Correia-jpv/fucking-static-analysis

⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more. With repository stars⭐ and forks🍴

Language: Rust - Size: 40.1 MB - Last synced: 2 days ago - Pushed: 2 days ago - Stars: 8 - Forks: 0

kyosu-1/boolcmp

static analysis tool for Go that detects variables with bool values that use comparison operators.

Language: Go - Size: 8.79 KB - Last synced: about 2 hours ago - Pushed: about 1 year ago - Stars: 2 - Forks: 0

machitgarha/bimoo

Moodle declaration stubs, including classes, functions and globals, helping IDEs and static analyzers

Language: PHP - Size: 4.74 MB - Last synced: about 2 hours ago - Pushed: over 2 years ago - Stars: 0 - Forks: 0

houqp/sqlvet

Go fearless SQL. Sqlvet performs static analysis on raw SQL queries in your Go code base.

Language: Go - Size: 85.9 KB - Last synced: 4 days ago - Pushed: 19 days ago - Stars: 485 - Forks: 22

thradams/cake

Cake a C23 front end and transpiler written in C

Language: C - Size: 68.6 MB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 496 - Forks: 18

NotDec/NotDec

a webassembly wasm decompiler and Static Analysis Framework based on llvm IR. (Work In Progress)

Language: C++ - Size: 6.12 MB - Last synced: 9 days ago - Pushed: 9 days ago - Stars: 14 - Forks: 3

ptech12/android-malware-classifier

Language: Jupyter Notebook - Size: 727 KB - Last synced: about 3 hours ago - Pushed: about 2 months ago - Stars: 0 - Forks: 0

pmatos/WebKit-misc

Utilities for WebKit work

Language: Racket - Size: 130 KB - Last synced: about 4 hours ago - Pushed: almost 2 years ago - Stars: 2 - Forks: 4

naseemakhtar994/spotbugs Fork of spotbugs/spotbugs

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

Language: Java - Size: 134 MB - Last synced: about 5 hours ago - Pushed: over 6 years ago - Stars: 0 - Forks: 0

ast-grep/ast-grep

⚡A CLI tool for code structural search, lint and rewriting. Written in Rust

Language: Rust - Size: 4.7 MB - Last synced: about 4 hours ago - Pushed: about 6 hours ago - Stars: 5,894 - Forks: 139

TWiStErRob/net.twisterrob.gradle

Quality plugin for Gradle that supports Android flavors

Language: Kotlin - Size: 4.07 MB - Last synced: about 4 hours ago - Pushed: about 6 hours ago - Stars: 17 - Forks: 5

TWiStErRob/android-lint-examples

Project that reproduces every lint violation out there. (At least that's the idea, contributions welcome.)

Language: Java - Size: 604 KB - Last synced: about 4 hours ago - Pushed: about 9 hours ago - Stars: 5 - Forks: 0

phan/phan

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

Language: PHP - Size: 41.5 MB - Last synced: about 4 hours ago - Pushed: about 2 months ago - Stars: 5,499 - Forks: 359

slackhq/hakana

Another typechecker for Hack, built by Slack

Language: Rust - Size: 3.55 MB - Last synced: about 9 hours ago - Pushed: 1 day ago - Stars: 73 - Forks: 4

lue-bird/elm-review-mini Fork of jfmengels/elm-review

scan your project to find bugs and enforce conventions

Language: Elm - Size: 4.29 MB - Last synced: about 3 hours ago - Pushed: 1 day ago - Stars: 0 - Forks: 0

reviewdog/reviewdog

🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

Language: Go - Size: 4.02 MB - Last synced: about 6 hours ago - Pushed: 3 days ago - Stars: 7,367 - Forks: 395

realm/SwiftLint

A tool to enforce Swift style and conventions.

Language: Swift - Size: 677 MB - Last synced: about 13 hours ago - Pushed: about 14 hours ago - Stars: 18,317 - Forks: 2,176

Halleck45/ast-metrics

AST Metrics is a language-agnostic static code analyzer.

