Tools
Dynamic Analysis
The uncompromising Python code formatter
🦙 MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues in your repository sources with a GitHub Action, other CI tools or locally.
Optional static typing for Python
Lightweight static analysis for many languages. Find bugs, enforce code standards, and block insecure code.
Find and fix problems in your JavaScript code.
A Python static code analyzer that looks for programming errors, helps enforce a coding standard, and sniffs for code smells.
A wrapper around pycodestyle, pyflakes, and McCabe for checking the style guide enforcement in Python code.
A security-oriented static analyzer for Python code to find common security issues.
Semantic code analysis engine from GitHub to query code like data.
Continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities.
Continuous code quality management platform that automatically finds and fixes issues in code.
A code linter for Rust that helps you write idiomatic code.
Examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string.
PHP Static Analysis Tool - discover bugs in your code without running it!
API security testing tool that helps you discover and fix security vulnerabilities in your APIs.
A static analysis tool for C/C++ code.
A Python static code analyzer that looks for programming errors, helps enforce a coding standard, and sniffs for code smells.
A static analysis tool for finding errors in PHP applications.
A clang-based C++ “linter” tool that provides an extensible framework for diagnosing and fixing typical programming errors.
A Ruby static code analyzer and formatter, based on the community Ruby style guide.
ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase.
CogniCrypt is a plugin for the Eclipse IDE that supports developers in using cryptography in their Java applications.
A language server for Rust.
GolangCI-Lint is a linters aggregator.
Fast Python linter, written in Rust. 10-100x faster than existing linters. Compatible with Python 3.10. Supports file watcher.
staticcheck is a go vet on steroids, applying static analysis to your Go code.
PVS-Studio is a tool for bug detection in the source code of programs, written in C, C++, and C#.
An opinionated code formatter.
Audit Cargo.lock for crates with security vulnerabilities reported to the RustSec Advisory Database.
SAST Online is a static application security testing tool that helps you find security vulnerabilities in your code.
A tool to automatically fix PHP coding standards issues.
Strict coding standard for Kotlin and a linter that detects and auto-fixes code smells.
Sigrid helps you to improve your software by measuring your system’s code quality, and then compares the results against a benchmark of thousands of industry systems to give you concrete advice on areas where you can improve
CodeScene is a quality visualization tool that helps you prioritize technical debt, detect delivery risks, and manage the social aspects of your codebase.
A modern static analyzer from etsy
A tool for formatting Rust code according to style guidelines.
A static analysis security vulnerability scanner for Ruby on Rails applications.
A tool to analyse the dependencies of your PHP project.
A sound and extensible static analyzer for C code.
A static code analysis tool for PHP.
CLI to generate an interactive graph of functions and calls from your TypeScript files
Static type checker for Python, created to address gaps in existing tools like mypy.
A fast, efficient, and correct Rust build system.
Static analysis tool for C, C++, C#, and Java codebases.
Static code analysis tool for Python, Go, Ruby, and JavaScript.
Simplifies Go code by removing extraneous whitespace and ensuring proper indentation.
SQLFluff is a dialect-flexible and configurable SQL linter.
A tool to enforce Swift style and conventions.
Autocompletion/static analysis library for Python.
Security analysis tool for Ethereum smart contracts.
Static Analysis
Generate a candidate suite of tests for your .NET code.
Pex automatically generates test suites with high code coverage using automated white box analysis.
Analyzes un-instrumented ELF core files for leaks, memory growth, and corruption. It helps explain memory growth, can identify some forms of corruption, and supplements a debugger by giving the status of various memory locations
Symbolic virtual machine built on top of the LLVM compiler infrastructure.
LDRA Testbed is a software analysis and testing tool suite that provides static and dynamic analysis, and unit testing for embedded applications.
A collection of modular and reusable compiler and toolchain technologies.
A programming tool for memory debugging, memory leak detection, and profiling.
A runtime statistics visualization tool for Go.
A model checker for Java bytecode programs.
Automated Java software testing and static analysis tool.
A dynamic code analysis tool for JavaScript. Iroh allows to record your code flow in realtime, intercept runtime informations and manipulate program behaviour on the fly.
Jalangi2 is a popular framework for writing dynamic analyses for JavaScript.