Open Source Source Code Analysis Tools - Page 3
Sort By:
Source Code Analysis Tools
View 5732 business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
1
SafeQL
Validate and auto-generate TypeScript types from raw SQL queries
SafeQL is an ESLint plugin for writing SQL queries in a type-safe way. SafeQL automatically infers the type of the query result based on the query itself. SafeQL works with any PostgreSQL client, including Prisma, Sequelize, pg, Postgres.js, and more. SafeQL was built in mind to be easy to use and integrate with your existing codebase. SafeQL was built with monorepos and microservices in mind, and it's easy to use with multiple databases. SafeQL is an ESLint plugin that helps you write SQL (PostgreSQL) queries safely. SafeQL was never meant to replace your current SQL library. Instead, It's a plugin that you can use to add extra functionality to your existing SQL library. It means that you can use SafeQL with any SQL library that you want. You can even use SafeQL with multiple SQL libraries at the same time. -
2
SonarJS
SonarSource Static Analyzer for JavaScript and TypeScript
This SonarSource project is a static code analyzer for JavaScript, TypeScript and CSS languages. In order to analyze JavaScript, TypeScript or CSS code, you need to have a supported version of Node.js installed on the machine running the scan. Recommended versions are the previous LTS version v14 and the latest version - v16. We recommend using the latest available LTS version (v16 as of today) for optimal stability and performance. v12 is still supported, but it already reached end-of-life and is deprecated. If node is not available in the PATH, you can use property sonar.nodejs.executable to set an absolute path to Node.js executable. If you have a community plugin for CSS analysis installed on your SonarQube instance it will conflict with the analysis of CSS, so it should be removed. -
3
Static Analysis Tools for PHP
Docker image that provides static analysis tools for PHP
Docker image providing static analysis tools for PHP. The list of available tools and the installer is actually managed in the jakzal/toolbox repository. Docker image with quality analysis tools for PHP. To run the selected tool inside the container, you'll need to mount the project directory on the container with -v "$(pwd):/project". Some tools like to write to the /tmp directory (like PHPStan, or Behat in some cases), therefore it's often useful to share it between docker runs, i.e. with -v "$(pwd)/tmp-phpqa:/tmp". If you want to be able to interrupt the selected tool if it takes too much time to complete, you can use the --init option. Some tools are not included in the docker image, to use them refer to their documentation. Provides utilities to report legacy tests and usage of deprecated code. -
4
eslint-plugin-jsdoc
JSDoc specific linting rules for ESLint
JSDoc specific linting rules for ESLint. Install ESLint either locally or globally. Rules may, as per the ESLint user guide, have their own individual options. In eslint-plugin-jsdoc, a few options, such as, exemptedBy and contexts, may be used across different rules. eslint-plugin-jsdoc options, if present, are generally in the form of an object supplied as the second argument in an array after the error level (any exceptions to this format are explained within that rule's docs). One can use minLines and maxLines to indicate how many line breaks (if any) will be checked to find a jsdoc comment block before the given code block. These settings default to 0 and 1 respectively. In conjunction with the require-jsdoc rule, these settings can be enforced so as to report problems if a jsdoc block is not found within the specified boundaries. The settings are also used in the fixer to determine how many line breaks to add when a block is missing. -
Build Securely on AWS with Proven FrameworksMoving to the cloud brings new challenges. How can you manage a larger attack surface while ensuring great network performance? Turn to Fortinet’s Tested Reference Architectures, blueprints for designing and securing cloud environments built by cybersecurity experts. Learn more and explore use cases in this white paper.