Language: Go - Size: 19.3 MB - Last synced: about 13 hours ago - Pushed: about 14 hours ago - Stars: 37 - Forks: 3

Roave/BackwardCompatibilityCheck

:ab: Tool to compare two revisions of a class API to check for BC breaks

Language: PHP - Size: 2.59 MB - Last synced: about 15 hours ago - Pushed: 4 days ago - Stars: 559 - Forks: 57

aquasecurity/tfsec

Security scanner for your Terraform code

Language: Go - Size: 114 MB - Last synced: about 12 hours ago - Pushed: 4 days ago - Stars: 6,562 - Forks: 528

shift-left-test/build-sample

A sample build project for the meta-shift project

Size: 540 KB - Last synced: about 15 hours ago - Pushed: about 17 hours ago - Stars: 1 - Forks: 0

saveourtool/save-cloud

Cluster-based cloud mechanism for running SAVE framework

Language: Kotlin - Size: 49.6 MB - Last synced: about 17 hours ago - Pushed: about 18 hours ago - Stars: 38 - Forks: 3

checkstyle-addons/checkstyle-addons

Additional Checkstyle checks

Language: Java - Size: 3.62 MB - Last synced: about 17 hours ago - Pushed: about 18 hours ago - Stars: 13 - Forks: 2

horsicq/Detect-It-Easy

Program for determining types of files for Windows, Linux and MacOS.

Language: JavaScript - Size: 11.8 MB - Last synced: about 14 hours ago - Pushed: about 17 hours ago - Stars: 6,595 - Forks: 669

povils/phpmnd

PHP Magic Number Detector

Language: PHP - Size: 405 KB - Last synced: about 19 hours ago - Pushed: about 2 months ago - Stars: 544 - Forks: 46

Col-E/Recaf

The modern Java bytecode editor

Language: Java - Size: 53 MB - Last synced: 16 days ago - Pushed: 16 days ago - Stars: 5,524 - Forks: 433

nikic/PHP-Parser

A PHP parser written in PHP

Language: PHP - Size: 7.24 MB - Last synced: about 19 hours ago - Pushed: 9 days ago - Stars: 16,836 - Forks: 1,082

WerWolv/ImHex

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Language: C++ - Size: 36.2 MB - Last synced: about 21 hours ago - Pushed: about 23 hours ago - Stars: 32,943 - Forks: 1,537

bridgecrewio/checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Language: Python - Size: 80.8 MB - Last synced: about 17 hours ago - Pushed: 1 day ago - Stars: 6,533 - Forks: 1,039

ericcornelissen/js-regex-security-scanner

A static analyzer to scan JavaScript code for problematic regular expressions.

Language: JavaScript - Size: 1.43 MB - Last synced: about 16 hours ago - Pushed: about 23 hours ago - Stars: 4 - Forks: 1

gptlint/gptlint

A linter with superpowers! 🔥 Use LLMs to enforce best practices across your codebase.

Language: TypeScript - Size: 2.15 MB - Last synced: 1 day ago - Pushed: 2 days ago - Stars: 45 - Forks: 1

trailofbits/pasta

Peter's Amazing Syntax Tree Analyzer

Language: C++ - Size: 6.23 MB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 108 - Forks: 7

sailuh/kaiaulu

An R package for mining software repositories

Language: R - Size: 1.52 MB - Last synced: about 3 hours ago - Pushed: about 4 hours ago - Stars: 17 - Forks: 12

crystal-ameba/ameba

A static code analysis tool for Crystal

Language: Crystal - Size: 8.56 MB - Last synced: about 8 hours ago - Pushed: 10 days ago - Stars: 504 - Forks: 35

microsoft/component-detection

Scans your project to determine what components you use

Language: C# - Size: 4.4 MB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 373 - Forks: 74

GaloisInc/pate

Patches Assured up to Trace Equivalence

Language: Haskell - Size: 6.95 MB - Last synced: 1 day ago - Pushed: 2 days ago - Stars: 14 - Forks: 2

jvllmr/pyaphid 📦

Find unwanted function calls in your python projects

Language: Python - Size: 141 KB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 0 - Forks: 0

quay/clair

Vulnerability Static Analysis for Containers

Language: Go - Size: 33.2 MB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 10,041 - Forks: 1,151

danmar/cppcheck

static analysis of C/C++ code

Language: C++ - Size: 150 MB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 5,452 - Forks: 1,407

antoine-coulon/skott

All-in-one devtool to automatically analyze, search and visualize dependencies from JavaScript, TypeScript (JSX/TSX) and Node.js (ES6, CommonJS)

Language: TypeScript - Size: 1.17 MB - Last synced: 11 minutes ago - Pushed: about 1 month ago - Stars: 545 - Forks: 20

CoinFabrik/scout-soroban

Scout is an extensible open-source tool intended to assist Stellar Soroban smart contract developers and auditors detect common security issues and deviations from best practices.

