554 Open Source Static Analysis Software Projects
Free and open source static analysis code projects including engines, APIs, generators, and tools.
Php_codesniffer 8960 ⭐
PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.
Static Analysis 9109 ⭐
⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
Mobile Security Framework Mobsf 10094 ⭐
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Owasp Mstg 8213 ⭐
The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Checkstyle 6454 ⭐
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
Phan 5186 ⭐
Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
Applicationinspector 3861 ⭐
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Credo 4120 ⭐
A static code analysis tool for the Elixir language with a focus on code consistency and teaching.
Nullaway 3023 ⭐
A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
Goreporter 2927 ⭐
A Golang tool that does static analysis, unit testing, code review and generate code quality report.
Reviewdog 4417 ⭐
🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
Mobileapp Pentest Cheatsheet 3024 ⭐
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Mgechev Revive 3060 ⭐
🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
Spotbugs 2540 ⭐
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
Semgrep 5567 ⭐
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Phpmd 1978 ⭐
PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.
Just Another Android App 1654 ⭐
An Android base app with loads of cool libraries/configuration NOT MAINTAINED
Find Sec Bugs 1733 ⭐
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Dependency Cruiser 2273 ⭐
Checkov 3474 ⭐
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Codechecker 1431 ⭐
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy
Anchore Engine 1366 ⭐
A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification
Inria Spoon 1240 ⭐
Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.
Flake8 1655 ⭐
flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.
Dagda 899 ⭐
a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
Habomalhunter 664 ⭐
HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.
Modern Cpp Template 894 ⭐
A template for modern C++ projects using CMake, Clang-Format, CI, unit testing and more, with support for downstream inclusion.
Pep8speaks 562 ⭐
A GitHub :octocat: app to automatically review Python code style over Pull Requests
Security Tools 546 ⭐
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Sonar Dotnet 510 ⭐
Code analyzer for C# and VB.NET projects https://redirect.sonarsource.com/plugins/vbnet.html