-
5
eslint-plugin-vue
ESLint plugin for Vue.js
ESLint plugin for Vue.js. This plugin allows us to check the template and script of .vue files with ESLint, as well as Vue code in .js files. This plugin supports the basic syntax of Vue.js 3.2, script setup, and CSS variable injection, but the ref sugar, an experimental feature of Vue.js 3.2, is not yet supported. If you have issues with these, please also refer to the FAQ. If you can't find a solution, search for the issue and if the issue doesn't exist, open a new issue. Be aware that depending on the code samples you write in tests, the RuleTester parser property must be set accordingly (this can be done on a test-by-test basis). The default JavaScript parser must be replaced because Vue.js single file components are not plain JavaScript, but a custom file format. vue-eslint-parser is a replacement parser that generates an enhanced AST with nodes that represent specific parts of the template syntax, as well as the contents of the script tag. -
6
nodejsscan
nodejsscan is a static security code scanner for Node.js applications
Static security code scanner (SAST) for Node.js applications powered by libsast and semgrep. nodejsscan is a static security code scanner for Node.js applications. -
7
prettier-eslint
Formats your JavaScript using prettier followed by eslint --fix
The fix feature of eslint is pretty great and can auto-format/fix much of your code according to your ESLint config. prettier is a more powerful automatic formatter. One of the nice things about prettier is how opinionated it is. Unfortunately, it's not opinionated enough and/or some opinions differ from my own. So after prettier formats the code, I start getting linting errors. This formats your code via prettier, and then passes the result of that to eslint --fix. This way you can get the benefits of prettier's superior formatting capabilities, but also benefit from the configuration capabilities of eslint. The path of the file being formatted can be used to override eslintConfig (eslint will be used to find the relevant config for the file). -
8
A drop-in replacement for the src.zip shipped with Oracle Java 7, that contains sources to all Java classes that are shipped or generated by the OpenJDK project (the official src.zip only covers public classes), plus tools to generate it.
-
9
Diff-ext is an extension for filemanagers such as Windows Explorer and Nautilus that allows to launch diff/merge tools on selected files.
-
Photo and Video Editing APIs and SDKsUnlock Picsart's full editing suite by embedding our Editor SDK directly into your platform. Offer your users the power of a full design suite without leaving your site.
-
10
Visualg 3.0
Visualg versão 3.0.5.6 (última de revisão 20/08/2015)
O VISUALG 3.0.5.6 (último) está com novos recursos, e nova aparência, e que pode ser trocada, entrando no MANUTENÇÃO/CONFIGURAÇÃO/PELES... Mas, atenção: Copie a sub-pasta SKIN's que está dentro da Pasta VISUALG3 para o drive C:\. Na raiz de seu HD [ drive C: (principal) ] , ficando assim: C:\Skins "caso vocês não consigam trocar as roupagens (peles) do programa. Usem com sabedoria ! Bons estudos ! Para contacto mandem um E-mail para: professor.antonio.nicolodi@gmail.com -
11
UCDetector
Eclipse Plugin to find unused Java code
UCDetector (Unnecessary Code Detector) is a Open Source Eclipse Plugin Tool. UCDetector finds unnecessary (dead) public Java code. It suggests to make code final, protected or private. -
12
A general purpose source code indexer and cross-referencer that provides web-based browsing of source code with links to the definition and usage of any identifier. Supports multiple languages. Up-to-date information in http://lxr.sourceforge.net
-
13
Application Inspector
A source code analyzer built for surfacing features of interest
Microsoft Application Inspector is a software source code characterization tool that helps identify coding features of first or third party software components based on well-known library/API calls and is helpful in security and non-security use cases. It uses hundreds of rules and regex patterns to surface interesting characteristics of source code to aid in determining what the software is or what it does from what file operations it uses, encryption, shell operations, cloud API's, frameworks and more and has received industry attention as a new and valuable contribution to OSS on ZDNet, SecurityWeek, CSOOnline, Linux.com/news, HelpNetSecurity, Twitter and more and was first featured on Microsoft.com. Application Inspector is different from traditional static analysis tools in that it doesn't attempt to identify "good" or "bad" patterns; it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security. -
14
Async PHP
Easily run code asynchronously
