#Static-analysis
Showing 60 of 358 repositories tagged #static-analysis, ranked by stars
๐ A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
An extremely fast Python linter and code formatter, written in Rust.
ShellCheck, a static analysis tool for shell scripts
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
A tool to enforce Swift style and conventions.
Local-first code intelligence graph for MCP and CLI. Builds a persistent map of your codebase so AI coding tools read only what matters, with benchmarked context reductions on reviews and large-repo workflows.
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
โกA CLI tool for code structural search, lint and rewriting. Written in Rust
โ๏ธ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
Defund the Police.
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.
A vulnerability scanner for container images and filesystems
Dockerfile linter, validate inline bash, written in Haskell
Program for determining types of files for Windows, Linux and MacOS.
Vulnerability Static Analysis for Containers
PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.
๐ถ Automated code review tool integrated with any code analysis tools regardless of programming language
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
A powerful and open-source toolkit for hackers and security automation - ๅฎๅ จ่กไธไปไธ่ ่ช็ ๅผๆบๆซๆๅจๅ่พ
Go security checker
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
A static analysis security vulnerability scanner for Ruby on Rails applications
Performant type-checking for python.
Tfsec is now part of Trivy
Static code analysis for Kotlin
Validate and visualize dependencies. Your rules. JavaScript, TypeScript, CoffeeScript. ES6, CommonJS, AMD.
Staticcheck - The advanced Go linter
Visualize call graph of a Go program using Graphviz
Static Analyzer for Solidity and Vyper
Awesome autocompletion, static analysis and refactoring library for python
Scanning APK file for URIs, endpoints & secrets.
TypeScript Compiler API wrapper for static analysis and programmatic code changes.
:vertical_traffic_light: An extensible linter for the TypeScript language
Static analysis for GitHub Actions
It's not just a linter that annoys you!
๐ฅ ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
An extensible multilanguage static code analyzer.
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
๐Optimizer for mobile applications
A static type analyzer for Python code
Official ESLint plugin for Vue.js
๐ฆฉ Tools for Go projects
Analyze ELF binaries like a boss ๐ผ๐ต๏ธโโ๏ธ
A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
Codebase intelligence for TypeScript and JavaScript. Free static analysis of code and styles: unused code, duplication, circular deps, complexity hotspots, architecture boundaries, design-system drift. Optional paid runtime layer (Fallow Runtime): hot-path review and cold-path deletion evidence from real production traffic.
Static analysis tool to detect potential nil panics in Go code
flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.
Chat with (and visualize) your codebase
KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
Codebase intelligence for AI and humans: code health scores, auto-generated docs, git analytics, dead code detection, and architectural decisions via MCP.
Mago is a toolchain for PHP that aims to provide a set of tools to help developers write better code.
A Golang tool that does static analysis, unit testing, code review and generate code quality report.
๐ Code quality CLI for universal linting, auto-formatting, security scanning, and maintainability
Flowistry is an IDE plugin for Rust that helps you focus on relevant code.
A fast, feature-rich static code analyzer & language server for Python
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Zero shot vulnerability discovery using LLMs
Real-time architectural sensor that helps AI agents close the feedback loop, enabling recursive self-improvement of code quality. Pure Rust.
CodeChecker is an analyzer tooling, defect database and viewer extension for static and dynamic analyzer tools.