Open Source Linux Source Code Analysis Tools - Page 2
Sort By:
Source Code Analysis Tools for Linux
View 1279 business solutions-
AI-generated apps that pass security reviewRetool lets you generate dashboards, admin panels, and workflows directly on your data. Type something like “Build me a revenue dashboard on my Stripe data” and get a working app with security, permissions, and compliance built in from day one. Whether on our cloud or self-hosted, create the internal software your team needs without compromising enterprise standards or control.
-
$300 in Free Credit Towards Top Cloud ServicesStart your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale.
-
1
Pulumi
Developer-first infrastructure as code. Your cloud, your language
Pulumi's Infrastructure as Code SDK is the easiest way to create and deploy cloud software that use containers, serverless functions, hosted services, and infrastructure, on any cloud. Simply write code in your favorite language and Pulumi automatically provisions and manages your AWS, Azure, Google Cloud Platform, and/or Kubernetes resources, using an infrastructure-as-code approach. Skip the YAML, and use standard language features like loops, functions, classes, and package management that you already know and love. Pulumi is open source under the Apache 2.0 license, supports many languages and clouds, and is easy to extend. This repo contains the pulumi CLI, language SDKs, and core Pulumi engine, and individual libraries are in their own repos. Walk through end-to-end workflows for creating containers, serverless functions, and other cloud services and infrastructure. -
2
SafeQL
Validate and auto-generate TypeScript types from raw SQL queries
SafeQL is an ESLint plugin for writing SQL queries in a type-safe way. SafeQL automatically infers the type of the query result based on the query itself. SafeQL works with any PostgreSQL client, including Prisma, Sequelize, pg, Postgres.js, and more. SafeQL was built in mind to be easy to use and integrate with your existing codebase. SafeQL was built with monorepos and microservices in mind, and it's easy to use with multiple databases. SafeQL is an ESLint plugin that helps you write SQL (PostgreSQL) queries safely. SafeQL was never meant to replace your current SQL library. Instead, It's a plugin that you can use to add extra functionality to your existing SQL library. It means that you can use SafeQL with any SQL library that you want. You can even use SafeQL with multiple SQL libraries at the same time. -
3
-
4
This project has moved to GitHub ! The version here at SourceForge will remain for historic purpose. Koopa is a parser generator, made for COBOL. It can handle source files in isolation (no preprocessing required) and doesn't mind the presence of CICS/SQL fragments. The grammar is easily extensible in a way which minimizes the impact on the overall code.
-
Fully Managed MySQL, PostgreSQL, and SQL ServerCloud SQL handles your database ops end to end, so you can focus on your app.
-
5
Async PHP
Easily run code asynchronously
Spatie Async is a PHP library that allows developers to run parallel processes using asynchronous tasks. It helps optimize performance by executing long-running or resource-intensive tasks concurrently, instead of sequentially. The library is easy to use and integrates well with existing PHP applications, making it suitable for batch processing, data scraping, or any scenario where concurrency can boost efficiency. -
6
Larastan
Adds code analysis to Laravel improving developer productivity
Larastan was created by Can Vural and Nuno Maduro, got artwork designed by @Caneco, is maintained by Can Vural, Nuno Maduro, and Viktor Szépe, and is a PHPStan wrapper for Laravel. Larastan focuses on finding errors in your code. It catches whole classes of bugs even before you write tests for the code. -
7
codeium-chrome
Free, ultrafast code autocomplete for Chrome
Free, ultrafast code autocomplete for Chrome. Codeium autocompletes your code with AI in all major IDEs. This includes web editors as well. The content attribute accepts a comma-separated list of supported editors. These currently include: "monaco" and "codemirror5". -
8
pmd
An extensible multilanguage static code analyzer
PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, PLSQL, Apache Velocity, XML, and XSL. Additionally, it includes CPD, the copy-paste-detector. CPD finds duplicated code in Java, C, C++, C#, Groovy, PHP, Ruby, Fortran, JavaScript, PLSQL, Apache Velocity, Scala, Objective C, Matlab, Python, Go, Swift and Salesforce.com Apex, and Visualforce. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, Modelica, PLSQL, Apache Velocity, XML, XSL, and Scala. Additionally, it includes CPD, the copy-paste-detector. CPD finds duplicated code in C/C++, C#, Dart, Fortran, Go, Groovy, Java, JavaScript, JSP, Kotlin, Lua, Matlab, Modelica, Objective-C, Perl, PHP, PLSQL, Python, Ruby, Salesforce.com Apex, Scala, Swift, Visualforce and XML. -
9
JSCover
JSCover - JavaScript code coverage
JSCover is a tool that measures code coverage for JavaScript programs. It is an enhanced Java implementation of the excellent JSCoverage tool. -
Full-stack observability with actually useful AI | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
10
A general purpose source code indexer and cross-referencer that provides web-based browsing of source code with links to the definition and usage of any identifier. Supports multiple languages. Up-to-date information in http://lxr.sourceforge.net
-
11
PASTE
An app for storing code, text & more. A popular Open Source pastebin.
