static-analysis
There are 1970 repositories under static-analysis topic.
WerWolv/ImHex
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
koalaman/shellcheck
ShellCheck, a static analysis tool for shell scripts
astral-sh/ruff
An extremely fast Python linter and code formatter, written in Rust.
realm/SwiftLint
A tool to enforce Swift style and conventions.
MobSF/Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
nikic/PHP-Parser
A PHP parser written in PHP
facebook/infer
A static analyzer for Java, C, C++, and Objective-C
Konloch/bytecode-viewer
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
analysis-tools-dev/static-analysis
⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
phpstan/phpstan
PHP Static Analysis Tool - discover bugs in your code without running it!
PHP-CS-Fixer/PHP-CS-Fixer
A tool to automatically fix PHP Coding Standards issues
ttroy50/cmake-examples
Useful CMake Examples
rshipp/awesome-malware-analysis
Defund the Police.
OWASP/owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
semgrep/semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
squizlabs/PHP_CodeSniffer
PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.
hadolint/hadolint
Dockerfile linter, validate inline bash, written in Haskell
quay/clair
Vulnerability Static Analysis for Containers
SonarSource/sonarqube
Continuous Inspection
anchore/grype
A vulnerability scanner for container images and filesystems
checkstyle/checkstyle
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
We5ter/Scanners-Box
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
reviewdog/reviewdog
🐶 Automated code review tool integrated with any code analysis tools regardless of programming language
securego/gosec
Go security checker
horsicq/Detect-It-Easy
Program for determining types of files for Windows, Linux and MacOS.
ast-grep/ast-grep
⚡A CLI tool for code structural search, lint and rewriting. Written in Rust
bridgecrewio/checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
presidentbeef/brakeman
A static analysis security vulnerability scanner for Ruby on Rails applications
facebook/pyre-check
Performant type-checking for python.
google/error-prone
Catch common Java mistakes as compile-time errors
aquasecurity/tfsec
Tfsec is now part of Trivy
anchore/syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
detekt/detekt
Static code analysis for Kotlin
dominikh/go-tools
Staticcheck - The advanced Go linter
Col-E/Recaf
The modern Java bytecode editor
ondrajz/go-callvis
Visualize call graph of a Go program using Graphviz