Search Results for "static code analysis" - Page 2
Sort By:
Showing 56 open source projects for "static code analysis"
View related business solutions-
AI-generated apps that pass security reviewRetool lets you generate dashboards, admin panels, and workflows directly on your data. Type something like “Build me a revenue dashboard on my Stripe data” and get a working app with security, permissions, and compliance built in from day one. Whether on our cloud or self-hosted, create the internal software your team needs without compromising enterprise standards or control.
-
Cut Cloud Costs with Google Compute EngineSave on compute costs with Compute Engine. Reduce your batch jobs and workload bill 60-91% with Spot VMs. Compute Engine's committed use offers customers up to 70% savings through sustained use discounts. Plus, you get one free e2-micro VM monthly and $300 credit to start.
-
1
Soufflé
Datalog variant for tool designers crafting analyses in Horn clauses
Rapid prototyping for your analysis problems with logic; enabling deep design-space explorations; designed for large-scale static analysis; e.g., points-to analysis for Java, taint-analysis, and security checks. Futamura projections/partial evaluation for effective translation to parallel C++; optimized staged compilation; specialized data-structures for logical relations. -
2
PHPStan
Dscover bugs in your code without running it!
PHPStan finds bugs in your code without writing tests. It's open-source and free. PHPStan scans your whole codebase and looks for both obvious & tricky bugs. Even in those rarely executed if statements that certainly aren't covered by tests. You can run it on your machine and in CI to prevent those bugs ever reaching your customers in production. Thanks to rule levels you don't get overwhelmed with thousands of errors on the first run. You can increase PHPStan's capabilities on your code at... -
3
PHPDoc-Parser for PHPStan
Next-gen phpDoc parser with support for intersection types
Next-generation phpDoc parser with support for intersection types and generics. This project adheres to a Contributor Code of Conduct. By participating in this project and its community, you are expected to uphold this code. Initially you need to run composer install or composer update in case you aren't working in a folder that was built before. Afterward, you can either run the whole build including linting and coding standards. -
4
kube-score
Kubernetes object analysis with recommendations
Kubernetes object analysis with recommendations for improved reliability and security. kube-score is a tool that does static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resilient. kube-score is open-source and available under the MIT-license. -
Go From Idea to Deployed AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
5
Zine
Fast, Scalable, Flexible Static Site Generator (SSG)
A Zine site is a collection of content files and layouts. Zine turns your content into HTML, styles it using your layouts, and finally copies the result (alongside other assets like images) into an output directory that you can then publish on static hosting services like GitHub Pages. Zine uses a structured approach to content authoring that helps keep sizeable content collections manageable. Similarly, the build process uses surgical dependency tracking to ensure minimal rebuilds, keeping... -
6
AWS IoT Device Defender Library
Client library for using AWS IoT Defender service on embedded devices
...This library has no dependencies on any additional libraries other than the standard C library, and therefore, can be used with any MQTT client library. This library is distributed under the MIT Open Source License. This library has gone through code quality checks including verification that no function has a GNU Complexity score over 8, and checks against deviations from mandatory rules in the MISRA coding standard. Deviations from the MISRA C:2012 guidelines are documented under MISRA Deviations. This library has also undergone static code analysis using Coverity static analysis. -
7
Doctrine extensions for PHPStan
Doctrine extensions for PHPStan
DQL validation for parse errors, unknown entity classes and unknown persistent fields. QueryBuilder validation is also supported. Recognizes magic findBy*, findOneBy* and countBy* methods on EntityRepository. Validates entity fields in repository findBy, findBy, findOneBy, findOneBy, count and countBy method calls. Interprets EntityRepository MyEntity correctly in phpDocs for further type inference of methods called on the repository. Provides correct return for... -
8
bearer
Code security scanning tool (SAST) to discover security risks
Welcome to the Bearer documentation. Bearer is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). We provides built-in rules against a common set of security risks and vulnerabilities, known as OWASP Top 10. Leakage of sensitive data through cookies, internal loggers, third-party logging services, and into analytics environments. ... -
9
RuboCop Rails
A RuboCop extension focused on enforcing Rails best practices
A RuboCop extension focused on enforcing Rails best practices and coding conventions. It’s based on the community-driven Rails style guide. You need to tell RuboCop to load the Rails extension. Now you can run rubocop and it will automatically load the RuboCop Rails cops together with the standard cops. If you are using Rails 6.1 or newer, add the following config.generators.after_generate setting to your config/application.rb to apply RuboCop autocorrection to code generated by bin/rails g.... -
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
10
AWS IoT Jobs library
Client library for using AWS IoT Jobs service on embedded devices
...This library provides a convenience API to compose and recognize the MQTT topic strings used by the Jobs service. The library is written in C compliant with ISO C90 and MISRA C:2012, and is distributed under the MIT Open Source License. This library has gone through code quality checks including verification that no function has a GNU Complexity score over 8, and checks against deviations from mandatory rules in the MISRA coding standard. Deviations from the MISRA C:2012 guidelines are documented under MISRA Deviations. This library has also undergone both static code analysis from Coverity. -
11
PHPStan Symfony Framework extensions
Symfony extension for PHPStan
