Skip to content

A list of static analysis tools and code quality checkers for many programming languages

Notifications You must be signed in to change notification settings

dseguy/awesome-static-analysis

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

72 Commits
 
 
 
 

Repository files navigation

Awesome static analysis Awesome

A collection of static analysis tools and code quality checkers for all programming languages.
Explanation: [OSS] stands for Open-Source-Software, [PROPRIETARY] stands for proprietary software.

C

  • CMetrics [OSS] - Measures size and complexity for C files

C++

  • cppcheck [OSS] - static analysis of C/C++ code
  • PVS Studio [PROPRIETARY] - static analysis of C/C++ code

C#

  • ReSharper [PROPRIETARY] - Extends Visual Studio with on-the-fly code inspections for C#, VB.NET, ASP.NET, JavaScript, TypeScript and other technologies

Docker

Elixir

  • credo [OSS] - A static code analysis tool with a focus on code consistency and teaching.

Go

  • go/ast [OSS] - Package ast declares the types used to represent syntax trees for Go packages.
  • gocyclo [OSS] - Calculate cyclomatic complexities of functions in Go source code
  • Go Meta Linter [OSS] - Concurrently run Go lint tools and normalise their output
  • go vet [OSS] - Examines Go source code and reports suspicious constructs
  • safesql [OSS] - Static analysis tool for Golang that protects against SQL injections

Groovy

  • CodeNarc [OSS] - a static analysis tool for Groovy source code, enabling monitoring and enforcement of many coding standards and best practices

HTML

  • HTMLHint [OSS] - A Static Code Analysis Tool for HTML
  • HTML Inspector [OSS] - HTML Inspector is a code quality tool to help you and your team write better markup.

Java

  • checkstyle [OSS] - checking Java source code for adherence to a Code Standard or set of validation rules (best practices)
  • Error-prone [OSS] - Catch common Java mistakes as compile-time errors·
  • fb-contrib [OSS] - A plugin for FindBugs with additional bug detectors
  • Findbugs [OSS] - FindBugs is a program to find bugs in Java programs. It looks for patterns are likely to be errors.
  • PMD [OSS] - A Java source code analyzer

JavaScript

  • aether [OSS] - Lint, analyze, normalize, transform, sandbox, run, step through, and visualize user JavaScript, in node or the browser.
  • ClosureLinter [OSS] - ensures that all of your project's JavaScript code follows the guidelines in the Google JavaScript Style Guide. It can also automatically fix many common errors
  • complexity-report [OSS] - Software complexity analysis for JavaScript projects
  • escomplex [OSS] - Software complexity analysis of JavaScript-family abstract syntax trees.
  • eslint [OSS] - A fully pluggable tool for identifying and reporting on patterns in JavaScript
  • Esprima [OSS] - ECMAScript parsing infrastructure for multipurpose analysis
  • quality [OSS] - zero configuration code and module linting
  • jshint [OSS] - detect errors and potential problems in JavaScript code and enforce your team's coding conventions
  • JSLint [PROPRIETARY] - The JavaScript Code Quality Tool
  • plato [OSS] - Visualize JavaScript source complexity
  • yardstick [OSS] - Javascript code metrics
  • XO [OSS] - Enforce strict code style. Never discuss code style on a pull request again!

Lua

  • luacheck [OSS] - A tool for linting and static analysis of Lua code.

Python

  • flake8 [OSS] - the modular source code checker: pep8, pyflakes and co
  • jedi [OSS] - autocompletion/static analysis library for Python
  • Linty fresh [OSS] - Surface lint errors during code review
  • mypy [OSS] - an experimental optional static type checker for Python that aims to combine the benefits of dynamic (or "duck") typing and static typing
  • prospector [OSS] - output information about errors, potential problems, convention violations and complexity in Python code
  • pyflakes [OSS] - A simple program which checks Python source files for errors.
  • pylint [OSS] - Looks for programming errors, helps enforcing a coding standard and sniffs for some code smells