Spatie Async is a PHP library that allows developers to run parallel processes using asynchronous tasks. It helps optimize performance by executing long-running or resource-intensive tasks concurrently, instead of sequentially. The library is easy to use and integrates well with existing PHP applications, making it suitable for batch processing, data scraping, or any scenario where concurrency can boost efficiency. -
15
Boilerplate and Starter for Next JS 12+
Boilerplate and Starter for Next.js 12+, Tailwind CSS 3 and TypeScript
Boilerplate and Starter for Next JS 12+, Tailwind CSS 3 and TypeScript. Boilerplate and Starter for Next.js, Tailwind CSS and TypeScript. Made with developer experience first: Next.js, TypeScript, ESLint, Prettier, Husky, Lint-Staged, Jest, Testing Library, Commitlint, VSCode, Netlify, PostCSS, Tailwind CSS. If you are VSCode users, you can have a better integration with VSCode by installing the suggested extension in .vscode/extension.json. The starter code comes up with Settings for a seamless integration with VSCode. The Debug configuration is also provided for frontend and backend debugging experience. With the plugins installed on your VSCode, ESLint and Prettier can automatically fix the code and show you the errors. Same goes for testing, you can install VSCode Jest extension to automatically run your tests and it also show the code coverage in context. -
16
GIXY
Nginx configuration static analyzer
Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection. Currently supported Python versions are 2.7, 3.5, 3.6 and 3.7. Gixy is well tested only on GNU/Linux, other OSs may have some issues. You can find things that Gixy is learning to detect at Issues labeled with "new plugin". By default Gixy will try to analyze Nginx configuration placed in /etc/nginx/nginx.conf. Or something else, you can find all other gixy arguments with the help command: gixy --help. Gixy is available as a Docker image from the Docker hub. To use it, mount the configuration that you want to analyse as a volume and provide the path to the configuration file when running the Gixy image. If you have an image that already contains your nginx configuration, you can share the configuration with the Gixy container as a volume. -
17
HTMLHint
The static code analysis tool you need for your HTML
Static code analysis tool you need for your HTML. By default, htmlhint looks for a .htmlhintrc file in the current directory and all parent directories and applies its rules when parsing a file. -
18
Infer
A static analyzer for Java, C, C++, and Objective-C
Infer is a static analysis tool - if you give Infer some Java or C/C++/Objective-C code it produces a list of potential bugs. Anyone can use Infer to intercept critical bugs before they have shipped to users, and help prevent crashes or poor performance. Infer checks for null pointer exceptions, resource leaks, annotation reachability, missing lock guards, and concurrency race conditions in Android and Java code. Infer checks for null pointer dereferences, memory leaks, coding conventions and unavailable API’s. Start with the Getting Started guide and our other docs to download and try Infer yourself. Infer is still evolving, and we want to continue to develop it in the open. We hope it will be useful for other projects, so please try it out or contribute to it, join the community and give us feedback! -
19
JSHint
A tool that helps to detect errors and in your JavaScript code
JSHint is a community-driven tool that detects errors and potential problems in JavaScript code. Since JSHint is so flexible, you can easily adjust it in the environment you expect your code to execute. JSHint is publicly available and will always stay this way. The project aims to help JavaScript developers write complex programs without worrying about typos and language gotchas. Any code base eventually becomes huge at some point, so simple mistakes, that would not show themselves when written, can become show stoppers and add extra hours of debugging. So, static code analysis tools come into play and help developers spot such problems. JSHint scans a program written in JavaScript and reports about commonly made mistakes and potential bugs. The potential problem could be a syntax error, a bug due to an implicit type conversion, a leaking variable, or something else entirely. -
20
Light Table
Code editor that connects you to your creation with instant feedback
Connects you to your creation with instant feedback and showing data values flow through your code. Embed anything you want, from graphs to games to running visualizations. Easily customizable from keybinds to extensions to be completely tailored to your specific project. Everything from eval and debugging to a fuzzy finder for files and commands to fit seamlessly into your workflow. Try new ideas quickly and easily. Ask questions about your software, to give you a more profound understanding of your code. An elegant, lightweight, beautifully designed layout so your IDE is no longer cluttered. Next-gen println to keep track of important values in your code. Just add a watch to an expression and the value will be streamed back to LT in real time. No more printing to the console in order to view your results. Simply evaluate your code and the results will be displayed inline. -
