#Static-code-analysis
Showing 57 of 57 repositories tagged #static-code-analysis, ranked by stars
An extremely fast Python linter and code formatter, written in Rust.
A toolchain for web projects, aimed to provide functionalities to maintain them. Biome offers formatter and linter, usable via CLI and LSP.
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
βοΈ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
πΆ Automated code review tool integrated with any code analysis tools regardless of programming language
Go security checker
Bandit is a tool designed to find common security issues in Python code.
Prevent Kubernetes misconfigurations from reaching production (again π€ )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io
It's not just a linter that annoys you!
π₯ ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
An extensible multilanguage static code analyzer.
A static type analyzer for Python code
A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.
Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.
A Python tool to visualize + enforce dependencies, using modular architecture π Open source π Installable via pip π§ Able to be adopted incrementally - β‘ Implemented with no runtime impact βΎοΈ Interoperable with your existing systems π¦ Written in rust
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
A static analysis tool for securing Go code
π¬ A simplified implementation of TypeScript's type system written in TypeScript's type system
A reactive Python kernel for Jupyter notebooks.
Vulnerability Patterns Detector for C# and VB.NET
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
T.J. Watson Libraries for Analysis, with front ends for Java, Android, and JavaScript, and many common static program analyses.
A new version of Soot with a completely overhauled architecture
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code
prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated.
The ESLint custom parser for `.vue` files.
Droidefense: Advance Android Malware Analysis Framework
Lint checks to aid with a healthy adoption of Compose
CodeCharta is a visualization tool that transforms complex software architecture and code metrics into interactive, customizable visual maps, empowering everyone to communicate and analyze your codebase. Improve code quality, maintainability, and architectural decisions
A linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).
Chronos - A static race detector for the go language
The Python static call graph generator. pyan3 on PyPI. Official repo. Py3.10-3.14.
π Source repository of Qodana Help
IAM Policy Autopilot is an open source static code analysis tool that helps you quickly create baseline AWS IAM policies that you can refine as your application evolves. This tool is available as a command-line utility and MCP server for use within AI coding assistants for quickly building IAM policies.
βοΈ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle
Open Source, Language Agnostic Mutation Testing
Static program analysis framework for Ethereum smart contract bytecode.
Performant static analyzer for PHP, which is extremely easy to use. It helps you catch common mistakes in your PHP code.
Static Code Analysis for security teams with Inter file taint analysis. Built for finding vulnerabilities, advanced structural search, derive insights and supports MCP
The html5 linter and validator.
Detection of design principle violations in Kotlin as a plugin to detekt.
A linter for Swift Localizations
unimport is a Go static analysis tool to find unnecessary import aliases.
π€ A friendly error formatter extension for PHPStan that provides more readable and informative output, including code snippets and color highlighting.
The code quality toolkit for the agentic AI era. Find dead code, clones, and scaffolding across 15 languages. MCP server + CLI.
Code Climate Engine for Rubocop
Graphical Code Tracer (GCT): Visualize code at lightning speed
The missing fact layer in codebases.
Visual Studio Code extension for developing and building IAR projects
Local-first static analysis that turns source code into deterministic, source-grounded workflow maps for coding agents via MCP.
A library for visualizing the commits, authors, and files of any git repository
A lightweight static analysis engine for Solidity smart contracts. Extracts code features, detects dangerous patterns (delegatecall, tx.origin, call.value), computes heuristic risk scores, and classifies contracts into Low/Medium/High risk levels. Includes multiple example vulnerabilities and a clean CLI for rapid security assessment.
A practical, research-friendly toolkit demonstrating how Python can read, parse, and analyze Solidity smart contracts using feature-engineering techniques. Extracts structural and security-relevant signals from Solidity code, detects risky patterns, builds interpretable features, and forms the basis for heuristic or ML-driven security analysis.
Github action to execute kube-score with selected manifests (YAML, Helm or Kustomize)