PHP

  • DesignPatternDetector [OSS] - detection of design patterns in PHP code
  • exakat [OSS] - An automated code reviewing engine for PHP
  • GrumPHP [OSS] - checks code on every commit
  • phan [OSS] - a modern static analyzer from etsy
  • phpcpd [OSS] - Copy/Paste Detector (CPD) for PHP code.
  • PHP_CodeSniffer [OSS] - detects violations of a defined set of coding standards
  • phpdcd [OSS] - Dead Code Detector (DCD) for PHP code.
  • PhpDependencyAnalysis [OSS] - builds a dependency graph for a project
  • phpsa [OSS] - Static analysis tool for PHP.
  • PHPMD [OSS] - finds possible bugs in your code
  • PhpMetrics [OSS] - calculates code complexity metrics
  • PHP Refactoring Browser [OSS] - Refactoring helper
  • PHP-Token-Reflection [OSS] - Library emulating the PHP internal reflection
  • PHP-Parser [OSS] - A PHP parser written in PHP
  • Tuli [OSS] - A static analysis engine
  • twig-lint [OSS] - twig-lint is a lint tool for your twig files.

R

  • lintr [PROPRIETARY] - Static Code Analysis for R

Ruby

  • brakeman [OSS] - A static analysis security vulnerability scanner for Ruby on Rails applications
  • cane [OSS] - Code quality threshold checking as part of your build
  • dawnscanner [OSS] - a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
  • flay [OSS] - Flay analyzes code for structural similarities.
  • flog [OSS] - Flog reports the most tortured code in an easy to read pain report. The higher the score, the more pain the code is in.
  • laser [OSS] - Static analysis and style linter for Ruby code.
  • Mondrian [OSS] - a set of static analysis and refactoring tools for more abstraction
  • pelusa [OSS] - Static analysis Lint-type tool to improve your OO Ruby code
  • quality [OSS] - Runs quality checks on your code using community tools, and makes sure your numbers don't get any worse over time.
  • reek [OSS] - Code smell detector for Ruby
  • rubocop [OSS] - A Ruby static code analyzer, based on the community Ruby style guide.
  • rubycritic [OSS] - A Ruby code quality reporter
  • ruby-lint [OSS] - Static code analysis for Ruby
  • SandyMeter [OSS] - Static analysis tool for checking Ruby code for Sandi Metz' rules.

Rust

  • clippy [OSS] - a code linter to catch common mistakes and improve your Rust code

Scala

  • linter [OSS] - Linter is a Scala static analysis compiler plugin which adds compile-time checks for various possible bugs, inefficiencies, and style problems.
  • ScalaStyle [OSS] - Scalastyle examines your Scala code and indicates potential problems with it.
  • scapegoat [OSS] - Scala compiler plugin for static code analysis
  • WartRemover [OSS] - a flexible Scala code linting tool.

Shell

  • shellcheck [OSS] - ShellCheck, a static analysis tool that gives warnings and suggestions for bash/sh shell scripts

Swift

  • SwiftLint [OSS] - A tool to enforce Swift style and conventions

Meta

Multiple languages

  • Coverity Save [PROPRIETARY] - Static analysis for C/C++, Java and C#
  • oclint [OSS] - A static source code analysis tool to improve quality and reduce defects for C, C++ and Objective-C
  • pfff [OSS] - Facebook's tools for code analysis, visualizations, or style-preserving source transformation for many languages
  • STOKE [OSS] - a programming-language agnosti stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations
  • XCode [PROPRIETARY/OSS] - XCode provides a pretty decend UI for Clang's static code analyzer (C/C++, Obj-C)

Web-Services

  • Codacy [PROPRIETARY] - Code Analysis to ship Better Code, Faster.
  • Code Climate [PROPRIETARY] - The open and extensible static analysis platform, for everyone.
  • Functor Prevent [PROPRIETARY] - Static code analysis for C code.
  • Nitpick CI [PROPRIETARY] - Automated PHP code review
  • QuantifiedCode [PROPRIETARY] - Automated code review & repair
  • Scrutinizer [PROPRIETARY] - A proprietery code quality checker that can be integrated with GitHub
  • kiuwan [PROPRIETARY] - Software Analytics in the Cloud supporting more than 22 programming languages.

License

CC0

To the extent possible under law, Matthias Endler has waived all copyright and related or neighboring rights to this work.

About

A list of static analysis tools and code quality checkers for many programming languages

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published