Symfony extension for PHPStan. Sometimes, when you are dealing with optional dependencies, the ::has() methods can cause problems. For example, the following construct would complain that the condition is always either on or off, depending on whether you have the dependency for service installed. You can opt in for more advanced analysis of Symfony Console Commands by providing the console application from your own application. This will allow the correct argument and option types to be... -
12
pkgdown
Generate static html documentation for an R package
pkgdown is an R package (by the r-lib group) whose purpose is to generate static websites (HTML) for R packages, automatically converting a package’s help files, vignettes, README, NEWS, etc., into a documentation website. It helps package authors share their documentation online with minimal friction. It supports custom templates, themes, and configuration. pkgdown 2.0.0 includes an upgrade from Bootstrap 3 to Bootstrap 5, which is accompanied by a whole bunch of minor UI improvements. If... -
13
Ruff
An extremely fast Python linter, written in Rust
An extremely fast Python linter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), isort, pydocstyle, yesqa, eradicate, pyupgrade, and autoflake, all while executing tens or hundreds of times faster than any individual tool. Ruff is extremely actively developed and used in major open-source projects. Ruff can be configured... -
14
Rubberduck
Every programmer needs a rubberduck. COM add-in for the VBA & VB6 IDE
Rubberduck aims to bring the VBIDE into this century. Rubberduck understands Classic-VB code like no other add-in, giving it superior static code analysis capabilities that go far above and beyond what is possible with simple text-based analysis. Avoid common pitfalls (some not-so-common) with dozens (100+) of configurable inspections. Gain full control over module and member attributes, create a virtual folder hierarchy, and document modules and procedures, all with special comment annotations. ... -
15
PHPMD
PHPMD is a spin-off project of PHP Depend
PHPMD is a code analysis tool that helps developers identify potential issues in their PHP code by detecting messy, suboptimal, or overly complex code structures. It acts as a companion to PHP_CodeSniffer, focusing on design and logic problems rather than just formatting. PHPMD supports a wide range of rulesets and can be customized to enforce specific coding standards, making it useful for maintaining clean, efficient, and maintainable codebases. -
16
Twitter's Jetpack Compose Rules
Static checks to aid with a healthy adoption of Compose
...This is where our static checks come in. We want to detect as many potential issues as we can, as quickly as we can. In this case, we want an error to show prior to engineers having to review the code. Similar to other static check libraries we hope this leads to a "don't shoot the messengers" philosophy which will foster healthy Compose adoption. -
17
JSHint
A tool that helps to detect errors and in your JavaScript code
...So, static code analysis tools come into play and help developers spot such problems. JSHint scans a program written in JavaScript and reports about commonly made mistakes and potential bugs. The potential problem could be a syntax error, a bug due to an implicit type conversion, a leaking variable, or something else entirely. -
18
AWS IoT Over-the-air Update Library
Manage the notification of a newly available update
The OTA library enables you to manage the notification of a newly available update, download the update, and perform cryptographic verification of the firmware update. Using the library, you can logically separate firmware updates from the application running on your devices. The OTA library can share a network connection with the application, saving memory in resource-constrained devices. In addition, the OTA library lets you define application-specific logic for testing, committing, or... -
19
Security Code Scan
Vulnerability Patterns Detector for C# and VB.NET
...Other editors that support Roslyn-based analyzers like Rider or OmniSharp should work too. Security Code Scan (SCS) is not a Linter. It is a real static analysis tool that does extensive computations. Thus installing it as a Visual Studio extension or NuGet package will slow down your Visual Studio IDE. -
20
GoKart
A static analysis tool for securing Go code
GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For instance, a SQL query that is concatenated with a variable might traditionally be flagged as SQL injection; however, GoKart can figure out if the variable is actually a constant or constant equivalent, in which case there is no vulnerability. ... -
21
generator-ngx-rocket
Extensible Angular 13+ enterprise-grade project generator
...Asset revisioning for better cache management. Unit tests using Jasmine, Karma, and headless Chrome. End-to-end tests using Protractor. Static code analysis: TSLint, Codelyzer, Stylelint and HTMLHint. Local knowledgebase server using Hads. Progressive Web App (PWA) support. -
22
checkstyle
static code analysis tool for Java
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program. -
23
ngrev
Tool for reverse engineering of Angular applications
...It allows you to navigate in the structure of your application and observe the relationship between the different modules, providers, and directives. The tool performs static code analysis which means that you don't have to run your application in order to use it. ngrev is not maintained by the Angular team. It's a side project developed by the open-source community. The application is not signed, so you may have to explicitly allow your mac to run it in System Preferences. You can add your own theme by creating a [theme-name].theme.json file in Electron [userData]/themes. ... -
24
phpcs-security-audit v3
A set of PHP_CodeSniffer rules that finds vulnerabilities
phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code. It currently has core PHP rules as well as Drupal 7-specific rules. The tool also checks for CVE issues and security advisories related to the CMS/framework. This enables you to follow the versioning of components during static code analysis. The main reason for this project being an extension of PHP_CodeSniffer is to have easy integration into continuous integration systems. ... -
25
codelyzer
Static analysis for Angular projects
A set of tslint rules for static code analysis of Angular TypeScript projects. (If you are using ESLint check out the new angular-eslint repository.). You can run the static code analyzer over web apps, NativeScript, Ionic, etc. Note that by default all components are aligned with the style guide so you won't see any errors in the console. Codelyzer supports any template and style language by custom hooks.
