Open Source Source Code Analysis Tools - Page 2
Sort By:
Source Code Analysis Tools
View 5970 business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
1
PHP Coding Standards Fixer
A tool to automatically fix PHP Coding Standards issues
The PHP Coding Standards Fixer (PHP CS Fixer) tool fixes your code to follow standards, whether you want to follow PHP coding standards as defined in the PSR-1, PSR-2, etc., or other community driven ones like the Symfony one. You can also define your (team’s) style through configuration. It can modernize your code (like converting the pow function to the operator on PHP 5.6) and (micro) optimize it. If you are already using a linter to identify coding standards problems in your code, you know that fixing them by hand is tedious, especially on large projects. This tool does not only detect them, but also fixes them for you. If you need to apply code styles that are not supported by the tool, you can create custom rules. Dedicated plugins exist for Atom, NetBeans, PhpStorm, Sublime Text, Vim, and VS Code. -
2
Sentry
Cross-platform application monitoring and error tracking software
Sentry is a cross-platform, self-hosted error monitoring solution that helps software teams discover, monitor and fix errors in real-time. The most users and logs will have to provide are the clues, and Sentry provides the answers. Sentry offers enhanced application performance monitoring through information-laden stack traces. It lets you build better software faster and more efficiently by showing you all issues in one place and providing the trail of events that lead to errors. It also provides real-time monitoring and data visualization through dashboards. Sentry’s server is in Python, but its API enables for sending events from any language, in any application. More than fifty-thousand companies already ship better software faster thanks to Sentry; let yours be one of them! -
3
Angular ESLint
Monorepo for all the tooling related to using ESLint with Angular
Monorepo for all the tooling which enables ESLint to lint Angular projects. Follow the latest Getting Started guide on angular.io in order to install the Angular CLI. Create a new Angular CLI workspace in the normal way, optionally using any of the supported command line arguments and following the interactive prompts. As well as installing all relevant dependencies, the ng add command will automatically detect that you have a workspace with a single project in it, which does not have a linter configured yet. It can therefore go ahead and wire everything up for you! -
4
Application Inspector
A source code analyzer built for surfacing features of interest
Microsoft Application Inspector is a software source code characterization tool that helps identify coding features of first or third party software components based on well-known library/API calls and is helpful in security and non-security use cases. It uses hundreds of rules and regex patterns to surface interesting characteristics of source code to aid in determining what the software is or what it does from what file operations it uses, encryption, shell operations, cloud API's, frameworks and more and has received industry attention as a new and valuable contribution to OSS on ZDNet, SecurityWeek, CSOOnline, Linux.com/news, HelpNetSecurity, Twitter and more and was first featured on Microsoft.com. Application Inspector is different from traditional static analysis tools in that it doesn't attempt to identify "good" or "bad" patterns; it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security. -
AI-generated apps that pass security reviewRetool lets you generate dashboards, admin panels, and workflows directly on your data. Type something like “Build me a revenue dashboard on my Stripe data” and get a working app with security, permissions, and compliance built in from day one. Whether on our cloud or self-hosted, create the internal software your team needs without compromising enterprise standards or control.
