Open Source Linux Static Code Analysis Tools - Page 2
Sort By:
Static Code Analysis Tools for Linux
View 17 business solutions-
Gen AI apps are built with MongoDB AtlasMongoDB Atlas provides built-in vector search and a flexible document model so developers can build, scale, and run gen AI apps without stitching together multiple databases. From LLM integration to semantic search, Atlas simplifies your AI architecture—and it’s free to get started.
-
Build Securely on AWS with Proven FrameworksMoving to the cloud brings new challenges. How can you manage a larger attack surface while ensuring great network performance? Turn to Fortinet’s Tested Reference Architectures, blueprints for designing and securing cloud environments built by cybersecurity experts. Learn more and explore use cases in this white paper.
-
1
Ameba
A static code analysis tool for Crystal
Code-style linter for Crystal. A single-celled animal that catches food and moves about by extending fingerlike projections of protoplasm. Ameba is a static code analysis tool for the Crystal language. It enforces a consistent Crystal code style, and also catches code smells and wrong code constructions. Ameba allows you to dig deeper into an issue, by showing you details about the issue and the reasoning behind it being reported. Starting from 0.31.0 Crystal supports parallelism. It allows running linting in parallel too. The default configuration file is .ameba.yml. It allows configuring rule properties, disabling specific rules and excludes sources from the rules. -
2
Code Quality and Security for Java
SonarSource Static Analyzer for Java Code Quality and Security
Hundreds of unique rules to find Java bugs, code smells & vulnerabilities. Sonar static analysis helps you build and maintain high-quality Java code. Covering popular build systems, standards and versions, Sonar elevates your coding game while keeping vulnerabilities at bay. With each Java version, we create dedicated rules so you learn shiny, new features and avoid pitfalls. Consistently find tricky, hard-to-spot issues in your regular expressions. Allow you to effortlessly repair your Java coding issues with just a click. Dozens of rules to ensure your tests are always as clean as your code! Dedicated rules to detect vulnerabilities including ones stemming from OWASP & CWE Top 25 guidelines. It all comes from a powerful analysis engine that we constantly refine. Sonar employs advanced rules along with smart, exclusive analysis techniques to find the trickiest, most elusive issues. -
3
Doctrine extensions for PHPStan
Doctrine extensions for PHPStan
DQL validation for parse errors, unknown entity classes and unknown persistent fields. QueryBuilder validation is also supported. Recognizes magic findBy*, findOneBy* and countBy* methods on EntityRepository. Validates entity fields in repository findBy, findBy, findOneBy, findOneBy, count and countBy method calls. Interprets EntityRepository MyEntity correctly in phpDocs for further type inference of methods called on the repository. Provides correct return for Doctrine\ORM\EntityManager::getRepository(). Provides correct return type for Doctrine\ORM\EntityManager::find, getReference and getPartialReference when Foo::class entity class name is provided as the first argument. Queries are analyzed statically and do not require a running database server. This makes use of the Doctrine DQL parser and entities metadata. -
4
Elixir Code Smells
Catalog of Elixir-specific code smells
Elixir-Code-Smells is a research-driven catalog of code smells specific to the Elixir programming language. Unlike generic code smell lists, this project identifies issues emerging from Elixir’s functional, concurrent, and process-based nature. Initially compiled via grey literature (blogs, talks, forums), the catalog now includes 23 Elixir-specific smells plus 12 traditional smells adapted to Elixir. Each entry documents the name, category, problem, example, refactoring strategy, and step-by-step treatments. The smells are grouped into two categories: design-related (coarse-grained, harder to detect, affecting architecture/processes) and low-level concerns (fine-grained, often readability and maintainability issues). The catalog evolves with community feedback and contributions, aiming to help developers recognize harmful patterns and apply disciplined refactoring to improve maintainability, testability, and performance in Elixir systems. -
Photo and Video Editing APIs and SDKsUnlock Picsart's full editing suite by embedding our Editor SDK directly into your platform. Offer your users the power of a full design suite without leaving your site.
