static-code-analysis

There are 535 repositories under static-code-analysis topic.

  • astral-sh/ruff

    An extremely fast Python linter and code formatter, written in Rust.

    Language:Rust34k835.8k1.1k

  • standard/standard

    🌟 JavaScript Style Guide, with linter & automatic code fixer

    Language:JavaScript29.2k4701.2k2.3k

  • eslint/eslint

    Find and fix problems in your JavaScript code.

    Language:JavaScript25.3k31310.4k4.6k
  • biome

    biomejs/biome

    A toolchain for web projects, aimed to provide functionalities to maintain them. Biome offers formatter and linter, usable via CLI and LSP.

    Language:Rust16k521.5k503

  • facebook/infer

    A static analyzer for Java, C, C++, and Objective-C

    Language:OCaml15k6021.4k2k
  • static-analysis

    analysis-tools-dev/static-analysis

    βš™οΈ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

    Language:Rust13.4k3205771.4k

  • phpstan/phpstan

    PHP Static Analysis Tool - discover bugs in your code without running it!

    Language:PHP13.1k1678.5k896

  • rubocop/rubocop

    A Ruby static code analyzer and formatter, based on the community Ruby style guide.

    Language:Ruby12.7k1825.8k3.1k
  • semgrep

    semgrep/semgrep

    Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

    Language:OCaml10.8k1043k635
  • checkstyle

    checkstyle/checkstyle

    Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

    Language:Java8.4k2235.4k3.7k
  • reviewdog

    reviewdog/reviewdog

    🐢 Automated code review tool integrated with any code analysis tools regardless of programming language

    Language:Go8k55302427

  • securego/gosec

    Go security checker

    Language:Go7.9k86464619
  • bandit

    PyCQA/bandit

    Bandit is a tool designed to find common security issues in Python code.

    Language:Python6.6k65653616
  • datree

    datreeio/datree

    Prevent Kubernetes misconfigurations from reaching production (again 😀 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io

    Language:Go6.4k38222360

  • phan/phan

    Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

    Language:PHP5.5k1062.8k359

  • pylint-dev/pylint

    It's not just a linter that annoys you!

    Language:Python5.4k815.7k1.1k

  • pmd/pmd

    An extensible multilanguage static code analyzer.

    Language:Java4.9k1412.5k1.5k
  • revive

    mgechev/revive

    πŸ”₯ ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

    Language:Go4.8k39351285

  • google/pytype

    A static type analyzer for Python code

    Language:Python4.8k54716282

  • uber/NullAway

    A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

    Language:Java3.7k69373299

  • spotbugs/spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

    Language:Java3.5k761.2k601

  • PyCQA/flake8

    flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.

    Language:Python3.5k391.6k309
  • kube-score

    zegl/kube-score

    Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

    Language:Go2.8k24178179

  • standard/eslint-config-standard

    ESLint Config for JavaScript Standard Style

    Language:TypeScript2.6k41122565
  • codelyzer

    mgechev/codelyzer

    Static analysis for Angular projects.

    Language:TypeScript2.5k46591235

  • python-security/pyt

    A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

    Language:Python2.2k68103242
  • gokart

    praetorian-inc/gokart

    A static analysis tool for securing Go code

    Language:Go2.2k2748110
  • bearer

    Bearer/bearer

    Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

    Language:Go2.1k21333111

  • glebm/i18n-tasks

    Manage translation and localization with static analysis, for Ruby i18n

    Language:Ruby2.1k33373265

  • Tencent/TscanCode

    A static code analyzer for C++, C#, Lua

    Language:C++2k12978593

  • ronami/HypeScript

    🐬 A simplified implementation of TypeScript's type system written in TypeScript's type system

    Language:TypeScript1.9k8323

  • rubberduck-vba/Rubberduck

    Every programmer needs a rubberduck. COM add-in for the VBA & VB6 IDE (VBE).

    Language:C#1.9k1053.9k301

  • kalessil/phpinspectionsea

    A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

    Language:Java1.4k271.8k118

  • phpstan/phpdoc-parser

    Next-gen phpDoc parser with support for intersection types and generics

    Language:PHP1.4k77961

  • twitter/compose-rules

    Static checks to aid with a healthy adoption of Compose

    Language:Kotlin1.4k244093

  • gauge-sh/tach

    A Python tool to enforce dependencies, using modular architecture 🌎 Open source 🐍 Installable via pip πŸ”§ Able to be adopted incrementally - ⚑ Implemented with no runtime impact ♾️ Interoperable with your existing systems πŸ¦€ Written in rust

    Language:Rust1.2k107437