Search Results for "static code analysis"
Sort By:
Showing 34 open source projects for "static code analysis"
View related business solutions-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
Deploy Apps in Seconds with Cloud RunCloud Run is the fastest way to deploy containerized apps. Push your code in Go, Python, Node.js, Java, or any language and Cloud Run builds and deploys it automatically. Get fast autoscaling, pay only when your code runs, and skip the infrastructure headaches. Two million requests free per month. And new customers get $300 in free credit.
-
1
revive Static Code
6x faster, stricter, configurable, and extensible
...Drop-in replacement of golint. Revive provides a framework for the development of custom rules, and lets you define a strict preset for enhancing your development & code review processes. Fast & extensible static code analysis framework for Go. Allows us to enable or disable rules using a configuration file. Allows us to configure the linting rules with a TOML file. 2x faster running the same rules as golint. Provides functionality for disabling a specific rule or the entire linter for a file or a range of lines. golint allows this only for generated files. ... -
2
reviewdog
Automated code review tool integrated with any code analysis tools
...We can use various linters and static code analysis tools to detect such problems in local machines, editors, CI services. However, here is the problem. Static analysis tools may report false-positive results. Reporting false-positive results itself is ok, but due to the false-positive results we cannot make build fail and it becomes difficult for us to find true positive results from messed up analysis results. -
3
tfsec
Security scanner for your Terraform code
tfsec is a static analysis security scanner for your Terraform code. Designed to run locally and in your CI pipelines, developer-friendly output and fully documented checks mean detection and remediation can take place as quickly and efficiently as possible. tfsec takes a developer-first approach to scanning your Terraform templates; using static analysis and deep integration with the official HCL parser it ensures that security issues can be detected before your infrastructure changes take effect. ... -
4
gosec
Golang security checker
A project devoted to secure programming in the Go language. Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. You can integrate third-party code analysis tools with GitHub code scanning by uploading data as SARIF files. The workflow shows an example of running the gosec as a step in a GitHub action workflow that outputs the results.sarif file. The workflow then uploads the results.sarif file to GitHub using the upload-serif action. Gosec can be configured to only run a subset of rules, to exclude certain file paths, and produce reports in different formats. ... -
Cut Data Warehouse Costs up to 54% with BigQueryBigQuery delivers up to 54% lower TCO than cloud alternatives. Migrate from legacy or competing warehouses using free BigQuery Migration Service with automated SQL translation. Get serverless scale with no infrastructure to manage, compressed storage, and flexible pricing—pay per query or commit for deeper discounts. New customers get $300 in free credit.
-
5
BemiDB
Postgres read replica optimized for analytics
BemiDB is a high-performance, key-value database designed for efficient data retrieval and storage, optimized for applications requiring fast read and write operations. -
6
kube-score
Kubernetes object analysis with recommendations
Kubernetes object analysis with recommendations for improved reliability and security. kube-score is a tool that does static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resilient. kube-score is open-source and available under the MIT-license. -
7
Sloc Cloc and Code (scc)
Sloc, Cloc and Code: scc is a very fast accurate code counter
Sloc, Cloc and Code: scc is a very fast accurate code counter with complexity calculations and COCOMO estimates written in pure Go. The tool is similar to cloc, sloccount and tokei. For counting the lines of code, blank lines, comment lines, and physical lines of source code in many programming languages. The goal is to be the fastest code counter possible, but also perform COCOMO calculations like sloccount, estimate code complexity similar to cyclomatic complexity calculators, and produce... -
8
Clair
Vulnerability Static Analysis for Containers
...Clair is an open source project for the static analysis of vulnerabilities in application containers (currently including OCI and docker). Clients use the Clair API to index their container images and can then match it against known vulnerabilities. Our goal is to enable a more transparent view of the security of container-based infrastructure. Thus, the project was named Clair after the French term which translates to clear, bright, transparent. -
9
Gitmal
A static page generator for repos
Gitmal is a static page generator that turns the contents of a Git repository into a clean, navigable HTML website, making it easier to share or showcase code outside of traditional Git hosting platforms. It reads repository metadata including files, commits, branches, and markdown, and produces a fully static set of pages with syntax-highlighted code, commit history, branch lists, and rendered documentation, so viewers can explore projects as if browsing a lightweight curated site. ... -
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
10
Go Tools
Various packages and tools that support the Go programming language
...Some of the tools, godoc and vet for example, are included in binary Go distributions. Others, including the Go guru and the test coverage tool, can be fetched with go get. Packages include a type-checker for Go and an implementation of the Static Single Assignment form (SSA) representation for Go programs. This repository uses prettier to format JS and CSS files. The version of prettier used is 1.18.2. It is encouraged that all JS and CSS code be run through this before submitting a change. However, it is not a strict requirement enforced by CI. This repository uses Gerrit for code changes. -
11
Pulumi
Developer-first infrastructure as code. Your cloud, your language
Pulumi's Infrastructure as Code SDK is the easiest way to create and deploy cloud software that use containers, serverless functions, hosted services, and infrastructure, on any cloud. Simply write code in your favorite language and Pulumi automatically provisions and manages your AWS, Azure, Google Cloud Platform, and/or Kubernetes resources, using an infrastructure-as-code approach. Skip the YAML, and use standard language features like loops, functions, classes, and package management... -
12
Klotho
Write AWS applications at lightning speed
