Search Results for "static code analysis" - Page 2

Showing 1934 open source projects for "static code analysis"

View related business solutions
  • Cut Cloud Costs with Google Compute Engine Icon
    Cut Cloud Costs with Google Compute Engine

    Save up to 91% with Spot VMs and get automatic sustained-use discounts. One free VM per month, plus $300 in credits.

    Save on compute costs with Compute Engine. Reduce your batch jobs and workload bill 60-91% with Spot VMs. Compute Engine's committed use offers customers up to 70% savings through sustained use discounts. Plus, you get one free e2-micro VM monthly and $300 credit to start.
    Try Compute Engine
  • 99.99% Uptime for MySQL and PostgreSQL on Google Cloud Icon
    99.99% Uptime for MySQL and PostgreSQL on Google Cloud

    Enterprise Plus edition delivers sub-second maintenance downtime and 2x read/write performance. Built for critical apps.

    Cloud SQL Enterprise Plus gives you a 99.99% availability SLA with near-zero downtime maintenance—typically under 10 seconds. Get 2x better read/write performance, intelligent data caching, and 35 days of point-in-time recovery. Supports MySQL, PostgreSQL, and SQL Server with built-in vector search for gen AI apps. New customers get $300 in free credit.
    Try Cloud SQL Free
  • 1
    tfsec

    tfsec

    Security scanner for your Terraform code

    tfsec is a static analysis security scanner for your Terraform code. Designed to run locally and in your CI pipelines, developer-friendly output and fully documented checks mean detection and remediation can take place as quickly and efficiently as possible. tfsec takes a developer-first approach to scanning your Terraform templates; using static analysis and deep integration with the official HCL parser it ensures that security issues can be detected before your infrastructure changes take effect. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 2
    Semgrep

    Semgrep

    Lightweight static analysis for many languages

    Static analysis at ludicrous speed. Find bugs and enforce code standards. Find and prevent security issues in Terraform, Docker, Kubernetes, nginx, and AWS configs before they go into production. Go beyond application code and protect the entire stack with a breadth of scanning capabilities. Don't leak secrets, scan every commit and ensure secrets don't make it to production.
    Downloads: 14 This Week
    Last Update:
    See Project
  • 3
    HLint

    HLint

    Haskell source code suggestions

    HLint is a linter for Haskell that suggests stylistic improvements and potential simplifications in Haskell code. It parses Haskell source files and provides hints to refactor code for better readability, maintainability, or performance. HLint is highly configurable and supports custom rules, integrations with CI tools, and editor plugins. It is widely used in the Haskell ecosystem for maintaining consistent code standards.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 4
    RuboCop

    RuboCop

    A Ruby static code analyzer and formatter, based on the community Ruby

    RuboCop is a Ruby static code analyzer (a.k.a. linter) and code formatter. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide. RuboCop packs a lot of features on top of what you’d normally expect from a linter. Works with every major Ruby implementation. Autocorrection of many of the code offenses it detects.
    Downloads: 1 This Week
    Last Update:
    See Project
  • Deploy Apps in Seconds with Cloud Run Icon
    Deploy Apps in Seconds with Cloud Run

    Host and run your applications without the need to manage infrastructure. Scales up from and down to zero automatically.

    Cloud Run is the fastest way to deploy containerized apps. Push your code in Go, Python, Node.js, Java, or any language and Cloud Run builds and deploys it automatically. Get fast autoscaling, pay only when your code runs, and skip the infrastructure headaches. Two million requests free per month. And new customers get $300 in free credit.
    Try Cloud Run Free
  • 5
    CodeChecker

    CodeChecker

    CodeChecker is an analyzer tooling, defect database

    CodeChecker is a static analysis infrastructure built on the LLVM/Clang Static Analyzer toolchain, replacing scan-build in a Linux or macOS (OS X) development environment. Executes Clang-Tidy and Clang Static Analyzer with Cross-Translation Unit analysis, Statistical Analysis (when checkers are available). Creates the JSON compilation database by wiretapping any build process (e.g., CodeChecker log -b "make").
    Downloads: 2 This Week
    Last Update:
    See Project
  • 6
    screenshot-to-code

    screenshot-to-code

    Drop in a screenshot and convert it to clean code

    screenshot-to-code converts UI screenshots or design images into working front-end code, accelerating the path from concept to prototype. It uses modern vision-capable or code-generating models to infer layout structure, typography, and components, then outputs clean HTML/CSS (often Tailwind) or framework code. A web interface lets you upload images, tune options, and preview generated results, while a backend service orchestrates the model calls and post-processing. ...
    Downloads: 4 This Week
    Last Update:
    See Project
  • 7
    Joern