-
5
HTMLHint
The static code analysis tool you need for your HTML
Static code analysis tool you need for your HTML. By default, htmlhint looks for a .htmlhintrc file in the current directory and all parent directories and applies its rules when parsing a file. -
6
JSHint
A tool that helps to detect errors and in your JavaScript code
JSHint is a community-driven tool that detects errors and potential problems in JavaScript code. Since JSHint is so flexible, you can easily adjust it in the environment you expect your code to execute. JSHint is publicly available and will always stay this way. The project aims to help JavaScript developers write complex programs without worrying about typos and language gotchas. Any code base eventually becomes huge at some point, so simple mistakes, that would not show themselves when written, can become show stoppers and add extra hours of debugging. So, static code analysis tools come into play and help developers spot such problems. JSHint scans a program written in JavaScript and reports about commonly made mistakes and potential bugs. The potential problem could be a syntax error, a bug due to an implicit type conversion, a leaking variable, or something else entirely. -
7
PHPDoc-Parser for PHPStan
Next-gen phpDoc parser with support for intersection types
Next-generation phpDoc parser with support for intersection types and generics. This project adheres to a Contributor Code of Conduct. By participating in this project and its community, you are expected to uphold this code. Initially you need to run composer install or composer update in case you aren't working in a folder that was built before. Afterward, you can either run the whole build including linting and coding standards. -
8
Tencent Cloud Code Analysis
Static code analysis
Tencent Cloud Code Analysis (TCA for short, used internally by the R&D code CodeDog ) is a cloud-native, distributed, high-performance comprehensive code analysis and tracking platform that integrates many analysis tools, including server, web and client The three components have integrated a number of self-developed tools, and also support the dynamic integration of analysis tools of various programming languages in the industry. Obtain the Tencent Cloud code analysis platform by deploying TCA Server and Web, and complete the creation of related projects on the platform. After the project is created, you can deploy and configure the Tencent Cloud code analysis client to perform code analysis locally or as an online resident node. Before starting your first code analysis project, you need to deploy the Tencent Cloud Code Analysis client locally. After completing the project configuration on the client, you can start your first code analysis project and view your analysis results. -
9
ngrev
Tool for reverse engineering of Angular applications
Graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship between the different modules, providers, and directives. The tool performs static code analysis which means that you don't have to run your application in order to use it. ngrev is not maintained by the Angular team. It's a side project developed by the open-source community. The application is not signed, so you may have to explicitly allow your mac to run it in System Preferences. You can add your own theme by creating a [theme-name].theme.json file in Electron [userData]/themes. For a sample theme see Dark. Your application needs to be compatible with Angular Ivy compiler. ngrev is not tested with versions older than v11. To stay up to date check the update guide on angular.io. -
Build Securely on Azure with Proven FrameworksMoving to the cloud brings new challenges. How can you manage a larger attack surface while ensuring great network performance? Turn to Fortinet’s Tested Reference Architectures, blueprints for designing and securing cloud environments built by cybersecurity experts. Learn more and explore use cases in this white paper.