Klotho is an open source tool that transforms plain code into cloud native code. Klotho allows you to quickly and reliably add cloud functionality to your application with minimal modification to your code. In most cases, this is just a handful of klotho annotations. Klotho is designed to absorb the complexity of building cloud applications, enabling everyone in large-scale organizations and teams to hobbyist developers to write and operate cloud applications at a fraction of the effort. Its... -
13
KubeLinter
KubeLinter is a static analysis tool that checks Kubernetes YAML files
KubeLinter analyzes Kubernetes YAML files and Helm charts, and checks them against a variety of best practices, with a focus on production readiness and security. KubeLinter runs sensible default checks, designed to give you useful information about your Kubernetes YAML files and Helm charts. This is to help teams check early and often for security misconfigurations and DevOps best practices. Some common examples of these include running containers as a non-root user, enforcing least... -
14
BuildKit
Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. BuildKit is a new project under the Moby umbrella for building and packaging software using containers. It’s a new codebase meant to replace the internals of the current build features in the Moby Engine. BuildKit emerged from the discussions about improving the build features in Moby Engine. We received a lot of positive feedback for the multi-stage build feature introduced... -
15
StackRox Kubernetes
Performs a risk analysis of the container environment
...You may find references to these previous names in code or documentation. -
16
golangci-lint
Fast linters Runner for Go
...It runs linters in parallel, uses caching, supports yaml config, has integrations with all major IDE and has dozens of linters included. ⚡ Very fast: runs linters in parallel, reuses Go build cache and caches analysis results. Yaml-based configuration. Integrations with VS Code, Sublime Text, GoLand, GNU Emacs, Vim, Atom, GitHub Actions. A lot of linters included, no need to install them. Minimum number of false positives because of tuned default settings. Nice output with colors, source code lines and marked identifiers. -
17
Goss
Quick and Easy server testing/validation
...A Json draft 7 schema available in docs/goss-json-schema.yaml makes it easier to edit simple goss.yaml files in IDEs, providing usual coding assistance such as inline documentation, completion and static analysis. -
18
Gonum
Set of numeric libraries for the Go programming language
...Gonum contains libraries for matrices and linear algebra; statistics, probability distributions, and sampling; tools for function differentiation, integration, and optimization; network creation and analysis; and more. We encourage you to get started with Go and Gonum if you are tired of sluggish performance, and fighting C and vectorization, and also if you are struggling with managing programs as they grow larger. Get Gonum if you want code to be fully transparent, and want the ability to read the source code you use. It is useful if you’d like a compiler to catch mistakes early, but hate fighting linker and unintelligible compile errors. -
19
Pluto
A cli tool to help discover deprecated apiVersions in Kubernetes
Kubernetes sometimes deprecates API versions. Most notably, a large number of deprecations happened in the 1.16 release. This is fine, and it's a fairly easy thing to deal with. However, it can be difficult to find all the places where you might have used a version that will be deprecated in your next upgrade. You might think, "I'll just ask the api-server to tell me!", but this is fraught with danger. If you ask the API-server to give you deployments.v1.apps, and the deployment was deployed... -
20
Capslock
Tool to remap Caps Lock key behavior on Windows systems
...This helps apply the Principle of Least Privilege to Go software, guiding audits, supply chain reviews, and trust assessments. Capslock aims to make security posture analysis more proactive by surfacing capability-based risk signals before malicious or overly powerful code is introduced into production. -
21
Sensu Go
Simple. Scalable. Multi-cloud monitoring
...It also has a number of well-defined APIs for configuration, external data input, and to provide access to Sensu's data. Sensu is extremely extensible and is commonly referred to as "the monitoring router". The shift from static to dynamic infrastructure requires a change in approach to monitoring, from host-based to functional role-based. Connectivity moves from remote polling to publish-subscribe, the control plane moves from point-and-click interfaces to infrastructure as code workflows and self-service developer APIs. -
22
Grafana Pyroscope
Continuous Profiling Platform. Debug performance issues
Find and debug your most painful performance issues across code, infrastructure and CI/CD pipelines. Let you tag your data on the dimensions important for your organization. Allows you to store large volumes of high cardinality profiling data cheaply and efficiently. FlameQL enables custom queries to select and aggregate profiles quickly and efficiently for easy analysis. Analyze application performance profiles using our suite of profiling tools. -
23
Gogs
A painless self-hosted Git service
Gogs is a simple, stable, self-hosted Git service that is easy to install and setup. All you have to do is run the binary on any platform that Go supports: Linux, macOS and Windows. You may also install from source, from packages, or ship with Docker or Vagrant. Gogs is very lightweight with minimal hardware requirements, running on Raspberry Pi and even on NAS devices. Gogs offers plenty of great features, including various access repositories, repository and organization webhooks,... -
24
Infracost
Cloud cost estimates for Terraform in pull requests
Infracost scans for Terraform code changes and checks over 3 million prices to create a simple, understandable cost estimate before any resources are launched. Infracost integrates into CI/CD so everyone knows the cost impact of changes without leaving the workflow. Infracost integrates with Open Policy Agent, Sentinel, and Conftest, enabling DevOps teams to set best practices as policies. Infracost automatically creates detailed, shareable cost estimates which can be sent to clients and... -
25
Coca
Coca is a toolbox which is design for legacy system refactoring
Coca is a toolbox that is design for legacy system refactoring and analysis, including call graph, concept analysis, api tree, and design patterns suggestions. Requirements: graphviz for dot file to image (such as svg, png). The easiest way to get coca is to use one of the pre-built release binaries which are available for OSX, Linux, and Windows on the release page.
