#Static-code-analysis

Showing 57 of 57 repositories tagged #static-code-analysis, ranked by stars

astral-sh
astral-sh
ruff

An extremely fast Python linter and code formatter, written in Rust.

Score
100
β˜… 48.5k β‘‚ 2.2k +7/day
Rust
biomejs
biomejs
biome

A toolchain for web projects, aimed to provide functionalities to maintain them. Biome offers formatter and linter, usable via CLI and LSP.

Score
100
β˜… 25.4k β‘‚ 1.2k +119/day
Rust
semgrep
semgrep
semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Score
100
β˜… 15.8k β‘‚ 989 +41/day
OCaml
analysis-tools-dev
analysis-tools-dev
static-analysis

βš™οΈ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

Score
67
β˜… 14.7k β‘‚ 1.5k +10/day
Rust
reviewdog
reviewdog
reviewdog

🐢 Automated code review tool integrated with any code analysis tools regardless of programming language

Score
89
β˜… 9.4k β‘‚ 491 β€”
Go
securego
securego
gosec

Go security checker

Score
78
β˜… 8.9k β‘‚ 700 +4/day
Go
PyCQA
PyCQA
bandit

Bandit is a tool designed to find common security issues in Python code.

Score
86
β˜… 8.2k β‘‚ 792 +9/day
Python
datreeio
datreeio
datree

Prevent Kubernetes misconfigurations from reaching production (again 😀 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io

Score
44
β˜… 6.3k β‘‚ 357 β€”
Go
pylint-dev
pylint-dev
pylint

It's not just a linter that annoys you!

Score
71
β˜… 5.7k β‘‚ 1.3k +4/day
Python
mgechev
mgechev
revive

πŸ”₯ ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

Score
67
β˜… 5.5k β‘‚ 316 +5/day
Go
pmd
pmd
pmd

An extensible multilanguage static code analyzer.

Score
100
β˜… 5.4k β‘‚ 1.6k +10/day
Java
google
google
pytype

A static type analyzer for Python code

Score
57
β˜… 5.0k β‘‚ 289 +2/day
Python
uber
uber
NullAway

A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

Score
89
β˜… 4.1k β‘‚ 347 +6/day
Java
PyCQA
PyCQA
flake8

flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.

Score
43
β˜… 3.8k β‘‚ 348 +2/day
Python
zegl
zegl
kube-score

Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

Score
56
β˜… 3.1k β‘‚ 197 β€”
Go
tach-org
tach-org
tach

A Python tool to visualize + enforce dependencies, using modular architecture 🌎 Open source 🐍 Installable via pip πŸ”§ Able to be adopted incrementally - ⚑ Implemented with no runtime impact ♾️ Interoperable with your existing systems πŸ¦€ Written in rust

Score
33
β˜… 2.8k β‘‚ 89 β€”
Rust
Bearer
Bearer
bearer

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Score
100
β˜… 2.7k β‘‚ 141 +2/day
Go
python-security
python-security
pyt

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

Score
14
β˜… 2.2k β‘‚ 249 β€”
Python
praetorian-inc
praetorian-inc
gokart

A static analysis tool for securing Go code

Score
22
β˜… 2.2k β‘‚ 108 β€”
Go
ronami
ronami
HypeScript

🐬 A simplified implementation of TypeScript's type system written in TypeScript's type system

Score
0
β˜… 2.0k β‘‚ 23 β€”
TypeScript
ipyflow
ipyflow
ipyflow

A reactive Python kernel for Jupyter notebooks.

Score
100
β˜… 1.3k β‘‚ 25 β€”
Python
security-code-scan
security-code-scan
security-code-scan

Vulnerability Patterns Detector for C# and VB.NET

Score
71
β˜… 978 β‘‚ 160 β€”
C#
vincentcox
vincentcox
StaCoAn

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Score
57
β˜… 870 β‘‚ 138 β€”
JavaScript
wala
wala
WALA

T.J. Watson Libraries for Analysis, with front ends for Java, Android, and JavaScript, and many common static program analyses.

Score
78
β˜… 859 β‘‚ 243 β€”
Java
soot-oss
soot-oss
SootUp

A new version of Soot with a completely overhauled architecture

Score
67
β˜… 801 β‘‚ 109 +2/day
Java
olacabs
olacabs
jackhammer

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Score
43
β˜… 741 β‘‚ 164 β€”
Java
FloeDesignTechnologies
FloeDesignTechnologies
phpcs-security-audit

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

Score
29
β˜… 728 β‘‚ 78 β€”
PHP
alexkohler
alexkohler
prealloc

prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated.

Score
33
β˜… 665 β‘‚ 26 β€”
Go
vuejs
vuejs
vue-eslint-parser

The ESLint custom parser for `.vue` files.

Score
100
β˜… 487 β‘‚ 82 β€”
TypeScript
droidefense
droidefense
engine

Droidefense: Advance Android Malware Analysis Framework

Score
14
β˜… 480 β‘‚ 106 β€”
Java
slackhq
slackhq
compose-lints

Lint checks to aid with a healthy adoption of Compose

Score
33
β˜… 476 β‘‚ 38 +1/day
Kotlin
MaibornWolff
MaibornWolff
codecharta

CodeCharta is a visualization tool that transforms complex software architecture and code metrics into interactive, customizable visual maps, empowering everyone to communicate and analyze your codebase. Improve code quality, maintainability, and architectural decisions

Score
56
β˜… 473 β‘‚ 49 +1/day
TypeScript
guilatrova
guilatrova
tryceratops

A linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).

