static-analysis

There are 138 repositories under static-analysis topic.

• koalaman / shellcheck

  ShellCheck, a static analysis tool for shell scripts

  haskellshellstatic-analysisbashlinterdeveloper-tools
  Language:Haskell 32203
• ImHex

  WerWolv / ImHex

  🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

  hex-editorreverse-engineeringipsdear-imguidisassembleranalyzermathematical-evaluatorpattern-languagedark-modehacktoberfestforensicsmulti-platformbinary-analysisc-plus-plusstatic-analysiswindowscybersecurityhackingpreprocessor
  Language:C++ 28569

• realm / SwiftLint

  A tool to enforce Swift style and conventions.

  code-qualitylinterlintingstatic-analysisswift
  Language:Swift 17398

• nikic / PHP-Parser

  A PHP parser written in PHP

  phpparseraststatic-analysis
  Language:PHP 16140

• charliermarsh / ruff

  An extremely fast Python linter, written in Rust.

  linterpep8pythonpython3ruffrustrustpythonstatic-analysisstatic-code-analysisstyle-guidestyleguide
  Language:Rust 15077
• Mobile-Security-Framework-MobSF

  MobSF / Mobile-Security-Framework-MobSF

  Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

  static-analysisdynamic-analysispythonmobsfandroid-securitymobile-securitywindows-mobile-securityios-securitymobile-security-frameworkapi-testingweb-securitymalware-analysisruntime-securitydevsecopsapkrestcweowaspmstgmasvs
  Language:JavaScript 14108

• facebook / infer

  A static analyzer for Java, C, C++, and Objective-C

  static-analysisstatic-code-analysiscode-qualityjavaccppobjective-c
  Language:OCaml 14046

• Konloch / bytecode-viewer

  A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

  java-decompilerapkjavaprocyoncfrfernflowerkrakataubytecode-viewerbytecodesmalibaksmalidex2jardecompilerrecompilercompilerwarjspstatic-analysisandroid
  Language:Java 13751
• PHP-CS-Fixer

  PHP-CS-Fixer / PHP-CS-Fixer

  A tool to automatically fix PHP Coding Standards issues

  phpstatic-analysiscode-stylecode-standards
  Language:PHP 11962

• phpstan / phpstan

  PHP Static Analysis Tool - discover bugs in your code without running it!

  phpstanstatic-analysisphpphp7testingstatic-code-analysisstatic-analyzer
  Language:PHP 11894
• static-analysis

  analysis-tools-dev / static-analysis

  ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

  static-analysisstatic-analyzerslintercode-qualityawesome-liststatic-code-analysissastanalysis
  Language:Rust 11321

• ttroy50 / cmake-examples

  Useful CMake Examples

  cmakecpptutorialclangcppcheckstatic-analysisclang-formatunit-testinggoogle-testcatchboostcpackctest
  Language:CMake 10529

• OWASP / owasp-mastg

  The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

  mobile-apppentestingandroid-applicationios-appruntime-analysisnetwork-analysisstatic-analysisreverse-engineeringdynamic-analysismobile-securityandroidioshackingreverse-enginneringmstgtesting-cryptographycompliancy-checklistmastmastg
  Language:Python 10305

• squizlabs / PHP_CodeSniffer

  PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.

  phpcoding-standardsautomationcliqastatic-analysis
  Language:PHP 10211

• rshipp / awesome-malware-analysis

  Defund the Police.

  malware-analysisawesomeawesome-listlistmalware-samplesanalysis-frameworkdynamic-analysisstatic-analysisthreat-intelligenceautomated-analysisdomain-analysisnetwork-trafficthreatintelmalware-collectionmalware-researchthreat-sharingchinese-translationchinesedrop-ice
  9828

• quay / clair

  Vulnerability Static Analysis for Containers

  containersstatic-analysisgokubernetesdockerocioci-imagevulnerabilitiesclair
  Language:Go 9541

• hadolint / hadolint

  Dockerfile linter, validate inline bash, written in Haskell

  dockerfilelintershellcheckhaskelldockerfile-linterdockerstatic-analysis
  Language:Haskell 8626
• semgrep

  returntocorp / semgrep

  Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

  cgojavajavascriptpythonr2crubysastsemgrepstatic-analysisstatic-code-analysistypescript
  Language:OCaml 8218

