static-code-analysis

There are 575 repositories under static-code-analysis topic.

  • astral-sh/ruff

    An extremely fast Python linter and code formatter, written in Rust.

    Language:Rust43.6k897.4k1.6k

  • standard/standard

    🌟 JavaScript Style Guide, with linter & automatic code fixer

    Language:JavaScript29.4k4591.2k2.3k

  • eslint/eslint

    Find and fix problems in your JavaScript code.

    Language:JavaScript26.6k30510.8k4.8k
  • biome

    biomejs/biome

    A toolchain for web projects, aimed to provide functionalities to maintain them. Biome offers formatter and linter, usable via CLI and LSP.

    Language:Rust22.1k632.6k754

  • facebook/infer

    A static analyzer for Java, C, C++, and Objective-C

    Language:OCaml15.4k5891.4k2.1k
  • static-analysis

    analysis-tools-dev/static-analysis

    βš™οΈ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

    Language:Rust14.2k3145801.4k

  • phpstan/phpstan

    PHP Static Analysis Tool - discover bugs in your code without running it!

    Language:PHP13.7k1559.5k932
  • semgrep

    semgrep/semgrep

    Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

    Language:OCaml13.3k1053.2k819

  • rubocop/rubocop

    A Ruby static code analyzer and formatter, based on the community Ruby style guide.

    Language:Ruby12.8k1726.1k3.1k
  • reviewdog

    reviewdog/reviewdog

    🐢 Automated code review tool integrated with any code analysis tools regardless of programming language

    Language:Go8.8k55319459
  • checkstyle

    checkstyle/checkstyle

    Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

    Language:Java8.7k2235.8k3.9k

  • securego/gosec

    Go security checker

    Language:Go8.5k82512665
  • bandit

    PyCQA/bandit

    Bandit is a tool designed to find common security issues in Python code.

    Language:Python7.4k69687702
  • datree

    datreeio/datree

    Prevent Kubernetes misconfigurations from reaching production (again 😀 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io

    Language:Go6.4k36222359

  • phan/phan

    Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

    Language:PHP5.6k1032.8k370

  • pylint-dev/pylint

    It's not just a linter that annoys you!

    Language:Python5.6k755.9k1.2k
  • revive

    mgechev/revive

    πŸ”₯ ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

    Language:Go5.3k34479313

  • pmd/pmd

    An extensible multilanguage static code analyzer.

    Language:Java5.2k1362.8k1.5k

  • google/pytype

    A static type analyzer for Python code

    Language:Python5k52746289

  • uber/NullAway

    A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

    Language:Java3.9k70484320

  • spotbugs/spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

    Language:Java3.8k761.4k638

  • PyCQA/flake8

    flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.

    Language:Python3.7k371.6k336
  • kube-score

    zegl/kube-score

    Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

    Language:Go3k24185191

  • standard/eslint-config-standard

    ESLint Config for JavaScript Standard Style

    Language:TypeScript2.6k39122555

  • gauge-sh/tach

    A Python tool to visualize + enforce dependencies, using modular architecture 🌎 Open source 🐍 Installable via pip πŸ”§ Able to be adopted incrementally - ⚑ Implemented with no runtime impact ♾️ Interoperable with your existing systems πŸ¦€ Written in rust

    Language:Rust2.5k1312970
  • bearer

    Bearer/bearer

    Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

    Language:Go2.5k24345132
  • codelyzer

    mgechev/codelyzer

    Static analysis for Angular projects.

    Language:TypeScript2.5k44591238

  • python-security/pyt

    A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

    Language:Python2.2k65103249
  • gokart

    praetorian-inc/gokart

    A static analysis tool for securing Go code

    Language:Go2.2k2548109

  • glebm/i18n-tasks

    Manage translation and localization with static analysis, for Ruby i18n

    Language:Ruby2.1k32391279

  • Tencent/TscanCode

    A static code analyzer for C++, C#, Lua

    Language:C++2.1k12479603

  • rubberduck-vba/Rubberduck

    Every programmer needs a rubberduck. COM add-in for the VBA & VB6 IDE (VBE).

    Language:C#2.1k1024k316

  • ronami/HypeScript

    🐬 A simplified implementation of TypeScript's type system written in TypeScript's type system

    Language:TypeScript2k7323

  • phpstan/phpdoc-parser

    Next-gen phpDoc parser with support for intersection types and generics

    Language:PHP1.5k68866

  • kalessil/phpinspectionsea

    A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

    Language:Java1.5k251.9k115

  • twitter/compose-rules

    Static checks to aid with a healthy adoption of Compose

    Language:Kotlin1.4k224096