Paste is a PHP application for storing code, text and more. DEMO: https://paste.boxlabs.uk/ Initially forked from the freely available source pastebin.com used before the domain was sold in 2010, lots of improvements have been included over the years such as user accounts and a featureful administration backend. See https://github.com/boxlabss/PASTE/blob/master/docs/CHANGELOG.md -
12
GrumPHP
A PHP code-quality tool
Sick and tired of defending code quality over and over again? GrumPHP will do it for you! This composer plugin will register some git hooks in your package repository. When somebody commits changes, GrumPHP will run some tests on the committed code. If the tests fail, you won't be able to commit your changes. This handy tool will not only improve your codebase, it will also teach your co-workers to write better code following the best practices you've determined as a team. GrumPHP has a set of common tasks built in. You will be able to use GrumPHP with a minimum of configuration. We don't want to bore you with all the details, so quick: install it yourself and unleash the power of GrumPHP! -
13
Hack
A typeface designed for source code
Hack includes monospaced regular, bold, italic, and bold italic sets to cover all of your syntax highlighting needs. Over 1500 glyphs that include lovingly tuned extended Latin, modern Greek, and Cyrillic character sets. Powerline glyphs are included in the regular set. Patching is not necessary. Install and go. No frills. No gimmicks. Hack is hand groomed and optically balanced to be your go-to code face. Type design features to improve legibility in the harsh conditions of the screen. A libre typeface with generous licensing that permits modification & commercial use. Hack has deep roots in the libre, open source typeface community and includes the contributions of the Bitstream Vera & DejaVu projects. The face has been re-designed with an expanded glyph set, modifications of the original glyph shapes, and meticulous attention to metrics. -
14
Infer
A static analyzer for Java, C, C++, and Objective-C
Infer is a static analysis tool - if you give Infer some Java or C/C++/Objective-C code it produces a list of potential bugs. Anyone can use Infer to intercept critical bugs before they have shipped to users, and help prevent crashes or poor performance. Infer checks for null pointer exceptions, resource leaks, annotation reachability, missing lock guards, and concurrency race conditions in Android and Java code. Infer checks for null pointer dereferences, memory leaks, coding conventions and unavailable API’s. Start with the Getting Started guide and our other docs to download and try Infer yourself. Infer is still evolving, and we want to continue to develop it in the open. We hope it will be useful for other projects, so please try it out or contribute to it, join the community and give us feedback! -
15
PHP Depend
PHP_Depend is an adaptation of the established Java development tool
PHP_Depend is an adaptation of the established Java development tool JDepend. This tool shows you the quality of your design in terms of extensibility, reusability and maintainability. The maintainers of PHP Depend and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. -
16
SimpleCov
Code coverage for Ruby with a powerful configuration library
Code coverage for Ruby with a powerful configuration library and automatic merging of coverage across test suites. SimpleCov is a code coverage analysis tool for Ruby. It uses Ruby's built-in Coverage library to gather code coverage data, but makes processing its results much easier by providing a clean API to filter, group, merge, format, and display those results, giving you a complete code coverage suite that can be set up with just a couple lines of code. SimpleCov/Coverage track covered ruby code, gathering coverage for common templating solutions like erb, slim and haml is not supported. In most cases, you'll want overall coverage results for your projects, including all types of tests, Cucumber features, etc. SimpleCov automatically takes care of this by caching and merging results when generating reports, so your report actually includes coverage across your test suites and thereby gives you a better picture of blank spots. -
17
Sloc Cloc and Code (scc)
Sloc, Cloc and Code: scc is a very fast accurate code counter
Sloc, Cloc and Code: scc is a very fast accurate code counter with complexity calculations and COCOMO estimates written in pure Go. The tool is similar to cloc, sloccount and tokei. For counting the lines of code, blank lines, comment lines, and physical lines of source code in many programming languages. The goal is to be the fastest code counter possible, but also perform COCOMO calculations like sloccount, estimate code complexity similar to cyclomatic complexity calculators, and produce unique lines of code or DRYness metrics. In short one tool to rule them all. -
18
Static Analysis Tools for PHP
Docker image that provides static analysis tools for PHP
Docker image providing static analysis tools for PHP. The list of available tools and the installer is actually managed in the jakzal/toolbox repository. Docker image with quality analysis tools for PHP. To run the selected tool inside the container, you'll need to mount the project directory on the container with -v "$(pwd):/project". Some tools like to write to the /tmp directory (like PHPStan, or Behat in some cases), therefore it's often useful to share it between docker runs, i.e. with -v "$(pwd)/tmp-phpqa:/tmp". If you want to be able to interrupt the selected tool if it takes too much time to complete, you can use the --init option. Some tools are not included in the docker image, to use them refer to their documentation. Provides utilities to report legacy tests and usage of deprecated code. -