    Joern

    Open-source code analysis platform for C/C++/Java/Binary/Javascript

    Joern is a platform for analyzing source code, bytecode, and binary executables. It generates code property graphs (CPGs), a graph representation of code for cross-language code analysis. Code property graphs are stored in a custom graph database. This allows code to be mined using search queries formulated in a Scala-based domain-specific query language. Joern is developed with the goal of providing a useful tool for vulnerability discovery and research in static program analysis.
    Downloads: 4 This Week
    Last Update:
    See Project
  • 8
    PHP CS Fixer

    PHP CS Fixer

    A tool to automatically fix PHP Coding Standards issues

    PHP-CS-Fixer is a tool that automatically fixes coding standards issues in PHP files. It helps developers maintain consistent coding style by applying rules defined by PHP-FIG (PSR standards) or custom configuration. It is widely used in CI/CD pipelines to enforce style conformity and reduce code review overhead.
    Downloads: 5 This Week
    Last Update:
    See Project
  • 9
    SonarJS

    SonarJS

    SonarSource Static Analyzer for JavaScript and TypeScript

    This SonarSource project is a static code analyzer for JavaScript, TypeScript and CSS languages. In order to analyze JavaScript, TypeScript or CSS code, you need to have a supported version of Node.js installed on the machine running the scan. Recommended versions are the previous LTS version v14 and the latest version - v16. We recommend using the latest available LTS version (v16 as of today) for optimal stability and performance. v12 is still supported, but it already reached end-of-life and is deprecated. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • Our Free Plans just got better! | Auth0 Icon
    Our Free Plans just got better! | Auth0

    With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

    You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
    Try free now
  • 10
    Claude Code Security Reviewer

    Claude Code Security Reviewer

    An AI-powered security review GitHub Action using Claude

    The claude-code-security-review repository implements a GitHub Action that uses Claude (via the Anthropic API) to perform semantic security audits of code changes in pull requests. Rather than relying purely on pattern matching or static analysis, this action feeds diffs and surrounding context to Claude to reason about potential vulnerabilities (e.g. injection, misconfigurations, secrets exposure, etc).
    Downloads: 4 This Week
    Last Update:
    See Project
  • 11
    PhpMetrics

    PhpMetrics

    Beautiful and understandable static analysis tool for PHP

    PhpMetrics is a powerful static analysis tool for PHP code that provides metrics on code quality, complexity, maintainability, and architecture. It generates comprehensive reports in HTML format, visualizing metrics like cyclomatic complexity, lines of code, and coupling between classes. PhpMetrics helps developers identify potential code issues, optimize performance, and maintain high-quality codebases.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 12
    Screenshot to Code

    Screenshot to Code

    A neural network that transforms a design mock-up into static websites

    Screenshot-to-code is a tool or prototype that attempts to convert UI screenshots (e.g., of mobile or web UIs) into code representations, likely generating layouts, HTML, CSS, or markup from image inputs. It is part of a research/proof-of-concept domain in UI automation and image-to-UI code generation. Mapping visual design to code constructs. Code/UI layout (HTML, CSS, or markup). Examples/demo scripts showing “image UI code”.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 13
    Flow

    Flow

    A static type checker for JavaScript

    Flow is a static type checker for JavaScript. It was designed to help improve code quality and developer productivity. It does this through several smart capabilities. First, it identifies problems as you code, so you no longer have to waste time guessing and checking again and again. Second, it understands your code and makes its knowledge available, allowing you to build other smart tools on top of it.
    Downloads: 4 This Week
    Last Update:
    See Project
  • 14
    pytype

    pytype

    A static type analyzer for Python code

    pytype is a static type analyzer that checks and infers types for Python code without executing it, catching errors at “compile time” and generating actionable diagnostics. It grew alongside Python typing at Google and can understand both inline annotations and unannotated code via powerful inference. The tool consumes stub files (.pyi) for the standard library and third-party packages (from typeshed and its own built-ins), enabling accurate checks even in large, mixed-quality codebases. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 15
    Zine