-
5
Async PHP
Easily run code asynchronously
Spatie Async is a PHP library that allows developers to run parallel processes using asynchronous tasks. It helps optimize performance by executing long-running or resource-intensive tasks concurrently, instead of sequentially. The library is easy to use and integrates well with existing PHP applications, making it suitable for batch processing, data scraping, or any scenario where concurrency can boost efficiency. -
6
Code Climate CLI
Code Climate CLI
Align initiatives with strategic priorities, accelerate software delivery, and drive continuous improvement with the leading Engineering Intelligence Solution. Software development teams used to operate in the dark, forced to make decisions based on gut feel and anecdotes, causing friction, creating silos, and leading to mediocre outcomes. Today, forward-thinking engineering leaders leverage data-driven insights to build a culture of trust and high performance. Align on business priorities with improved transparency across every level of your organization, and ensure optimal resource allocation for your engineering teams. Deliver high-quality code quickly and consistently to achieve true Continuous Delivery and out-innovate your competition. Improve your team’s processes and engineering skills to create a high-performance culture, boost pipeline efficiency, and increase employee engagement. code climate is a command-line interface for the Code Climate analysis platform. -
7
Fork TS Checker Webpack Plugin
Webpack plugin that runs typescript type checker on a separate process
Webpack plugin that runs TypeScript type checker on a separate process. Speeds up TypeScript type checking (by moving it to a separate process). Supports modern TypeScript features like project references and incremental mode. Supports Vue Single File Component. Displays nice error messages with the code frame formatted. This plugin requires Node.js >=12.13.0+, Webpack ^5.11.0, TypeScript ^3.6.0. It's very important to be aware that this plugin uses TypeScript's, not webpack's modules resolution. It means that you have to setup tsconfig.json correctly. Options passed to the plugin constructor will overwrite options from the cosmiconfig (using deepmerge). It requires TypeScript >= 3.8.0 (it's a limitation of the transpileOnly mode from ts-loader) When using TypeScript 4.3.0 or newer you can profile long type checks by setting "generateTrace" compiler option. -
8
PHP dotenv
Loads environment variables automatically
You should never store sensitive credentials in your code. Storing configuration in the environment is one of the tenets of a twelve-factor app. Anything that is likely to change between deployment environments, such as database credentials or credentials for 3rd party services, should be extracted from the code into environment variables. Basically, a .env file is an easy way to load custom configuration variables that your application needs without having to modify .htaccess files or Apache/nginx virtual hosts. This means you won't have to edit any files outside the project, and all the environment variables are always set no matter how you run your project, Apache, Nginx, CLI, and even PHP's built-in webserver. It's WAY easier than all the other ways you know of to set environment variables, and you're going to love it! -
9
Luacheck
A tool for linting and static analysis of Lua code
Luacheck is a static analyzer and a linter for Lua. Luacheck detects various issues such as usage of undefined global variables, unused variables and values, accessing uninitialized variables, unreachable code and more. Most aspects of checking are configurable: there are options for defining custom project-related globals, for selecting set of standard globals (version of Lua standard library), for filtering warnings by type and name of related variable, etc. The options can be used on the command line, put into a config or directly into checked files as Lua comments. Luacheck supports checking Lua files using the syntax of Lua 5.1, Lua 5.2, Lua 5.3, and LuaJIT. Luacheck itself is written in Lua and runs on all of the mentioned Lua versions. -
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
10
NERD Commenter
Vim plugin for intensely nerdy commenting powers
NERD Commenter is a Vim plugin offering powerful and highly customizable commenting capabilities. It simplifies toggling comments, supports multiple styles and nesting, and integrates cleanly with various plugin managers. Several settings can be added to your vimrc to change the default behavior. While the plugin does not directly support motions, you can leverage its support for selections to do something very similar. You can turn off default settings mappings to provide your own from scratch. Comment out the current line or text selected in visual mode. -
11
SimpleCov
Code coverage for Ruby with a powerful configuration library
Code coverage for Ruby with a powerful configuration library and automatic merging of coverage across test suites. SimpleCov is a code coverage analysis tool for Ruby. It uses Ruby's built-in Coverage library to gather code coverage data, but makes processing its results much easier by providing a clean API to filter, group, merge, format, and display those results, giving you a complete code coverage suite that can be set up with just a couple lines of code. SimpleCov/Coverage track covered ruby code, gathering coverage for common templating solutions like erb, slim and haml is not supported. In most cases, you'll want overall coverage results for your projects, including all types of tests, Cucumber features, etc. SimpleCov automatically takes care of this by caching and merging results when generating reports, so your report actually includes coverage across your test suites and thereby gives you a better picture of blank spots. -
