static-analysis

Code quality tools

A curated list of tools for improving code quality through static analysis and lintering.

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

GitHub

13k stars
321 watching
1k forks
Language: Rust
last commit: 3 days ago
Linked from 15 awesome lists

analysisawesome-listcode-qualityhacktoberfestlintersaststatic-analysisstatic-analyzersstatic-code-analysis

Sponsors

ABAP

Ada

Assembly

— A programming-language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations

Awk

— Warns about constructs that are dubious or nonportable to other awk implementations

C

C#

C++

Clojure

— A linter for Clojure code that sparks joy. It informs you about potential errors while you are typing

CoffeeScript

— A style checker that helps keep CoffeeScript code clean and consistent

ColdFusion

— Static security code analysis for ColdFusion or CFML code. Designed to work within a CI pipeline or from the developers terminal

Crystal

Dart

Delphi

Dlang

— D-Scanner is a tool for analyzing D source code

Elixir

Elm

Erlang

F#

Fortran

Go

Groovy

— A static analysis tool for Groovy source code, enabling monitoring and enforcement of many coding standards and best practices

Haskell

Haxe

— A static analysis tool to help developers write Haxe code that adheres to a coding standard

Java

JavaScript

Julia

Kotlin

Lua

MATLAB

— Check MATLAB code files for possible problems

Nim

Ocaml

PHP

PL/SQL

— An open source parser and code analyzer for PL/SQL and Oracle SQL code

Perl

Python

R

Rego

— Regal is a linter for the policy language Rego. Regal aims to catch bugs and mistakes in policy code, while at the same time helping people learn the language, best practices and idiomatic constructs

Ruby

Rust

SQL

Scala

Shell

Swift

Tcl

TypeScript

Verilog/SystemVerilog

Vim Script

— Fast and Highly Extensible Vim script Language Lint implemented by Python

.env

— ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase

Ansible

Archive

Azure Resource Manager

— Secure DevOps kit for Azure (AzSK) provides security IntelliSense, Security Verification Tests (SVTs), CICD scan vulnerabilities, compliance issues, and infrastructure misconfiguration in your infrastructure-as-code. Supports Azure via ARM

Binaries

Build tools

CSS/SASS/SCSS

Config Files

Configuration Management

Containers

Continuous Integration

Deno

— Official linter for Deno

Embedded

— Linter for bitbake recipes used in open-embedded and YOCTO

Embedded Ruby (a.k.a. ERB, eRuby)

Gherkin

— A linter for the Gherkin-Syntax written in Javascript

HTML

JSON

Kubernetes

LaTeX

Laravel

Makefiles

Markdown

Metalinter

Mobile

Nix

Node.js

Packages

— Fast detection of composer dependency issues

Prometheus

Protocol Buffers

Puppet

— Tool to check the validity of Puppet metadata.json files

Rails

— A static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks

Security/SAST

Smart Contracts

Support

Template-Languages

Terraform

Translation

— A set of utilities for working with PO files to ease development and improve quality

Vue.js

Webassembly

— Analyzes a binary's call graph to profile code size. The goal is to slim down wasm binary size

Writing

YAML

git

More Collections

Clean code linters — A collection of linters in github collections
Code Quality Checker Tools For PHP Projects — A collection of PHP linters in github collections
go-tools 6,190 19 days ago — A collection of tools and libraries for working with Go code, including linters and static analysis
linters 341 about 1 month ago — An introduction to static code analysis
OWASP Source Code Analysis Tools — List of tools maintained by the Open Web Application Security Project
php-static-analysis-tools 2,825 7 months ago — A reviewed list of useful PHP static analysis tools
Wikipedia — A list of tools for static code analysis

Backlinks from these awesome lists:

More related projects: