Showing 309 open source projects for "source code static anala"

View related business solutions
  • Build Agents and Models on One Platform Icon
    Build Agents and Models on One Platform

    Everything you need to build production-ready agents and models. Access 200+ Google and third-party AI models and tools.

    Gemini Enterprise Agent Platform is Google Cloud's comprehensive platform for developers to build, scale, govern, and optimize agents and models. Choose from Google's most advanced models and third-party models like Anthropic's Claude Model Family.
    Try It Free
  • $300 Free Credits for Your Google Cloud Projects Icon
    $300 Free Credits for Your Google Cloud Projects

    Start building on Google Cloud with $300 in free credits. No commitment, no credit card required until you're ready to scale.

    Launch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
    Start Free Trial
  • 1
    Bandit

    Bandit

    Bandit is a tool designed to find common security issues in Python

    Bandit is a tool designed to find common security issues in Python code. To do this, Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files, it generates a report. Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA.
    Downloads: 9 This Week
    Last Update:
    See Project
  • 2
    PHP CS Fixer

    PHP CS Fixer

    A tool to automatically fix PHP Coding Standards issues

    PHP-CS-Fixer is a tool that automatically fixes coding standards issues in PHP files. It helps developers maintain consistent coding style by applying rules defined by PHP-FIG (PSR standards) or custom configuration. It is widely used in CI/CD pipelines to enforce style conformity and reduce code review overhead.
    Downloads: 8 This Week
    Last Update:
    See Project
  • 3
    bearer

    bearer

    Code security scanning tool (SAST) to discover security risks

    Welcome to the Bearer documentation. Bearer is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). We provides built-in rules against a common set of security risks and vulnerabilities, known as OWASP Top 10. Leakage of sensitive data through cookies, internal loggers, third-party logging services, and into analytics environments. ...
    Downloads: 13 This Week
    Last Update:
    See Project
  • 4
    eslint-plugin-jsx-a11y

    eslint-plugin-jsx-a11y

    Static AST checker for a11y rules on JSX elements

    Static AST checker for accessibility rules on JSX elements. This plugin does a static evaluation of the JSX to spot accessibility issues in React apps. Because it only catches errors in static code, use it in combination with axe-core/react to test the accessibility of the rendered DOM. Consider these tools just as one step of a larger a11y testing process and always test your apps with assistive technology. If you installed ESLint globally (using the -g flag in npm, or the global prefix in...
    Downloads: 9 This Week
    Last Update:
    See Project
  • Error to trace to log to deploy. One click. No SSH. Icon
    Error to trace to log to deploy. One click. No SSH.

    Catch the cause before the pager goes off.

    AppSignal links every error to the trace, the trace to the log, the log to the deploy that shipped it.
    Free 30 days.
  • 5
    PHPDoc-Parser for PHPStan

    PHPDoc-Parser for PHPStan

    Next-gen phpDoc parser with support for intersection types

    Next-generation phpDoc parser with support for intersection types and generics. This project adheres to a Contributor Code of Conduct. By participating in this project and its community, you are expected to uphold this code. Initially you need to run composer install or composer update in case you aren't working in a folder that was built before. Afterward, you can either run the whole build including linting and coding standards.
    Downloads: 6 This Week
    Last Update:
    See Project
  • 6
    Flow

    Flow

    A static type checker for JavaScript

    Flow is a static type checker for JavaScript. It was designed to help improve code quality and developer productivity. It does this through several smart capabilities. First, it identifies problems as you code, so you no longer have to waste time guessing and checking again and again. Second, it understands your code and makes its knowledge available, allowing you to build other smart tools on top of it. Third, it helps you refactor safely so you can focus on the changes you want to make and...
    Downloads: 11 This Week
    Last Update:
    See Project
  • 7
    gosec

    gosec

    Golang security checker

    A project devoted to secure programming in the Go language. Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. You can integrate third-party code analysis tools with GitHub code scanning by uploading data as SARIF files. The workflow shows an example of running the gosec as a step in a GitHub action workflow that outputs the results.sarif file. The workflow then uploads the results.sarif file to GitHub using the...
    Downloads: 12 This Week
    Last Update:
    See Project
  • 8
    Crafting Interpreters

    Crafting Interpreters

    Repository for the book "Crafting Interpreters"

    Static site generator tooling to compose book + code into HTML. Markdown source of book chapters and text prose. Full interpreter implementation in C (clox).
    Downloads: 11 This Week
    Last Update:
    See Project
  • 9
    GDScript Toolkit

    GDScript Toolkit

    Independent set of GDScript tools - parser, linter and formatter

    Independent set of GDScript tools, parser, linter and formatter. This project provides a set of tools for daily work with GDScript. At the moment it provides a parser that produces a parse tree for debugging and educational purposes. A linter that performs a static analysis according to some predefined configuration. A formatter that formats the code according to some predefined rules. A code metrics calculator which calculates the cyclomatic complexity of functions and classes. To install...
    Downloads: 10 This Week
    Last Update:
    See Project
  • 99.99% Uptime for MySQL and PostgreSQL Databases Icon
    99.99% Uptime for MySQL and PostgreSQL Databases

    Sub-second maintenance. 2x read/write performance. Built-in vector search for AI apps.

    Cloud SQL Enterprise Plus delivers near-zero downtime with 35 days of point-in-time recovery. Supports MySQL, PostgreSQL, and SQL Server.
    Try Free
  • 10
    AWS IoT Fleet Provisioning Library

    AWS IoT Fleet Provisioning Library

    Client library for using AWS IoT Fleet Provisioning service

    ...This library has no dependencies on any additional libraries other than the standard C library, and therefore, can be used with any MQTT library. This library is distributed under the MIT Open Source License. This library has gone through code quality checks including verification that no function has a GNU Complexity score over 8, and checks against deviations from mandatory rules in the MISRA coding standard. Deviations from the MISRA C:2012 guidelines are documented under MISRA Deviations. This library has also undergone static code analysis using Coverity static analysis, and validation of memory safety through the CBMC automated reasoning tool.
    Downloads: 6 This Week
    Last Update:
    See Project
  • 11
    Error Prone

    Error Prone

    Catch common Java mistakes as compile-time errors

    Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time. It’s common for even the best programmers to make simple mistakes. And sometimes a refactoring that seems safe can leave behind code that will never do what’s intended. We’re used to getting help from the compiler, but it doesn’t do much beyond static type checking. Using Error Prone to augment the compiler’s type analysis, you can catch more mistakes before they cost you time, or end up...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 12
    TypeScript

    TypeScript

    Application-scale JavaScript

    TypeScript is an open source programming language that is a typed superset of JavaScript. It adds optional static typing to JavaScript, which can support tools for large-scale JavaScript applications for any browser, host and OS. TypeScript compiles to clean, simple JavaScript, and uses existing JavaScript code and libraries. It also offers support for the latest and evolving JavaScript features, such as async functions and decorators.
    Downloads: 14 This Week
    Last Update:
    See Project
  • 13
    PHPStan

    PHPStan

    Dscover bugs in your code without running it!

    PHPStan finds bugs in your code without writing tests. It's open-source and free. PHPStan scans your whole codebase and looks for both obvious & tricky bugs. Even in those rarely executed if statements that certainly aren't covered by tests. You can run it on your machine and in CI to prevent those bugs ever reaching your customers in production. Thanks to rule levels you don't get overwhelmed with thousands of errors on the first run. You can increase PHPStan's capabilities on your code at...
    Downloads: 6 This Week
    Last Update:
    See Project
  • 14
    Semgrep

    Semgrep

    Lightweight static analysis for many languages

    Static analysis at ludicrous speed. Find bugs and enforce code standards. Find and prevent security issues in Terraform, Docker, Kubernetes, nginx, and AWS configs before they go into production. Go beyond application code and protect the entire stack with a breadth of scanning capabilities. Don't leak secrets, scan every commit and ensure secrets don't make it to production.
    Downloads: 11 This Week
    Last Update:
    See Project
  • 15
    pytype

    pytype

    A static type analyzer for Python code

    pytype is a static type analyzer that checks and infers types for Python code without executing it, catching errors at “compile time” and generating actionable diagnostics. It grew alongside Python typing at Google and can understand both inline annotations and unannotated code via powerful inference. The tool consumes stub files (.pyi) for the standard library and third-party packages (from typeshed and its own built-ins), enabling accurate checks even in large, mixed-quality codebases....
    Downloads: 0 This Week
    Last Update:
    See Project
  • 16
    kube-score

    kube-score

    Kubernetes object analysis with recommendations

    Kubernetes object analysis with recommendations for improved reliability and security. kube-score is a tool that does static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resilient. kube-score is open-source and available under the MIT-license. Container limits (should be set) Pod is targeted by a NetworkPolicy, both egress and ingress rules are recommended. ...
    Downloads: 10 This Week
    Last Update:
    See Project
  • 17
    ngx-markdown

    ngx-markdown

    Angular markdown component/directive/pipe/service to parse static

    Angular markdown component/directive/pipe/service to parse static, dynamic or remote content to HTML with syntax highlight and more. As the library is using Marked parser you will need to add node_modules/marked/marked.min.js to your application. To use the line numbers plugin that shows line numbers in code blocks, in addition to Prism.js configuration files, you will need to include the following files from prismjs/plugins/line-numbers directory to your application. Using markdown...
    Downloads: 5 This Week
    Last Update:
    See Project
  • 18
    AWS IoT Jobs library