12
SonarJS
SonarSource Static Analyzer for JavaScript and TypeScript
This SonarSource project is a static code analyzer for JavaScript, TypeScript and CSS languages. In order to analyze JavaScript, TypeScript or CSS code, you need to have a supported version of Node.js installed on the machine running the scan. Recommended versions are the previous LTS version v14 and the latest version - v16. We recommend using the latest available LTS version (v16 as of today) for optimal stability and performance. v12 is still supported, but it already reached end-of-life and is deprecated. If node is not available in the PATH, you can use property sonar.nodejs.executable to set an absolute path to Node.js executable. If you have a community plugin for CSS analysis installed on your SonarQube instance it will conflict with the analysis of CSS, so it should be removed. -
13
Static Analysis Tools for PHP
Docker image that provides static analysis tools for PHP
Docker image providing static analysis tools for PHP. The list of available tools and the installer is actually managed in the jakzal/toolbox repository. Docker image with quality analysis tools for PHP. To run the selected tool inside the container, you'll need to mount the project directory on the container with -v "$(pwd):/project". Some tools like to write to the /tmp directory (like PHPStan, or Behat in some cases), therefore it's often useful to share it between docker runs, i.e. with -v "$(pwd)/tmp-phpqa:/tmp". If you want to be able to interrupt the selected tool if it takes too much time to complete, you can use the --init option. Some tools are not included in the docker image, to use them refer to their documentation. Provides utilities to report legacy tests and usage of deprecated code. -
14
eslint-plugin-jest
ESLint plugin for Jest
ESLint plugin for Jest. If you installed ESLint globally then you must also install eslint-plugin-jest globally. Add jest to the plugins section of your .eslintrc configuration file. You can omit the eslint-plugin- prefix. The rules provided by this plugin assume that the files they are checking are test-related. This means it's generally not suitable to include them in your top-level configuration as that applies to all files being linted which can include source files. Since we cache the automatically determined version, if you're linting sub-folders that have different versions of Jest, you may find that the wrong version of Jest is considered when linting. You can work around this by providing the Jest version explicitly in nested ESLint configs. -
15
eslint-plugin-jsx-a11y
Static AST checker for a11y rules on JSX elements
Static AST checker for accessibility rules on JSX elements. This plugin does a static evaluation of the JSX to spot accessibility issues in React apps. Because it only catches errors in static code, use it in combination with axe-core/react to test the accessibility of the rendered DOM. Consider these tools just as one step of a larger a11y testing process and always test your apps with assistive technology. If you installed ESLint globally (using the -g flag in npm, or the global prefix in yarn) then you must also install eslint-plugin-jsx-a11y globally. To enable your custom components to be checked as DOM elements, you can set global settings in your configuration file by mapping each custom component name to a DOM element type. Enforce all elements that require alternative text have meaningful information to relay back to the end user. -
16
pmd
An extensible multilanguage static code analyzer
PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, PLSQL, Apache Velocity, XML, and XSL. Additionally, it includes CPD, the copy-paste-detector. CPD finds duplicated code in Java, C, C++, C#, Groovy, PHP, Ruby, Fortran, JavaScript, PLSQL, Apache Velocity, Scala, Objective C, Matlab, Python, Go, Swift and Salesforce.com Apex, and Visualforce. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, Modelica, PLSQL, Apache Velocity, XML, XSL, and Scala. Additionally, it includes CPD, the copy-paste-detector. CPD finds duplicated code in C/C++, C#, Dart, Fortran, Go, Groovy, Java, JavaScript, JSP, Kotlin, Lua, Matlab, Modelica, Objective-C, Perl, PHP, PLSQL, Python, Ruby, Salesforce.com Apex, Scala, Swift, Visualforce and XML. -
17
stylelint
A linter that helps you avoid errors and enforce conventions
stylelint understands the latest CSS syntax including custom properties and level 4 selectors. Extracts embedded styles from HTML, markdown and CSS-in-JS object & template literals. Parses CSS-like syntaxes like SCSS, Sass, Less and SugarSS. Has over 170 built-in rules to catch errors, apply limits and enforce stylistic conventions. Supports plugins so you can create your own rules or make use of plugins written by the community. Automatically fixes the majority of stylistic violations. Itis well tested with over 15000 unit tests. Supports shareable configs that you can extend or create. It is unopinionated so that you can customize it to your exact needs. stylelint has a growing community and is used by Facebook, GitHub and WordPress. You can configure the built-in stylistic rules to allow both multi-line and single-line rules. The choice of when to use each belongs to the user. -
18
coan
"The C preprocessor chainsaw"
Coan is a software engineering tool for analysing preprocessor-based configurations of C or C++ source code. Its principal use is to simplify a body of source code by eliminating any parts that are redundant with respect to a specified configuration. -
19
Commander.js
node.js command-line interfaces made easy