21
PHP dotenv
Loads environment variables automatically
You should never store sensitive credentials in your code. Storing configuration in the environment is one of the tenets of a twelve-factor app. Anything that is likely to change between deployment environments, such as database credentials or credentials for 3rd party services, should be extracted from the code into environment variables. Basically, a .env file is an easy way to load custom configuration variables that your application needs without having to modify .htaccess files or Apache/nginx virtual hosts. This means you won't have to edit any files outside the project, and all the environment variables are always set no matter how you run your project, Apache, Nginx, CLI, and even PHP's built-in webserver. It's WAY easier than all the other ways you know of to set environment variables, and you're going to love it! -
22
R.swift
Autocompleted resources like images, fonts & segues in Swift projects
Get strong typed, autocompleted resources like images, fonts and segues in Swift projects. It makes your code that uses resources to be fully typed, less casting and guessing what a method will return. Compile time checked, no more incorrect strings that make your app crash at runtime. Autocompleted, never have to guess that image name again. For autocompleted images, and compiletime checked images. After installing R.swift into your project you can use the R-struct to access resources. If the struct is outdated just build and R.swift will correct any missing/changed/added resources. Runtime validation with R.validate() ff all images used in storyboards and nibs are available, if all named colors used in storyboards and nibs are available, if all view controllers with storyboard identifiers can be loaded, if all custom fonts can be loaded. -
23
SublimeLinter-eslint
This linter plugin for SublimeLinter provides an interface to ESLint
This linter plugin for SublimeLinter provides an interface to ESLint. It will be used with "JavaScript" files, but since eslint is pluggable, it can actually lint a variety of other files as well. SublimeLinter will detect some installed local plugins, and thus it should work automatically for e.g. .vue or .ts files. If it works on the command line, there is a chance it works in Sublime without further ado. Make sure the plugins are installed locally colocated to eslint itself. T.i., technically, both eslint and its plugins are described in the very same package.json. Configuration of the plugins is out-of-scope of this README. Be sure to read their README's as well. (If you just installed a plugin, without proper configuration, eslint will probably show error messages or wrong lint results, and SublimeLinter will just pass them to you.) -
24
Tencent Cloud Code Analysis
Static code analysis
Tencent Cloud Code Analysis (TCA for short, used internally by the R&D code CodeDog ) is a cloud-native, distributed, high-performance comprehensive code analysis and tracking platform that integrates many analysis tools, including server, web and client The three components have integrated a number of self-developed tools, and also support the dynamic integration of analysis tools of various programming languages in the industry. Obtain the Tencent Cloud code analysis platform by deploying TCA Server and Web, and complete the creation of related projects on the platform. After the project is created, you can deploy and configure the Tencent Cloud code analysis client to perform code analysis locally or as an online resident node. Before starting your first code analysis project, you need to deploy the Tencent Cloud Code Analysis client locally. After completing the project configuration on the client, you can start your first code analysis project and view your analysis results. -
25
TypeScript Express Starter
Quick and Easy TypeScript Express Starter
Express consists of JavaScript, which makes it vulnerable to type definitions. That's why we avoid supersets with starter packages that introduce TypeScript. The package is configured to use TypeScript instead of JavaScript. Express is a fast, open and concise web framework and is a Node.js based project. npx is a tool in the JavaScript package management module, npm. This is a tool that allows you to run the npm package on a single run without installing the package. If you do not enter a project name, it defaults to typescript-express-starter. TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, MariaDB, PostgreSQL and SQLite databases. A query language for APIs and a runtime for fulfilling those queries with your existing data.