    AWS IoT Jobs library

    Client library for using AWS IoT Jobs service on embedded devices

    ...This library provides a convenience API to compose and recognize the MQTT topic strings used by the Jobs service. The library is written in C compliant with ISO C90 and MISRA C:2012, and is distributed under the MIT Open Source License. This library has gone through code quality checks including verification that no function has a GNU Complexity score over 8, and checks against deviations from mandatory rules in the MISRA coding standard. Deviations from the MISRA C:2012 guidelines are documented under MISRA Deviations. This library has also undergone both static code analysis from Coverity.
    Downloads: 6 This Week
    Last Update:
    See Project
  • 19
    blogdown

    blogdown

    Create Blogs and Websites with R Markdown

    blogdown is an R package that enables the creation and maintenance of static websites and blogs using R Markdown and Hugo (or other static-site generators). Developed by Yihui Xie and team, it provides functions to initialize sites, write posts, manage themes, and deploy with minimal fuss. It seamlessly blends R code chunks and web content, ideal for data storytellers and technical bloggers.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 20
    jimmer

    jimmer

    A revolutionary ORM framework for both java and kotlin.

    A revolutionary ORM framework for both Java and kotlin and a complete integrated solution. You can view everything from the documentation. Brings dynamism into static language ORM frameworks, achieving flexible capabilities for operating on complex dynamic data structures without compromising the complete compile-time safety checks of static languages, eliminating DTO explosion and unafraid of engineering expansion and changing requirements. Its innovative SQL DSL supports dynamic table...
    Downloads: 7 This Week
    Last Update:
    See Project
  • 21
    AWS IoT Device Defender Library

    AWS IoT Device Defender Library

    Client library for using AWS IoT Defender service on embedded devices

    ...This library has no dependencies on any additional libraries other than the standard C library, and therefore, can be used with any MQTT client library. This library is distributed under the MIT Open Source License. This library has gone through code quality checks including verification that no function has a GNU Complexity score over 8, and checks against deviations from mandatory rules in the MISRA coding standard. Deviations from the MISRA C:2012 guidelines are documented under MISRA Deviations. This library has also undergone static code analysis using Coverity static analysis.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 22
    Liquid

    Liquid

    Liquid markup language. Safe, customer facing template language

    Liquid is a secure, open-source templating language created by Shopify in Ruby. It enables embedding logic (loops, conditionals, filters) within safe, customer-editable templates. Commonly used for rendering storefronts, emails, and static site generation in Shopify and Jekyll-based systems.
    Downloads: 9 This Week
    Last Update:
    See Project
  • 23
    pkgdown

    pkgdown

    Generate static html documentation for an R package

    pkgdown is an R package (by the r-lib group) whose purpose is to generate static websites (HTML) for R packages, automatically converting a package’s help files, vignettes, README, NEWS, etc., into a documentation website. It helps package authors share their documentation online with minimal friction. It supports custom templates, themes, and configuration. pkgdown 2.0.0 includes an upgrade from Bootstrap 3 to Bootstrap 5, which is accompanied by a whole bunch of minor UI improvements. If...
    Downloads: 4 This Week
    Last Update:
    See Project
  • 24
    Deptrac

    Deptrac

    Keep your architecture clean.

    Deptrac is a static analysis tool for PHP that helps maintain architectural boundaries within codebases. It analyzes dependencies between classes and ensures that code follows predefined architectural rules. Deptrac is useful for preventing unwanted couplings, enforcing clean code architecture, and detecting violations early during development.
    Downloads: 6 This Week
    Last Update:
    See Project
  • 25
    WALA

    WALA

    Libraries for Analysis, with frontends for Java, Android, and JS

    The T. J. Watson Libraries for Analysis (WALA) provide static analysis capabilities for Java bytecode and related languages and for JavaScript. The system is licensed under the Eclipse Public License, which has been approved by the OSI (Open Source Initiative) as a fully certified open-source license. The initial WALA infrastructure was independently developed as part of the DOMO research project at the IBM T.J. Watson Research Center. In 2006, IBM donated the software to the community. The...
    Downloads: 0 This Week
    Last Update:
    See Project