-
10
reviewdog
Automated code review tool integrated with any code analysis tools
I’d like to introduce reviewdog! An automated code review tool working with any lint tools and supports local run as well. “reviewdog” provides a way to post review comments to code hosting services, such as GitHub, automatically by integrating with any linter tools with ease. It uses any output of lint tools, with translation if required, and posts them as a comment if the file and line are in diff of patches to review. reviewdog also supports running in a local environment to filter the output of lint tools by diff. We can use various linters and static code analysis tools to detect such problems in local machines, editors, CI services. However, here is the problem. Static analysis tools may report false-positive results. Reporting false-positive results itself is ok, but due to the false-positive results we cannot make build fail and it becomes difficult for us to find true positive results from messed up analysis results. -
11
PhpDependencyAnalysis
Static code analysis to find violations in a dependency graph
PhpDependencyAnalysis is an extendable static code analysis for object-oriented PHP-Projects to generate dependency graphs from abstract datatypes (Classes, Interfaces and Traits) based on namespaces. Dependencies can be aggregated to build graphs for several levels, like Package-Level or Layer-Level. Each dependency can be verified to a defined architecture. -
12
PasCop
Static code analysis for Freepascal
PasCop is a tool for static program analysis of Object Pascal source codes. It helps to comply with the principles of Clean Code Development and supports the developer in creating readable source code. -
13
AWS IoT Fleet Provisioning Library
Client library for using AWS IoT Fleet Provisioning service
The Fleet Provisioning library enables you to provision IoT devices without device certificates using the Fleet Provisioning feature of AWS IoT Core. For an overview of provisioning options available, see Device provisioning. This library has no dependencies on any additional libraries other than the standard C library, and therefore, can be used with any MQTT library. This library is distributed under the MIT Open Source License. This library has gone through code quality checks including verification that no function has a GNU Complexity score over 8, and checks against deviations from mandatory rules in the MISRA coding standard. Deviations from the MISRA C:2012 guidelines are documented under MISRA Deviations. This library has also undergone static code analysis using Coverity static analysis, and validation of memory safety through the CBMC automated reasoning tool. -
14
AWS SigV4 Library
AWS library to sign AWS HTTP requests with Signature Version 4
The AWS SigV4 Library is a standalone library for generating authorization headers and signatures according to the specifications of the Signature Version 4 signing process. Authorization headers are required for authentication when sending HTTP requests to AWS. This library can optionally be used by applications sending direct HTTP requests to AWS services requiring SigV4 authentication. This library has no dependencies on any additional libraries other than the standard C library. This library is distributed under the MIT Open Source License. This library has gone through code quality checks including verification that no function has a GNU Complexity score over 8, and checks against deviations from mandatory rules in the MISRA coding standard. Deviations from the MISRA C:2012 guidelines are documented under MISRA Deviations. This library has also undergone static code analysis using Coverity static analysis, and validation of memory safety through the CBMC automated reasoning tool. -
15
Anduin
A scripting language for industrial software
Anduin aims to replace perl, python, tcl, and others as the workhorse language in industrial programming projects. It places emphasis on enabling the interpreter to perform compile-time static code analysis as a means of closing the development loop faster and letting fewer bugs get to the user. -
16
AutoReplacerPlus
Automatic correction of software bugs and grammar mistakes
Automatic correction of software bugs announced in compilers (clang, gcc) / Static Code Analysis tools (cppcheck, FindBugs) and grammar/style errors like in LanguageTool. Usage: use tool (e.g. cppcheck) and store results in a text file. Afterwards call: autoreplacerplus mytextfile -
17
Code Quality and Security for C#
Code analyzer for C# and VB.NET projects
Sonar offers a single cohesive solution with a consistent set of metrics and hundreds of static analysis rules to detect your coding issues early. Plus fast and high-precision analysis means high value, low noise, and reliable results always. A single solution for dozens of popular languages, development frameworks and IaC platforms. Our powerful language-specific analysis not only detects coding issues but also helps you understand what's wrong and how to fix it. Our publicly available ruleset includes thousands of rules covering various issue categories and language standards. Open the rule in SonarQube / SonarCloud, scroll down and (in case the rule has parameters), you can configure the parameters for each Quality Profile the rule is part of. Standalone NuGet packages can be configured the same way as SonarLint in connected mode. -
18
Credo
A static code analysis tool for the Elixir language