Language: Rust - Size: 4.15 MB - Last synced: about 13 hours ago - Pushed: 1 day ago - Stars: 7 - Forks: 0

Privado-Inc/privado

Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.

Language: Dockerfile - Size: 29.3 MB - Last synced: about 5 hours ago - Pushed: 1 day ago - Stars: 471 - Forks: 54

yegor256/bibcop-action

Automated checking of BibTeX .bib files for style correctness (with the help of bibcop from CTAN)

Language: Dockerfile - Size: 38.1 KB - Last synced: 1 day ago - Pushed: 2 days ago - Stars: 2 - Forks: 0

KengoTODA/errorprone-slf4j

An Error Prone plugin for SLF4J

Language: Java - Size: 701 KB - Last synced: 14 days ago - Pushed: 15 days ago - Stars: 29 - Forks: 4

usethesource/rascal

The implementation of the Rascal meta-programming language (including interpreter, type checker, parser generator, compiler and JVM based run-time system)

Language: Java - Size: 1020 MB - Last synced: 1 day ago - Pushed: 2 days ago - Stars: 389 - Forks: 79

qax-os/goreporter

A Golang tool that does static analysis, unit testing, code review and generate code quality report.

Language: Go - Size: 28.9 MB - Last synced: about 24 hours ago - Pushed: over 5 years ago - Stars: 3,108 - Forks: 269

quay/claircore

foundation modules for scanning container packages and reporting vulnerabilities

Language: Go - Size: 42.4 MB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 130 - Forks: 81

opalj/opal

Language: Scala - Size: 698 MB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 41 - Forks: 23

shobrook/adrenaline

Instant answers to any programming question

Size: 127 MB - Last synced: about 11 hours ago - Pushed: about 2 months ago - Stars: 3,703 - Forks: 309

CoinFabrik/scout-audit

Scout is an extensible open-source tool intended to assist smart contract developers and auditors detect common security issues and deviations from best practices. Scout audit is the core development on which we extend scout for specific blockchains.

Language: Rust - Size: 774 KB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 2 - Forks: 0

facebook/infer

A static analyzer for Java, C, C++, and Objective-C

Language: OCaml - Size: 176 MB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 14,708 - Forks: 1,997

anchore/grant

Search an SBOM for licenses and the packages they belong to

Language: Go - Size: 538 KB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 40 - Forks: 2

SonarSource/eslint-plugin-sonarjs

SonarJS rules for ESLint

Language: TypeScript - Size: 1.17 MB - Last synced: about 13 hours ago - Pushed: 1 day ago - Stars: 1,143 - Forks: 72

SonarSource/sonar-dotnet

Code analyzer for C# and VB.NET projects

Language: C# - Size: 132 MB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 717 - Forks: 222

schlndh/maria-stan

Static analyser for MariaDB queries

Language: PHP - Size: 577 KB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 10 - Forks: 1

listendev/action

Run listen.dev natively in CI using GitHub actions

Language: TypeScript - Size: 11.4 MB - Last synced: about 19 hours ago - Pushed: 1 day ago - Stars: 7 - Forks: 0

SonarSource/SonarJS

SonarSource Static Analyzer for JavaScript and TypeScript

Language: TypeScript - Size: 110 MB - Last synced: about 19 hours ago - Pushed: 2 days ago - Stars: 993 - Forks: 175

abaplint/abaplint

Standalone static analysis for ABAP

Language: TypeScript - Size: 58.3 MB - Last synced: 1 day ago - Pushed: 2 days ago - Stars: 218 - Forks: 66

CoolLibs/tooling

.clang-format, .clang-tidy, and more!

Language: Python - Size: 35.2 KB - Last synced: 2 days ago - Pushed: 2 days ago - Stars: 0 - Forks: 1

nbgrp/auditor

Simple and useful dockerized GrumPHP-based php code analyzer.

Language: Dockerfile - Size: 945 KB - Last synced: 2 days ago - Pushed: 2 days ago - Stars: 3 - Forks: 1

uber-go/nilaway

Static analysis tool to detect potential nil panics in Go code

Language: Go - Size: 712 KB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 2,773 - Forks: 49

denzyldick/phanalist

Performant static analyzer for PHP, which is extremely easy to use. It helps you catch common mistakes in your PHP code.

