578 Open Source Static Analysis Software Projects
Free and open source static analysis code projects including engines, APIs, generators, and tools.
Php_codesniffer 9114 ⭐
PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.
Static Analysis 9481 ⭐
⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
Mobile Security Framework Mobsf 10420 ⭐
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Owasp Mstg 8542 ⭐
The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Checkstyle 6543 ⭐
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
Phan 5225 ⭐
Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
Applicationinspector 3894 ⭐
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Credo 4184 ⭐
A static code analysis tool for the Elixir language with a focus on code consistency and teaching.
Nullaway 3070 ⭐
A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
Goreporter 2964 ⭐
A Golang tool that does static analysis, unit testing, code review and generate code quality report.
Reviewdog 4691 ⭐
🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
Mobileapp Pentest Cheatsheet 3083 ⭐
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Mgechev Revive 3230 ⭐
🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
Spotbugs 2609 ⭐
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
Semgrep 5796 ⭐
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Phpmd 2013 ⭐
PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.
Just Another Android App 1649 ⭐
An Android base app with loads of cool libraries/configuration NOT MAINTAINED
Find Sec Bugs 1772 ⭐
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Dependency Cruiser 2459 ⭐
Checkov 3708 ⭐
Prevent cloud misconfigurations during build-time for Terraform, CloudFormation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Codechecker 1458 ⭐
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy
Anchore Engine 1410 ⭐
A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification
Inria Spoon 1280 ⭐
Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.
Flake8 1760 ⭐
flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.
Dagda 930 ⭐
a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
Habomalhunter 666 ⭐
HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.
Modern Cpp Template 933 ⭐
A template for modern C++ projects using CMake, Clang-Format, CI, unit testing and more, with support for downstream inclusion.
Pep8speaks 561 ⭐
A GitHub :octocat: app to automatically review Python code style over Pull Requests
Security Tools 580 ⭐
My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.
Sonar Dotnet 534 ⭐
Code analyzer for C# and VB.NET projects https://redirect.sonarsource.com/plugins/vbnet.html