Credo is a static code analysis and linting tool for the Elixir language, with an emphasis on promoting code consistency, teaching best practices, and helping developers identify refactoring opportunities, style inconsistencies, and potentially problematic code patterns. Elixir plugin for JetBrains IDEs (IntelliJ IDEA, Rubymine, PHPStorm, PyCharm, etc). Checks your code from style to security, duplication, complexity, and also integrates with coverage. -
19
DiffReport
Code Difference report
Often I have seen some Huge Maintenance Projects it is always very difficult to track the incremental files for each release and If we want to do that we need to checkout both the branches and use some UI based tool to get the diff of the files finally we end up waiting in front of the PC for a long time and do this job. In many cases we spend more than 2 hrs/day. The time increases if there are more such parallel releases and at the end of the day 1 developer does it as full time job and has zero productivity. I thought of adding value here. This just gets the diff files. Can be used for Static code analysis like PMD to do PMD only for the delta. The current status of the project is in Development". If you wish to add something please mail me. -
20
Error Prone
Catch common Java mistakes as compile-time errors
Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time. It’s common for even the best programmers to make simple mistakes. And sometimes a refactoring that seems safe can leave behind code that will never do what’s intended. We’re used to getting help from the compiler, but it doesn’t do much beyond static type checking. Using Error Prone to augment the compiler’s type analysis, you can catch more mistakes before they cost you time, or end up as bugs in production. We use Error Prone in Google’s Java build system to eliminate classes of serious bugs from entering our code, and we’ve open-sourced it, so you can too. -
21
GoKart
A static analysis tool for securing Go code
GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For instance, a SQL query that is concatenated with a variable might traditionally be flagged as SQL injection; however, GoKart can figure out if the variable is actually a constant or constant equivalent, in which case there is no vulnerability. GoKart also helps to power Chariot, Praetorian's security platform that helps you find, manage, and fix vulnerabilities in your source code and cloud environments. Chariot makes it simple to run automated, continuous GoKart scans on your source code. If you want to try GoKart, you can set up a free Chariot account in minutes. -
22
PEP 8 Speaks
A GitHub app to automatically review Python code style
A GitHub app to automatically review Python code style over Pull Requests. PEP 8 Speaks is a GitHub integration which detects Python code style issues on new Pull Requests. You can install it on your Python projects and configure with your own code style. Check out the project on GitHub. Maintainers of Python projects have a difficult time reviewing Pull Requests by new contributors who may not be aware of the code style. This project makes reviewing Pull Requests a little bit easier. Style issues get lost in the long CI build logs and the authors of the Pull Requests are not notified about them (unless flake8 is strict about failing the build). Thus, new issues are overlooked and introduced in the project. PEP 8 Speaks can read the setup.cfg file and adopt your already existing flake8/pycodestyle settings. PEP 8 Speaks is free of cost. By default, it can not work on private repositories. -
23
PHP Parser
A PHP parser written in PHP
This is a PHP 5.2 to PHP 8.0 parser written in PHP. Its purpose is to simplify static code analysis and manipulation. A parser is useful for static analysis, manipulation of code and basically any other application dealing with code programmatically. A parser constructs an Abstract Syntax Tree (AST) of the code and thus allows dealing with it in an abstract and robust way. As the parser is based on the tokens returned by token_get_all (which is only able to lex the PHP version it runs on), additionally a wrapper for emulating tokens from newer versions is provided. This allows to parse PHP 7.4 source code running on PHP 7.0, for example. This emulation is somewhat hacky and not perfect, but it should work well on any sane code. Support for pretty printing, which is the act of converting an AST into PHP code. Please note that "pretty printing" does not imply that the output is especially pretty. -
24
PHPMD
PHPMD is a spin-off project of PHP Depend
PHPMD is a code analysis tool that helps developers identify potential issues in their PHP code by detecting messy, suboptimal, or overly complex code structures. It acts as a companion to PHP_CodeSniffer, focusing on design and logic problems rather than just formatting. PHPMD supports a wide range of rulesets and can be customized to enforce specific coding standards, making it useful for maintaining clean, efficient, and maintainable codebases. -
25
PHPStan Symfony Framework extensions
Symfony extension for PHPStan
Symfony extension for PHPStan. Sometimes, when you are dealing with optional dependencies, the ::has() methods can cause problems. For example, the following construct would complain that the condition is always either on or off, depending on whether you have the dependency for service installed. You can opt in for more advanced analysis of Symfony Console Commands by providing the console application from your own application. This will allow the correct argument and option types to be inferred when accessing $input-getArgument() or $input->getOption().