Language: Rust - Size: 164 MB - Last synced: 2 days ago - Pushed: 2 days ago - Stars: 107 - Forks: 4

TomasVotruba/class-leak

Find leaking classes that you never use... and get rid of them.

Language: PHP - Size: 3.06 MB - Last synced: about 22 hours ago - Pushed: 2 days ago - Stars: 61 - Forks: 6

dspinellis/cscout

C code refactoring browser

Language: C - Size: 3.38 MB - Last synced: 2 days ago - Pushed: 2 days ago - Stars: 183 - Forks: 34

jpetrucciani/ruff-check

github action to run ruff on your repo

Language: Dockerfile - Size: 77.1 KB - Last synced: 16 days ago - Pushed: 17 days ago - Stars: 12 - Forks: 1

SonarSource/sonarqube

Continuous Inspection

Language: Java - Size: 898 MB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 8,574 - Forks: 1,916

rubocop/rubocop-factory_bot

Code style checking for factory_bot files

Language: Ruby - Size: 1.17 MB - Last synced: 2 days ago - Pushed: 3 days ago - Stars: 35 - Forks: 12

SourceCode-AI/aura

Python source code auditing and static analysis on a large scale

Language: Python - Size: 10.4 MB - Last synced: 1 day ago - Pushed: 7 months ago - Stars: 485 - Forks: 31

Correia-jpv/fucking-awesome-malware-analysis

Defund the Police. With repository stars⭐ and forks🍴

Size: 551 KB - Last synced: 2 days ago - Pushed: 2 days ago - Stars: 11 - Forks: 2

dubiousconst282/DistIL

Post-build IL optimizer and intermediate representation for .NET programs

Language: C# - Size: 1.28 MB - Last synced: 2 days ago - Pushed: 2 days ago - Stars: 108 - Forks: 1

find-sec-bugs/find-sec-bugs

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Language: Java - Size: 7.35 MB - Last synced: 1 day ago - Pushed: about 2 months ago - Stars: 2,204 - Forks: 462

gaul/modernizer-maven-plugin

Detect uses of legacy Java APIs

Language: Java - Size: 810 KB - Last synced: 1 day ago - Pushed: 27 days ago - Stars: 360 - Forks: 52

JetBrains/qodana-action

⚙️ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle

Language: JavaScript - Size: 11.4 MB - Last synced: 15 days ago - Pushed: 20 days ago - Stars: 242 - Forks: 31

SMAT-Lab/Scalpel

Scalpel: The Python Static Analysis Framework

Language: Python - Size: 55.5 MB - Last synced: 2 days ago - Pushed: about 1 month ago - Stars: 267 - Forks: 40

naivesystems/analyze

NaiveSystems Analyze is a static analysis tool for code security and compliance.

Size: 236 MB - Last synced: 2 days ago - Pushed: 2 days ago - Stars: 148 - Forks: 20

nowsecure/r2frida

Radare2 and Frida better together.

Language: TypeScript - Size: 2.74 MB - Last synced: 2 days ago - Pushed: 2 days ago - Stars: 1,107 - Forks: 119

timbeadle/cfpathcheck

Static analysis for cfml template import and include paths

Language: JavaScript - Size: 8.61 MB - Last synced: 2 days ago - Pushed: 2 days ago - Stars: 1 - Forks: 1

timbeadle/grunt-cfpathcheck

Grunt wrapper for cfpathcheck

Language: JavaScript - Size: 4.88 MB - Last synced: 2 days ago - Pushed: 2 days ago - Stars: 0 - Forks: 0

0x0be/PEpper

An open source script to perform malware static analysis on Portable Executable

Language: YARA - Size: 2.06 MB - Last synced: 1 day ago - Pushed: 11 months ago - Stars: 302 - Forks: 71

LLNL/Surfactant

Modular framework for SBOM generation that gathers file information and analyzes dependencies

Language: Python - Size: 920 KB - Last synced: 2 days ago - Pushed: 2 days ago - Stars: 11 - Forks: 13

astral-sh/ruff

An extremely fast Python linter and code formatter, written in Rust.