The complete solution for node.js command-line interfaces. Commander exports a global object which is convenient for quick programs. For larger programs which may use commander in multiple ways, including unit testing, it is better to create a local Command object to use. Each option can have a short flag (single character) and a long name, separated by a comma or space or vertical bar ('|'). Multiple short flags may optionally be combined in a single argument following the dash: boolean flags, followed by a single option taking a value (possibly followed by the value). You may specify a function to do custom processing of option-arguments. The callback function receives two parameters, the user specified option-argument and the previous value for the option. It returns the new value for the option. This allows you to coerce the option-argument to the desired type, or accumulate values, or do entirely custom processing. -
20
MoarVM
A runtime built for the 6model object system
Short for "Metamodel On A Runtime", MoarVM is a modern virtual machine built for the Rakudo Perl 6 compiler and the NQP Compiler Toolchain. MoarVM is used by the majority of Perl 6 programmers. Highlights include: Great Unicode support, with strings represented at grapheme level, dynamic analysis of running code to identify hot functions and loops, and perform a range of optimizations, including type specialization and inlining, support for threads, a range of concurrency control constructs, and asynchronous sockets, timers, processes, and more, generational, parallel, garbage collection, support for numerous language features, including first class functions, exceptions, continuations, runtime loading of code, big integers and interfacing with native libraries. MoarVM provides very little directly - and that's a good thing. It is not tied to a particular way of doing inheritance, roles, mixins, method resolution, type-checking, and so forth. -
21
R.swift
Autocompleted resources like images, fonts & segues in Swift projects
Get strong typed, autocompleted resources like images, fonts and segues in Swift projects. It makes your code that uses resources to be fully typed, less casting and guessing what a method will return. Compile time checked, no more incorrect strings that make your app crash at runtime. Autocompleted, never have to guess that image name again. For autocompleted images, and compiletime checked images. After installing R.swift into your project you can use the R-struct to access resources. If the struct is outdated just build and R.swift will correct any missing/changed/added resources. Runtime validation with R.validate() ff all images used in storyboards and nibs are available, if all named colors used in storyboards and nibs are available, if all view controllers with storyboard identifiers can be loaded, if all custom fonts can be loaded. -
22
SublimeLinter-eslint
This linter plugin for SublimeLinter provides an interface to ESLint
This linter plugin for SublimeLinter provides an interface to ESLint. It will be used with "JavaScript" files, but since eslint is pluggable, it can actually lint a variety of other files as well. SublimeLinter will detect some installed local plugins, and thus it should work automatically for e.g. .vue or .ts files. If it works on the command line, there is a chance it works in Sublime without further ado. Make sure the plugins are installed locally colocated to eslint itself. T.i., technically, both eslint and its plugins are described in the very same package.json. Configuration of the plugins is out-of-scope of this README. Be sure to read their README's as well. (If you just installed a plugin, without proper configuration, eslint will probably show error messages or wrong lint results, and SublimeLinter will just pass them to you.) -
23
codeium-chrome
Free, ultrafast code autocomplete for Chrome
Free, ultrafast code autocomplete for Chrome. Codeium autocompletes your code with AI in all major IDEs. This includes web editors as well. The content attribute accepts a comma-separated list of supported editors. These currently include: "monaco" and "codemirror5". -
24
eslint-config-alloy
Progressive ESLint config for your React/Vue/TypeScript projects
Progressive ESLint config for your React/Vue/TypeScript projects. The AlloyTeam ESLint config is not only a progressive ESLint config for your React/Vue/TypeScript projects but also the best reference for configuring your personalized ESLint rules. Let Prettier handle style-related rules. Inherit ESLint's philosophy and help everyone build their own rules. High degree of automation: advanced rules management, test as a document, as a website. Keep up with the times, follow up the latest rules as soon as possible. It is recommended to use npm init vue@3 to create a project with Vue, TypeScript and ESLint integrated. Our team initially used Airbnb rules, but because it was too strict, some rules still needed to be personalized, which led to more and more changes in the future and finally decided to maintain a new set. After more than four years of maintaining, eslint-config-alloy is now very mature and progressive and has been welcomed by many teams inside and outside the company. -
25
eslint-plugin-import
ESLint plugin with rules that help validate proper imports.
This plugin intends to support linting of ES2015+ (ES6+) import/export syntax, and prevent issues with misspelling of file paths and import names. All the goodness that the ES2015+ static module syntax intends to provide, is marked up in your editor. The maintainers of eslint-plugin-import and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open-source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. With the advent of module bundlers and the current state of modules and module syntax specs, it's not always obvious where import x from 'module' should look to find the file behind module. Up through v0.10ish, this plugin has directly used substack's resolve plugin, which implements Node's import behavior. This works pretty well in most cases.
