulnerability scanner for Ruby on Rails applications.

#vulnerabilities#rails#vulnerability-detection

Stars7.2k

Forks770

Last commit4 days ago

error-proneJava

A static analysis tool for Java that catches common programming mistakes at compile-time.

#developer-tools#build-tools#bug-detection

Stars7.2k

Forks793

Last commit3 days ago

pyre-checkOCaml

A performant, incremental type checker for Python with integrated security analysis via Pysa.

#type-check#developer-tools#taint-analysis

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

#rego#google-cloud-platform#multi-cloud

#google-cloud-platform#azure#terraform-security

tfsecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

#google-cloud-platform#multi-cloud#azure

tfsecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

#google-cloud-platform#multi-cloud#azure

TFSecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

#hacktoberfest#code-smells#developer-tools

DetektKotlin

A static code analysis tool for Kotlin that identifies code smells and enforces coding standards.

A state-of-the-art static analysis linter for Go that finds bugs, performance issues, and enforces style rules.

#developer-tools#linter#bug-detection

A state-of-the-art static analysis linter for Go that finds bugs, performance issues, and enforces style rules.

#developer-tools#linter#bug-detection

A safe, zero-overhead FFI bridge for calling C++ code from Rust and Rust code from C++.

#safe-ffi#ffi#c-plus-plus

Stars6.7k

Forks408

Last commit9 days ago

cppcheckC++

A static analysis tool for detecting bugs and undefined behavior in C and C++ code.

#undefined-behavior#c-cpp#bug-detection

Stars6.6k

Forks1.6k

Last commit3 days ago

PyreflyRust

A fast type checker and language server for Python with powerful IDE features like code navigation and completion.

#type-check#incremental-checking#language-server

Stars6.6k

Forks389