• SonarSource / sonarqube

  Continuous Inspection

  sonarqubecode-qualitystatic-analysis
  Language:Java 7791
• checkstyle

  checkstyle / checkstyle

  Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

  javastatic-code-analysiscommand-line-toolstatic-analysiscode-quality
  Language:Java 7737
• Scanners-Box

  We5ter / Scanners-Box

  A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

  pentesting-toolshacker-toolsvulnerability-scannersinformation-securityredteam-toolspenetration-testingdevsecopssecurity-automationsmart-contractsprivacy-complianceapk-analysisbinary-analysisexploitation-frameworkmalware-analysissecurity-auditcode-analyzerstatic-analysiswifi-hackingwifi-security
  7246

• securego / gosec

  Golang security checker

  golangsecuritysecurity-toolssecurity-automationstatic-analysisstatic-code-analysis
  Language:Go 6861
• brakeman

  presidentbeef / brakeman

  A static analysis security vulnerability scanner for Ruby on Rails applications

  rubyrailssecuritystatic-analysisvulnerabilitiesbrakemansecurity-vulnerabilitysecurity-toolssecurity-audit
  Language:Ruby 6657

• google / error-prone

  Catch common Java mistakes as compile-time errors

  javastatic-analysis
  Language:Java 6452
• reviewdog

  reviewdog / reviewdog

  🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

  lintergolintcicode-reviewgithubgitlabcodereviewclicode-qualitystatic-analysisstatic-code-analysisbitbucket
  Language:Go 6394

• facebook / pyre-check

  Performant type-checking for python.

  pythontypecheckertype-checkstatic-analysisocamlcode-qualityabstract-interpretationsecurityprogram-analysistaint-analysiscontrol-flow-analysis
  Language:OCaml 6356

• palantir / tslint

  :vertical_traffic_light: An extensible linter for the TypeScript language

  typescriptlinting-ruleslintertslintstatic-analysisocto-correct-managed
  Language:TypeScript 5921
• tfsec

  aquasecurity / tfsec

  Security scanner for your Terraform code

  terraformsecurityscannerstatic-analysisciawsazuregoogle-cloud-platformcomplianceinfrastructure-as-codedevsecopsvulnerability-scannersmisconfigurationdigitaloceandevopslintergoterraform-securityhacktoberfest
  Language:Go 5905
• grype

  anchore / grype

  A vulnerability scanner for container images and filesystems

  containerssecurityvulnerabilitydockergolanggostatic-analysiscontainer-imagetoolocicyclonedxvulnerabilitieshacktoberfest
  Language:Go 5811

• bridgecrewio / checkov

  Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

  terraformstatic-analysisawsgcpazureaws-securityazure-securitygcp-securitycloudformationscanscompliancekuberneteskubernetes-securitydevsecopspolicy-as-codeinfrastructure-as-codedevopsterraform-securityhacktoberfestbicep
  Language:Python 5602
• detekt

  detekt / detekt

  Static code analysis for Kotlin

  staticanalysiskotlincodesmellslintergradle-pluginstatic-analysislintcode-qualityhacktoberfest
  Language:Kotlin 5435

• davidhalter / jedi

  Awesome autocompletion, static analysis and refactoring library for python

  static-analysisauto-completepythonrefactoringtype-inference
  Language:Python 5427

• phan / phan

  Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

  phpstatic-analysisphananalysisanalyzerstatic-code-analysis
  Language:PHP 5423
• go-tools

  dominikh / go-tools

  Staticcheck - The advanced Go linter

  lintersstatic-analysislinterstaticchecksponsor
  Language:Go 5388

• vimeo / psalm

  A static analysis tool for finding errors in PHP applications

  static-analysisphptype-inferencesecurity-analysistaint-analysishacktoberfest
  Language:PHP 5209

• ofabry / go-callvis

  Visualize call graph of a Go program using Graphviz

  awesome-gocallgraphgolanggolang-toolsgraphvizstatic-analysisvisualization
  Language:Go 5192