    Zine

    Fast, Scalable, Flexible Static Site Generator (SSG)

    A Zine site is a collection of content files and layouts. Zine turns your content into HTML, styles it using your layouts, and finally copies the result (alongside other assets like images) into an output directory that you can then publish on static hosting services like GitHub Pages. Zine uses a structured approach to content authoring that helps keep sizeable content collections manageable. Similarly, the build process uses surgical dependency tracking to ensure minimal rebuilds, keeping...
    Downloads: 10 This Week
    Last Update:
    See Project
  • 16
    BemiDB

    BemiDB

    Postgres read replica optimized for analytics

    BemiDB is a high-performance, key-value database designed for efficient data retrieval and storage, optimized for applications requiring fast read and write operations.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 17
    gosec

    gosec

    Golang security checker

    A project devoted to secure programming in the Go language. Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. You can integrate third-party code analysis tools with GitHub code scanning by uploading data as SARIF files. The workflow shows an example of running the gosec as a step in a GitHub action workflow that outputs the results.sarif file. The workflow then uploads the results.sarif file to GitHub using the upload-serif action. Gosec can be configured to only run a subset of rules, to exclude certain file paths, and produce reports in different formats. ...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 18
    Phoenix Code Editor

    Phoenix Code Editor

    Phoenix is a modern open-source Code Editor for the web

    Phoenix is a modern open-source and free software code editor for the web, built for the browser.
    Downloads: 13 This Week
    Last Update:
    See Project
  • 19
    Bandit

    Bandit

    Bandit is a tool designed to find common security issues in Python

    Bandit is a tool designed to find common security issues in Python code. To do this, Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files, it generates a report. Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 20
    RuboCop Performance

    RuboCop Performance

    An extension of RuboCop focused on code performance checks

    Performance optimization analysis for your projects, as an extension to RuboCop. You need to tell RuboCop to load the Performance extension. Now you can run rubocop and it will automatically load the RuboCop Performance cops together with the standard cops. You need to tell RuboCop to load the Performance extension. Now you can run rubocop and it will automatically load the RuboCop Performance cops together with the standard cops.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 21
    kube-score

    kube-score

    Kubernetes object analysis with recommendations

    Kubernetes object analysis with recommendations for improved reliability and security. kube-score is a tool that does static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resilient. kube-score is open-source and available under the MIT-license.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 22
    AWS IoT Fleet Provisioning Library

    AWS IoT Fleet Provisioning Library

    Client library for using AWS IoT Fleet Provisioning service

    ...This library has no dependencies on any additional libraries other than the standard C library, and therefore, can be used with any MQTT library. This library is distributed under the MIT Open Source License. This library has gone through code quality checks including verification that no function has a GNU Complexity score over 8, and checks against deviations from mandatory rules in the MISRA coding standard. Deviations from the MISRA C:2012 guidelines are documented under MISRA Deviations. This library has also undergone static code analysis using Coverity static analysis, and validation of memory safety through the CBMC automated reasoning tool.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 23
    Deptrac

    Deptrac

    Keep your architecture clean.

    Deptrac is a static analysis tool for PHP that helps maintain architectural boundaries within codebases. It analyzes dependencies between classes and ensures that code follows predefined architectural rules. Deptrac is useful for preventing unwanted couplings, enforcing clean code architecture, and detecting violations early during development.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 24
    GDScript Toolkit

    GDScript Toolkit

    Independent set of GDScript tools - parser, linter and formatter

    ...This project provides a set of tools for daily work with GDScript. At the moment it provides a parser that produces a parse tree for debugging and educational purposes. A linter that performs a static analysis according to some predefined configuration. A formatter that formats the code according to some predefined rules. A code metrics calculator which calculates the cyclomatic complexity of functions and classes. To install this project you need python3 and pip. Regardless of the target version, installation is done by pip3 command and for stable releases, it downloads the package from PyPI.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 25
    Soufflé

    Soufflé

    Datalog variant for tool designers crafting analyses in Horn clauses

    Rapid prototyping for your analysis problems with logic; enabling deep design-space explorations; designed for large-scale static analysis; e.g., points-to analysis for Java, taint-analysis, and security checks. Futamura projections/partial evaluation for effective translation to parallel C++; optimized staged compilation; specialized data-structures for logical relations.
    Downloads: 0 This Week
    Last Update:
    See Project
MongoDB Logo MongoDB