static-analysis
There are 2400 repositories under static-analysis topic.
WerWolv/ImHex
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
astral-sh/ruff
An extremely fast Python linter and code formatter, written in Rust.
koalaman/shellcheck
ShellCheck, a static analysis tool for shell scripts
MobSF/Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
realm/SwiftLint
A tool to enforce Swift style and conventions.
nikic/PHP-Parser
A PHP parser written in PHP
facebook/infer
A static analyzer for Java, C, C++, and Objective-C
Konloch/bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
analysis-tools-dev/static-analysis
⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
phpstan/phpstan
PHP Static Analysis Tool - discover bugs in your code without running it!
PHP-CS-Fixer/PHP-CS-Fixer
A tool to automatically fix PHP Coding Standards issues
semgrep/semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
rshipp/awesome-malware-analysis
Defund the Police.
ttroy50/cmake-examples
Useful CMake Examples
OWASP/mastg
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.
hadolint/hadolint
Dockerfile linter, validate inline bash, written in Haskell
ast-grep/ast-grep
⚡A CLI tool for code structural search, lint and rewriting. Written in Rust
anchore/grype
A vulnerability scanner for container images and filesystems
quay/clair
Vulnerability Static Analysis for Containers
squizlabs/PHP_CodeSniffer
PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.
SonarSource/sonarqube
Continuous Inspection
horsicq/Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
reviewdog/reviewdog
🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
checkstyle/checkstyle
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
We5ter/Scanners-Box
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
securego/gosec
Go security checker
bridgecrewio/checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
anchore/syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
presidentbeef/brakeman
A static analysis security vulnerability scanner for Ruby on Rails applications
facebook/pyre-check
Performant type-checking for python.
google/error-prone
Catch common Java mistakes as compile-time errors
aquasecurity/tfsec
Tfsec is now part of Trivy
Col-E/Recaf
The modern Java bytecode editor
detekt/detekt
Static code analysis for Kotlin
dominikh/go-tools
Staticcheck - The advanced Go linter
ondrajz/go-callvis
Visualize call graph of a Go program using Graphviz