static-analysis
⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.
13k stars
322 watching
1k forks
Language: Rust
last commit: 6 days ago
Linked from 15 awesome lists
analysisawesome-listcode-qualitylintersaststatic-analysisstatic-analyzersstatic-code-analysis
Sponsors | |||
ABAP | |||
Ada | |||
Assembly | |||
| — A programming-language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations | |||
Awk | |||
| — Warns about constructs that are dubious or nonportable to other awk implementations | |||
C | |||
C# | |||
C++ | |||
Clojure | |||
| — A linter for Clojure code that sparks joy. It informs you about potential errors while you are typing | |||
CoffeeScript | |||
| — A style checker that helps keep CoffeeScript code clean and consistent | |||
ColdFusion | |||
| — Static security code analysis for ColdFusion or CFML code. Designed to work within a CI pipeline or from the developers terminal | |||
Crystal | |||
Dart | |||
Delphi | |||
Dlang | |||
| — D-Scanner is a tool for analyzing D source code | |||
Elixir | |||
Elm | |||
Erlang | |||
F# | |||
Fortran | |||
Go | |||
Groovy | |||
| — A static analysis tool for Groovy source code, enabling monitoring and enforcement of many coding standards and best practices | |||
Haskell | |||
Haxe | |||
| — A static analysis tool to help developers write Haxe code that adheres to a coding standard | |||
Java | |||
JavaScript | |||
Julia | |||
Kotlin | |||
Lua | |||
MATLAB | |||
| — Check MATLAB code files for possible problems | |||
Nim | |||
Ocaml | |||
PHP | |||
PL/SQL | |||
| — Z PL/SQL Analyzer (ZPA) is an extensible code analyzer for PL/SQL and Oracle SQL. It can be integrated with SonarQube | |||
Perl | |||
Python | |||
R | |||
Rego | |||
| — Regal is a linter for the policy language Rego. Regal aims to catch bugs and mistakes in policy code, while at the same time helping people learn the language, best practices and idiomatic constructs | |||
Ruby | |||
Rust | |||
SQL | |||
Scala | |||
Shell | |||
Swift | |||
Tcl | |||
TypeScript | |||
Verilog/SystemVerilog | |||
Vim Script | |||
| — Fast and Highly Extensible Vim script Language Lint implemented by Python | |||
.env | |||
| — ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase | |||
Ansible | |||
Archive | |||
Azure Resource Manager | |||
| — Secure DevOps kit for Azure (AzSK) provides security IntelliSense, Security Verification Tests (SVTs), CICD scan vulnerabilities, compliance issues, and infrastructure misconfiguration in your infrastructure-as-code. Supports Azure via ARM | |||
Binaries | |||
Build tools | |||
CSS/SASS/SCSS | |||
Config Files | |||
Configuration Management | |||
Containers | |||
Continuous Integration | |||
Deno | |||
| — Official linter for Deno | |||
Embedded | |||
| — Linter for bitbake recipes used in open-embedded and YOCTO | |||
Embedded Ruby (a.k.a. ERB, eRuby) | |||
Gherkin | |||
| — A linter for the Gherkin-Syntax written in Javascript | |||
HTML | |||
JSON | |||
Kubernetes | |||
LaTeX | |||
Laravel | |||
Makefiles | |||
Markdown | |||
Metalinter | |||
Mobile | |||
Nix | |||
Node.js | |||
Packages | |||
| — Fast detection of composer dependency issues | |||
Prometheus | |||
Protocol Buffers | |||
Puppet | |||
| — Tool to check the validity of Puppet metadata.json files | |||
Rails | |||
| — A static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks | |||
Security/SAST | |||
Smart Contracts | |||
Support | |||
Template-Languages | |||
Terraform | |||
Translation | |||
| — A set of utilities for working with PO files to ease development and improve quality | |||
Vue.js | |||
Webassembly | |||
| — Analyzes a binary's call graph to profile code size. The goal is to slim down wasm binary size | |||
Writing | |||
YAML | |||
git | |||
More Collections | |||
| Clean code linters | — A collection of linters in github collections | ||
| Code Quality Checker Tools For PHP Projects | — A collection of PHP linters in github collections | ||
| go-tools | 6,137 | 15 days ago | — A collection of tools and libraries for working with Go code, including linters and static analysis |
| linters | 339 | 9 days ago | — An introduction to static code analysis |
| OWASP Source Code Analysis Tools | — List of tools maintained by the Open Web Application Security Project | ||
| php-static-analysis-tools | 2,813 | 5 months ago | — A reviewed list of useful PHP static analysis tools |
| Wikipedia | — A list of tools for static code analysis | ||
Backlinks from these awesome lists:
-
sindresorhus/awesome
-
hack-with-github/awesome-hacking
-
bayandin/awesome-awesomeness
-
thangchung/awesome-dotnet-core
-
jnv/lists
-
aalhour/awesome-compilers
-
inquest/awesome-yara
-
emijrp/awesome-awesome
-
jasonhua95/awesome-dotnet-core
-
jakobthedev/awesome-devsecops
-
marcin214/awesome-automotive
-
erichs/awesome-awesome
-
coopermaa/awesome-awesome
-
0ex/more-awesome
-
netanmangal/awesome-hacking