static-analysis

There are 171 repositories under static-analysis topic.

• koalaman / shellcheck

  ShellCheck, a static analysis tool for shell scripts

  bashdeveloper-toolshaskelllintershellstatic-analysis
  Language:Haskell 35132
• ImHex

  WerWolv / ImHex

  🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

  analyzerbinary-analysisc-plus-pluscybersecuritydark-modedear-imguidisassemblerforensicshackinghacktoberfesthex-editoripsmathematical-evaluatormulti-platformpattern-languagepreprocessorreverse-engineeringstatic-analysiswindows
  Language:C++ 33176

• astral-sh / ruff

  An extremely fast Python linter and code formatter, written in Rust.

  linterpep8pythonpython3ruffrustrustpythonstatic-analysisstatic-code-analysisstyle-guidestyleguide
  Language:Rust 27076

• realm / SwiftLint

  A tool to enforce Swift style and conventions.

  linterlintingswiftstatic-analysiscode-qualityhacktoberfest
  Language:Swift 18360

• nikic / PHP-Parser

  A PHP parser written in PHP

  phpparseraststatic-analysis
  Language:PHP 16847
• Mobile-Security-Framework-MobSF

  MobSF / Mobile-Security-Framework-MobSF

  Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

  static-analysisdynamic-analysismobsfandroid-securitymobile-securitywindows-mobile-securityios-securityapi-testingweb-securitymalware-analysisruntime-securitydevsecopsapkrestcweowaspmstgmasvsmastg
  Language:JavaScript 16415

• facebook / infer

  A static analyzer for Java, C, C++, and Objective-C

  ccode-qualitycppjavaobjective-cstatic-analysisstatic-code-analysis
  Language:OCaml 14733

• Konloch / bytecode-viewer

  A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

  java-decompilerapkjavaprocyoncfrfernflowerkrakataubytecode-viewerbytecodesmalibaksmalidex2jardecompilerrecompilercompilerwarjspstatic-analysisandroid
  Language:Java 14377
• static-analysis

  analysis-tools-dev / static-analysis

  ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

  static-analysisstatic-analyzerslintercode-qualityawesome-liststatic-code-analysissastanalysis
  Language:Rust 12926
• PHP-CS-Fixer

  PHP-CS-Fixer / PHP-CS-Fixer

  A tool to automatically fix PHP Coding Standards issues

  phpstatic-analysiscode-stylecode-standards
  Language:PHP 12597

• phpstan / phpstan

  PHP Static Analysis Tool - discover bugs in your code without running it!

  phpphp7phpstanstatic-analysisstatic-analyzerstatic-code-analysistesting
  Language:PHP 12581

• ttroy50 / cmake-examples

  Useful CMake Examples

  cmakecpptutorialclangcppcheckstatic-analysisclang-formatunit-testinggoogle-testcatchboostcpackctest
  Language:CMake 12008

• OWASP / owasp-mastg

  The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

  mobile-apppentestingandroid-applicationios-appruntime-analysisnetwork-analysisstatic-analysisreverse-engineeringdynamic-analysismobile-securityandroidioshackingreverse-enginneringmstgtesting-cryptographycompliancy-checklistmastmastg
  Language:Python 11321

• rshipp / awesome-malware-analysis

  Defund the Police.

  malware-analysisawesomeawesome-listlistmalware-samplesanalysis-frameworkdynamic-analysisstatic-analysisthreat-intelligenceautomated-analysisdomain-analysisnetwork-trafficthreatintelmalware-collectionmalware-researchthreat-sharingchinese-translationchinesedrop-ice
  11119

• squizlabs / PHP_CodeSniffer

  PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.

  automationclicoding-standardsphpqastatic-analysis
  Language:PHP 10607

• quay / clair

  Vulnerability Static Analysis for Containers

  containersstatic-analysisgokubernetesdockerocioci-imagevulnerabilitiesclair
  Language:Go 10063
• semgrep

  semgrep / semgrep

  Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

  static-analysisstatic-code-analysisjavagosastsemgrepr2ccpythonrubyjavascripttypescript
  Language:OCaml 9815

• hadolint / hadolint

  Dockerfile linter, validate inline bash, written in Haskell

  dockerdockerfiledockerfile-linterhaskelllintershellcheckstatic-analysis
  Language:Haskell 9792