19
SyntaxHighlighter
Self-contained code syntax highlighter developed in JavaScript
SyntaxHighlighter is THE client side highlighter for the web and web-apps! It's been around since 2004 and it's used virtually everywhere to seamlessly highlight code for presentation purposes. The history of this project predates majority of the common web technologies and it has been a challenge to dedicate time and effort to keep it up to date. Everything used to be in one file and assign window variables. SyntaxHighlighter is currently used and has been used in the past by Microsoft, Apache, Mozilla, Yahoo, Wordpress, Bug Labs, Freshbooks and many other companies and blogs. As it always goes with open source, you are welcome to use SyntaxHighlighter free of charge. -
20
elasticsearc-php
PHP low-level client for Elasticsearch
Introducing Elasticsearch DSL library to provide objective query builder for Elasticsearch bundle and elasticsearch-php client. You can easily build any Elasticsearch query and transform it to an array. This agnostic package is a lightweight wrapper on top of the Elasticsearch PHP client. Its main goal is to allow for easier structuring of queries and indices in your application. It does not want to hide or replace the functionality of the Elasticsearch PHP client. Feature complete, object oriented, composable, extendable Elasticsearch query DSL builder for PHP. Deliberately built to be as simple as possible, easily usable and with explicit naming. Elasticsearch Bundle was created in order to serve the need for professional Elasticsearch integration with enterprise level Symfony 2 systems. Automatically generate mappings using a serializer. Listeners for Doctrine events for automatic indexing. -
21
eslint-plugin-jsx-a11y
Static AST checker for a11y rules on JSX elements
Static AST checker for accessibility rules on JSX elements. This plugin does a static evaluation of the JSX to spot accessibility issues in React apps. Because it only catches errors in static code, use it in combination with axe-core/react to test the accessibility of the rendered DOM. Consider these tools just as one step of a larger a11y testing process and always test your apps with assistive technology. If you installed ESLint globally (using the -g flag in npm, or the global prefix in yarn) then you must also install eslint-plugin-jsx-a11y globally. To enable your custom components to be checked as DOM elements, you can set global settings in your configuration file by mapping each custom component name to a DOM element type. Enforce all elements that require alternative text have meaningful information to relay back to the end user. -
22
node-rs
Node.js bindings Rust crates
When Node.js meets Rust. Make rust crates binding to Node.js use napi-rs. -
23
reviewdog
Automated code review tool integrated with any code analysis tools
I’d like to introduce reviewdog! An automated code review tool working with any lint tools and supports local run as well. “reviewdog” provides a way to post review comments to code hosting services, such as GitHub, automatically by integrating with any linter tools with ease. It uses any output of lint tools, with translation if required, and posts them as a comment if the file and line are in diff of patches to review. reviewdog also supports running in a local environment to filter the output of lint tools by diff. We can use various linters and static code analysis tools to detect such problems in local machines, editors, CI services. However, here is the problem. Static analysis tools may report false-positive results. Reporting false-positive results itself is ok, but due to the false-positive results we cannot make build fail and it becomes difficult for us to find true positive results from messed up analysis results. -
24
Web Application Protection
Tool to detect and correct vulnerabilities in PHP web applications
WAP automatic detects and corrects input validation vulnerabilities in web applications written in PHP Language (version 4.0 or higher) and with a low rate of false positives. WAP detects the following vulnerabilities: - SQL injection using MySQL, PostgreSQL and DB2 DBMS - Reflected cross-site scripting (XSS) - Stored XSS - Remote file inclusion - Local file inclusion - Directory traversal - Source code disclosure - OS command injection - PHP code injection WAP is a static analysis tool that performs taint analysis to detect vulnerabilities, tracking malicious users inputs and checking if they reach calls of sensitive functions. It has a low rate of false positives because has implemented a data mining module to predict false positives when detects vulnerabilities. The output of the tool is: - shows the vulnerabilities found and how they are corrected - new files with the corrections -
25
Source Navigator NG is a source code analysis tool. With it, you can edit your source code, display relationships between classes and functions and members, and display call trees. You can navigate your source code and easily get to declarations or implementations of functions, variables and macros (commonly called "symbols") which helps you discovering and mapping unknown source code for enhancement or maintenance tasks.
