static-analyzer
There are 170 repositories under static-analyzer topic.
phpstan/phpstan
PHP Static Analysis Tool - discover bugs in your code without running it!
e-m-b-a/emba
EMBA - The firmware security analyzer
llvm-mirror/clang
Mirror kept for legacy. Moved to https://github.com/llvm/llvm-project
phpmetrics/PhpMetrics
Beautiful and understandable static analysis tool for PHP
Ericsson/codechecker
CodeChecker is an analyzer tooling, defect database and viewer extension for static and dynamic analyzer tools.
phpmd/phpmd
PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.
KeenSecurityLab/BinAbsInspector
BinAbsInspector: Vulnerability Scanner for Binaries
SVF-tools/SVF
Static Value-Flow Analysis Framework for Source Code
phpstan/phpdoc-parser
Next-gen phpDoc parser with support for intersection types and generics
kalessil/phpinspectionsea
A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)
sleekbyte/tailor
Cross-platform static analyzer and linter for Swift.
fkie-cad/cwe_checker
cwe_checker finds vulnerable patterns in binary executables
SonarSource/sonar-java
:coffee: SonarSource Static Analyzer for Java Code Quality and Security
SonarSource/SonarJS
SonarSource Static Analyzer for JavaScript and TypeScript
SonarSource/sonar-dotnet
Code analyzer for C# and VB.NET projects
Cyber-Buddy/APKHunt
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
alexkohler/prealloc
prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated.
phpstan/phpstan-doctrine
Doctrine extensions for PHPStan
kowainik/stan
🕵️ Haskell STatic ANalyser
BurtonQin/lockbud
Detect concurrency and memory bugs and possible panic locations in Rust projects
insidersec/insider
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
mchalupa/dg
[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.
Chanzi-keji/chanzi
"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompile, custom rule, and is compatible with the technology stacks of Servlet&filter, Spring,struts,Dubbo,Thrift, jax-rs,jax-ws,JFinal,Netty,MyBatis,and JSP.
vbpf/prevail
eBPF verifier based on abstract interpretation
ajinabraham/njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
rizsotto/scan-build
Clang's scan-build re-implementation in python
cs-au-dk/TIP
Static program analysis for TIP
jborgers/sonar-pmd
☕️ PMD Plugin for SonarQube
ECSIM/opem
OPEM (Open Source PEM Fuel Cell Simulation Tool)
cs-au-dk/TAJS
Type Analyzer for JavaScript
florianschanda/miss_hit
MATLAB Independent, Small & Safe, High Integrity Tools - code formatter and more
SoftSec-KAIST/Smartian
Smartian: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses (ASE '21)
Beliavsky/Fortran-Tools
Links to Fortran compilers, preprocessors, formatters, static analyzers, transpilers, IDEs, build systems, etc.
integrated-application-development/sonar-delphi
Delphi language plugin for SonarQube
ajinabraham/libsast
Generic SAST Library
alexkohler/nakedret
nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.