Language: Rust - Size: 41.4 MB - Last synced: about 2 months ago - Pushed: about 2 months ago - Stars: 24,921 - Forks: 797

pytorch-labs/torchfix

TorchFix - a linter for PyTorch-using code with autofix support

Language: Python - Size: 156 KB - Last synced: 2 days ago - Pushed: 2 days ago - Stars: 58 - Forks: 7

l3r8yJ/oop-cop

The static analysis tool and a Maven plugin that will help you model your objects, classes, methods properly by rejecting your non-perfect code.

Language: Java - Size: 368 KB - Last synced: 3 days ago - Pushed: 3 days ago - Stars: 9 - Forks: 5

wayofdev/php-cs-fixer-config

Package adds custom rule-sets to php-cs-fixer.

Language: PHP - Size: 692 KB - Last synced: 3 days ago - Pushed: 3 days ago - Stars: 4 - Forks: 0

Ackee-Blockchain/wake

Wake is a Python-based Solidity development and testing framework with built-in vulnerability detectors

Language: Python - Size: 61.1 MB - Last synced: about 11 hours ago - Pushed: about 12 hours ago - Stars: 204 - Forks: 21

secure-software-engineering/phasar

A LLVM-based static analysis framework.

Language: C++ - Size: 120 MB - Last synced: 2 days ago - Pushed: 3 days ago - Stars: 890 - Forks: 139

mschwager/route-detect

Find authentication (authn) and authorization (authz) security bugs in web application routes.

Language: Python - Size: 2.81 MB - Last synced: 3 days ago - Pushed: 4 days ago - Stars: 226 - Forks: 13

yegor256/qulice

Quality Police for Java projects: aggregator of Checkstyle and PMD

Language: Java - Size: 19.5 MB - Last synced: 1 day ago - Pushed: 2 days ago - Stars: 293 - Forks: 109

AeneasVerif/charon

Interface with the rustc compiler for the purpose of program verification

Language: Rust - Size: 2.36 MB - Last synced: 3 days ago - Pushed: 3 days ago - Stars: 42 - Forks: 13

saleor/shellcheck-gha

Extracts and checks shell scripts in Github Workflows for potential issues using ShellCheck.

Language: Python - Size: 39.1 KB - Last synced: 2 days ago - Pushed: 3 days ago - Stars: 0 - Forks: 0

Jango73/qt-plus

Library of classes extending Qt

Language: C++ - Size: 1.6 MB - Last synced: 3 days ago - Pushed: 3 days ago - Stars: 14 - Forks: 9

bstarynk/bismon

persistent monitor (for static source code analysis, GCC based)

Language: C - Size: 17.2 MB - Last synced: 3 days ago - Pushed: 3 days ago - Stars: 53 - Forks: 6

presidentbeef/brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications

Language: Ruby - Size: 37.8 MB - Last synced: 1 day ago - Pushed: 10 days ago - Stars: 6,910 - Forks: 709

davidhalter/jedi

Awesome autocompletion, static analysis and refactoring library for python

Language: Python - Size: 12.6 MB - Last synced: 3 days ago - Pushed: 3 days ago - Stars: 5,664 - Forks: 500

carlosas/phpat

PHP Architecture Tester - Easy to use architectural testing tool for PHP :heavy_check_mark:

Language: PHP - Size: 4.17 MB - Last synced: about 20 hours ago - Pushed: about 21 hours ago - Stars: 1,001 - Forks: 39

rrrene/credo

A static code analysis tool for the Elixir language with a focus on code consistency and teaching.

Language: Elixir - Size: 4.89 MB - Last synced: about 20 hours ago - Pushed: 3 days ago - Stars: 4,842 - Forks: 408

soot-oss/soot

Soot - A Java optimization framework

Language: Java - Size: 602 MB - Last synced: 3 days ago - Pushed: 3 days ago - Stars: 2,793 - Forks: 706

AlexanderGrooff/nginx-static-analysis

Parse Nginx configurations in a clear manner for debugging purposes

Language: Python - Size: 132 KB - Last synced: 3 days ago - Pushed: 3 days ago - Stars: 6 - Forks: 0

rubocop/rubocop-rspec

Code style checking for RSpec files

Language: Ruby - Size: 3.56 MB - Last synced: 3 days ago - Pushed: 3 days ago - Stars: 779 - Forks: 267

Konloch/bytecode-viewer

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

Language: Java - Size: 618 MB - Last synced: 3 days ago - Pushed: 6 days ago - Stars: 14,339 - Forks: 1,126