• SonarSource / sonarqube

  Continuous Inspection

  sonarqubecode-qualitystatic-analysis
  Language:Java 8623
• checkstyle

  checkstyle / checkstyle

  Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

  javastatic-code-analysiscommand-line-toolstatic-analysiscode-quality
  Language:Java 8149
• Scanners-Box

  We5ter / Scanners-Box

  A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

  pentesting-toolshacker-toolsvulnerability-scannersinformation-securityredteam-toolspenetration-testingdevsecopssecurity-automationsmart-contractsprivacy-complianceapk-analysisbinary-analysisexploitation-frameworkmalware-analysissecurity-auditcode-analyzerstatic-analysiswifi-hackingwifi-security
  8010
• grype

  anchore / grype

  A vulnerability scanner for container images and filesystems

  containerssecurityvulnerabilitydockergolanggostatic-analysiscontainer-imagetoolocicyclonedxvulnerabilitieshacktoberfestopenvexvex
  Language:Go 7858

• securego / gosec

  Go security checker

  golangsecuritysecurity-toolssecurity-automationstatic-analysisstatic-code-analysis
  Language:Go 7493
• reviewdog

  reviewdog / reviewdog

  🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

  lintergolintcicode-reviewgithubgitlabcodereviewclicode-qualitystatic-analysisstatic-code-analysisbitbucket
  Language:Go 7416
• brakeman

  presidentbeef / brakeman

  A static analysis security vulnerability scanner for Ruby on Rails applications

  rubyrailssecuritystatic-analysisvulnerabilitiesbrakemansecurity-vulnerabilitysecurity-toolssecurity-audit
  Language:Ruby 6918

• google / error-prone

  Catch common Java mistakes as compile-time errors

  javastatic-analysis
  Language:Java 6732

• facebook / pyre-check

  Performant type-checking for python.

  pythontypecheckertype-checkstatic-analysisocamlcode-qualityabstract-interpretationsecurityprogram-analysistaint-analysiscontrol-flow-analysis
  Language:OCaml 6698
• Detect-It-Easy

  horsicq / Detect-It-Easy

  Program for determining types of files for Windows, Linux and MacOS.

  debuggerdetectunpackerdisassemblerreverse-engineeringelfpackerdetectorbinary-analysisprogram-analysisstatic-analysisentropymalware-analysismalware-researchmachomach-ohacktoberfestpentestscannerhacktoberfest2023
  Language:JavaScript 6662
• tfsec

  aquasecurity / tfsec

  Security scanner for your Terraform code

  terraformsecurityscannerstatic-analysisciawsazuregoogle-cloud-platformcomplianceinfrastructure-as-codedevsecopsvulnerability-scannersmisconfigurationdigitaloceandevopslintergoterraform-securityhacktoberfest
  Language:Go 6583

• bridgecrewio / checkov

  Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

  terraformstatic-analysisawsgcpazureaws-securitycloudformationscanscompliancekubernetesinfrastructure-as-codedevopshacktoberfest
  Language:Python 6579
• detekt

  detekt / detekt

  Static code analysis for Kotlin

  analysiscode-qualitycodesmellsgradle-pluginhacktoberfestkotlinlintlinterstaticstatic-analysis
  Language:Kotlin 6067
• ast-grep

  ast-grep / ast-grep

  ⚡A CLI tool for code structural search, lint and rewriting. Written in Rust

  codemodlinterastbabelcommand-linecommand-line-toolgreptree-sittercodereviewruststatic-analysistypescriptrefactoringsearchstructural-search
  Language:Rust 6020
• go-tools

  dominikh / go-tools

  Staticcheck - The advanced Go linter

  linterlinterssponsorstatic-analysisstaticcheck
  Language:Go 5933

• palantir / tslint

  :vertical_traffic_light: An extensible linter for the TypeScript language

  typescriptlinting-ruleslintertslintstatic-analysisocto-correct-managed
  Language:TypeScript 5909

• ondrajz / go-callvis

  Visualize call graph of a Go program using Graphviz

  callgraphgraphvizvisualizationgolanggolang-toolsstatic-analysisawesome-go
  Language:Go 5757

• davidhalter / jedi

  Awesome autocompletion, static analysis and refactoring library for python

  auto-completepythonrefactoringstatic-analysistype-inference
  Language:Python 5684