Score
0
β˜… 450 β‘‚ 25 β€”
Python
amit-davidson
amit-davidson
Chronos

Chronos - A static race detector for the go language

Score
11
β˜… 441 β‘‚ 10 β€”
Go
Technologicat
Technologicat
pyan

The Python static call graph generator. pyan3 on PyPI. Official repo. Py3.10-3.14.

Score
29
β˜… 434 β‘‚ 75 +5/day
Python
JetBrains
JetBrains
Qodana

πŸ“ Source repository of Qodana Help

Score
44
β˜… 403 β‘‚ 82 β€”
awslabs
awslabs
iam-policy-autopilot

IAM Policy Autopilot is an open source static code analysis tool that helps you quickly create baseline AWS IAM policies that you can refine as your application evolves. This tool is available as a command-line utility and MCP server for use within AI coding assistants for quickly building IAM policies.

Score
100
β˜… 376 β‘‚ 42 β€”
Rust
JetBrains
JetBrains
qodana-action

βš™οΈ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle

Score
22
β˜… 303 β‘‚ 42 β€”
JavaScript
codeintegrity-ai
codeintegrity-ai
mutahunter

Open Source, Language Agnostic Mutation Testing

Score
0
β˜… 297 β‘‚ 26 β€”
Python
usyd-blockchain
usyd-blockchain
vandal

Static program analysis framework for Ethereum smart contract bytecode.

Score
100
β˜… 168 β‘‚ 44 β€”
Python
denzyldick
denzyldick
phanalist

Performant static analyzer for PHP, which is extremely easy to use. It helps you catch common mistakes in your PHP code.

Score
0
β˜… 160 β‘‚ 8 β€”
Rust
shivasurya
shivasurya
code-pathfinder

Static Code Analysis for security teams with Inter file taint analysis. Built for finding vulnerabilities, advanced structural search, derive insights and supports MCP

Score
86
β˜… 138 β‘‚ 16 β€”
Go
linthtml
linthtml
linthtml

The html5 linter and validator.

Score
75
β˜… 99 β‘‚ 12 β€”
TypeScript
Mkohm
Mkohm
detekt-hint

Detection of design principle violations in Kotlin as a plugin to detekt.

Score
0
β˜… 85 β‘‚ 2 β€”
HTML
konrad1977
konrad1977
loco

A linter for Swift Localizations

Score
11
β˜… 74 β‘‚ 1 β€”
Swift
alexkohler
alexkohler
unimport

unimport is a Go static analysis tool to find unnecessary import aliases.

Score
0
β˜… 71 β‘‚ 2 β€”
Go
yamadashy
yamadashy
phpstan-friendly-formatter

🀝 A friendly error formatter extension for PHPStan that provides more readable and informative output, including code snippets and color highlighting.

Score
50
β˜… 64 β‘‚ 5 β€”
PHP
yfedoseev
yfedoseev
fossil-mcp

The code quality toolkit for the agentic AI era. Find dead code, clones, and scaffolding across 15 languages. MCP server + CLI.

Score
25
β˜… 63 β‘‚ 4 +1/day
Rust
qltysh-archive
qltysh-archive
codeclimate-rubocop

Code Climate Engine for Rubocop

Score
0
β˜… 61 β‘‚ 40 β€”
Ruby
QasimWani
QasimWani
gct

Graphical Code Tracer (GCT): Visualize code at lightning speed

Score
33
β˜… 54 β‘‚ 9 β€”
Python
opensibyl
opensibyl
sibyl2

The missing fact layer in codebases.

Score
100
β˜… 47 β‘‚ 10 β€”
Go
iarsystems
iarsystems
iar-vsc-build

Visual Studio Code extension for developing and building IAR projects

Score
0
β˜… 44 β‘‚ 6 β€”
TypeScript
ferdinandobons
ferdinandobons
CodeDebrief

Local-first static analysis that turns source code into deterministic, source-grounded workflow maps for coding agents via MCP.

Score
67
β˜… 38 β‘‚ 4 +2/day
Python
IntegerMan
IntegerMan
gitstractor

A library for visualizing the commits, authors, and files of any git repository

Score
0
β˜… 26 β‘‚ 2 β€”
Jupyter Notebook
AmirhosseinHonardoust
AmirhosseinHonardoust
Smart-Contract-Risk-Analyzer

A lightweight static analysis engine for Solidity smart contracts. Extracts code features, detects dangerous patterns (delegatecall, tx.origin, call.value), computes heuristic risk scores, and classifies contracts into Low/Medium/High risk levels. Includes multiple example vulnerabilities and a clean CLI for rapid security assessment.

Score
50
β˜… 22 β‘‚ 1 β€”
Solidity
AmirhosseinHonardoust
AmirhosseinHonardoust
Python-Solidity-Feature-Engineering

A practical, research-friendly toolkit demonstrating how Python can read, parse, and analyze Solidity smart contracts using feature-engineering techniques. Extracts structural and security-relevant signals from Solidity code, detects risky patterns, builds interpretable features, and forms the basis for heuristic or ML-driven security analysis.

Score
0
β˜… 19 β‘‚ 0 β€”
piraces
piraces
kube-score-ga

Github action to execute kube-score with selected manifests (YAML, Helm or Kustomize)

Score
0
β˜… 11 β‘‚ 3 β€”
JavaScript
Related Topics
#static-analysis#linter#security#python#code-quality#go#cli#typescript#java#golang#developer-tools#javascript

Β© 2026 GitRepoTrend Β· GitHub repositories by topic Β· Updated weekly