Repository: analysis-tools-dev/static-analysis Branch: master Commit: 9aa5fbf463ad Files: 792 Total size: 1.0 MB Directory structure: gitextract_w_qirf0l/ ├── .github/ │ ├── FUNDING.yml │ ├── ISSUE_TEMPLATE/ │ │ ├── --suggest-tool.yaml │ │ └── new-issue.md │ ├── dependabot.yml │ ├── pull_request_template.md │ └── workflows/ │ ├── auto-merge.yml │ ├── ci.yml │ ├── links.yml │ ├── render.yml │ ├── stale.yml │ └── stats.yml ├── .gitignore ├── .lycheeignore ├── .vscode/ │ └── settings.json ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md └── data/ ├── .gitignore ├── README.md ├── api/ │ ├── .gitignore │ ├── README.md │ ├── stats/ │ │ ├── tags.json │ │ └── tools.json │ ├── tags.json │ └── tools.json ├── render/ │ ├── .gitignore │ ├── Cargo.toml │ ├── clippy.toml │ ├── src/ │ │ ├── bin/ │ │ │ └── main.rs │ │ ├── lib.rs │ │ ├── lints.rs │ │ ├── stats.rs │ │ └── types.rs │ └── templates/ │ └── README.md ├── tags.yml └── tools/ ├── Meziantou.Analyzer.yml ├── SonarAnalyzer.CSharp.yml ├── abaplint.yml ├── abapopenchecks.yml ├── actionlint.yml ├── active-record-doctor.yml ├── aether.yml ├── after-the-deadline.yml ├── ale.yml ├── alex.yml ├── aligncheck.yml ├── alquitran.yml ├── ameba.yml ├── anchore.yml ├── android-lint-summary.yml ├── android-lint.yml ├── android-studio.yml ├── angr.yml ├── angular-eslint.yml ├── ansible-lint.yml ├── appchecker.yml ├── application-inspector.yml ├── applicationinspector.yml ├── appscan-source.yml ├── archunit.yml ├── archunitnet.yml ├── arkitect.yml ├── ast-grep.yml ├── astre.yml ├── atom-beautify.yml ├── autocorrect.yml ├── autoflake.yml ├── autopep8.yml ├── axe-core.yml ├── axivion-bauhaus-suite.yml ├── azsk.yml ├── bandit.yml ├── bashate.yml ├── bearer.yml ├── bellybutton.yml ├── better-code-hub.yml ├── betterscan.yml ├── binbloom.yml ├── binskim.yml ├── biome.yml ├── black-duck.yml ├── black.yml ├── bloaty.yml ├── blockwatch.yml ├── bodyclose.yml ├── bootlint.yml ├── bowler.yml ├── brakeman.yml ├── brittany.yml ├── buf.yml ├── bugprove.yml ├── bullet.yml ├── bundler-audit.yml ├── c2rust.yml ├── cakefuzzer.yml ├── callGraph.yml ├── cane.yml ├── cargo-audit.yml ├── cargo-bloat.yml ├── cargo-breaking.yml ├── cargo-call-stack.yml ├── cargo-deny.yml ├── cargo-expand.yml ├── cargo-geiger.yml ├── cargo-inspect.yml ├── cargo-semver-checks.yml ├── cargo-show-asm.yml ├── cargo-spellcheck.yml ├── cargo-udeps.yml ├── cargo-unused-features.yml ├── cast-highlight.yml ├── cbmc.yml ├── cfn-lint.yml ├── cfn_nag.yml ├── chap.yml ├── chart-testing.yml ├── checker-framework.yml ├── checkmake.yml ├── checkmarx-cxsast.yml ├── checkov.yml ├── checkstyle.yml ├── chktex.yml ├── churn-php.yml ├── churn.yml ├── ciocheck.yml ├── ck.yml ├── ckjm.yml ├── clair.yml ├── clang-tidy.yml ├── classgraph.yml ├── clayton.yml ├── clazy.yml ├── clippy.yml ├── clj-kondo.yml ├── closure-compiler.yml ├── closurelinter.yml ├── cloud-iac-security.yml ├── cloudformation-guard.yml ├── clusterlint.yml ├── cmetrics.yml ├── coala.yml ├── cobra.yml ├── codacy.yml ├── code-climate.yml ├── code-cracker.yml ├── code-graph-rag.yml ├── code-pathfinder.yml ├── codeac.yml ├── codeburner.yml ├── codechecker.yml ├── codecov.yml ├── codedepends.yml ├── codefactor.yml ├── codeflow.yml ├── codeintelligence.yml ├── codelyzer.yml ├── codemodder.yml ├── codenarc.yml ├── codeql.yml ├── codeque.yml ├── coderabbit.yml ├── coderush.yml ├── codescan.yml ├── codescene.yml ├── codesee.yml ├── codesonar-from-grammatech.yml ├── codespell.yml ├── codety.yml ├── codiga.yml ├── coffeelint.yml ├── cognicrypt.yml ├── cohesion.yml ├── collector.yml ├── commitlint.yml ├── complexity-report.yml ├── composer-dependency-analyser.yml ├── cookstyle.yml ├── corgea.yml ├── corrode.yml ├── coverity.yml ├── cpachecker.yml ├── cpp-linter-action.yml ├── cppcheck.yml ├── cppdepend.yml ├── cpplint.yml ├── cqc.yml ├── cqmetrics.yml ├── credential-digger.yml ├── credo.yml ├── crystal.yml ├── cscout.yml ├── csharpessentials.yml ├── css-stats.yml ├── csscomb.yml ├── csslint.yml ├── cwe_checker.yml ├── cyclocomp.yml ├── d-scanner.yml ├── dagda.yml ├── dart-code-metrics.yml ├── database_consistency.yml ├── dataflow-framework.yml ├── datree.yml ├── dawnscanner.yml ├── dbcritic.yml ├── deadcode.yml ├── deadnix.yml ├── deal.yml ├── deepcode.yml ├── deepscan.yml ├── deepsource.yml ├── deleaker.yml ├── delphilint.yml ├── dennis.yml ├── deno_lint.yml ├── depends.yml ├── dephpend.yml ├── deprecation-detector.yml ├── deptrac.yml ├── derscanner.yml ├── designite.yml ├── designitejava.yml ├── designpatterndetector.yml ├── detect-secrets.yml ├── detekt.yml ├── devskim.yml ├── dialyxir.yml ├── dialyzer.yml ├── diesel-guard.yml ├── diffblue.yml ├── diffrs.yml ├── diktat.yml ├── dingo-hunter.yml ├── dlint.yml ├── docker-label-inspector.yml ├── dockle.yml ├── dodgy.yml ├── dogsled.yml ├── doop.yml ├── dotenv-linter-rust.yml ├── dotenv-linter.yml ├── dotnet-format.yml ├── drnim.yml ├── dupl.yml ├── dylint.yml ├── easycodingstandard.yml ├── effective_dart.yml ├── electrolysis.yml ├── elm-analyse.yml ├── elm-review.yml ├── elvis.yml ├── ember-template-lint.yml ├── embold.yml ├── emerge.yml ├── enforster.yml ├── enlightn.yml ├── enre-cpp.yml ├── enre-java.yml ├── enre-py.yml ├── enre-ts.yml ├── erb-formatter.yml ├── erb-lint.yml ├── errcheck.yml ├── error-prone.yml ├── errwrap.yml ├── es6-plato.yml ├── esbmc.yml ├── escomplex.yml ├── eslint.yml ├── esprima.yml ├── exakat.yml ├── ezno.yml ├── fantomas.yml ├── fasterer.yml ├── fb-contrib.yml ├── find-security-bugs.yml ├── fix-insight.yml ├── fixinator.yml ├── fixit.yml ├── flake8.yml ├── flakeheaven.yml ├── flawfinder.yml ├── flay.yml ├── flen.yml ├── flint.yml ├── flog.yml ├── flow.yml ├── flowdroid.yml ├── flowr.yml ├── foodcritic.yml ├── forbidden-apis.yml ├── fortify.yml ├── fortitude.yml ├── fprettify.yml ├── frama-c.yml ├── freeplane-code-explorer.yml ├── frink.yml ├── fsharplint.yml ├── fta.yml ├── fukuzatsu.yml ├── gawk-lint.yml ├── gcc.yml ├── gendarme.yml ├── gherkin-lint.yml ├── ghidra.yml ├── gitguardian-internel-monitoring.yml ├── gitleaks.yml ├── gixy.yml ├── go-consistent.yml ├── go-critic.yml ├── go-meta-linter.yml ├── go-tool-vet-shadow.yml ├── go-vet.yml ├── goast-rego.yml ├── goast.yml ├── goblint.yml ├── gochecknoglobals.yml ├── goconst.yml ├── gocyclo.yml ├── gofmt-s.yml ├── gofumpt.yml ├── goimports.yml ├── gokart.yml ├── golangci-lint.yml ├── golint.yml ├── goodcheck.yml ├── goodpractice.yml ├── google-java-format.yml ├── goone.yml ├── goreporter.yml ├── goroutine-inspect.yml ├── gosec-gas.yml ├── gotype.yml ├── govulncheck.yml ├── graphmycsscom.yml ├── graudit.yml ├── griffe.yml ├── grumphp.yml ├── grunt-bootlint.yml ├── grype.yml ├── gulp-bootlint.yml ├── haml-lint.yml ├── haskell-dockerfile-linter.yml ├── hasmysecretleaked.yml ├── haxe-checkstyle.yml ├── hegel.yml ├── helix-qac.yml ├── herbie.yml ├── hlint.yml ├── holistic.yml ├── hopper-gui.yml ├── hopper.yml ├── hound-ci.yml ├── html-inspector.yml ├── html-tidy.yml ├── html-validate.yml ├── htmlbeautifier.yml ├── htmlhint.yml ├── huntbugs.yml ├── i-code-cnes-for-fortran.yml ├── i-code-cnes-for-shell.yml ├── iblessing.yml ├── ida-free.yml ├── ikos.yml ├── imhotep.yml ├── include-gardener.yml ├── ineffassign.yml ├── infer.yml ├── infersharp.yml ├── inspectortiger.yml ├── intellij-idea.yml ├── interfacer.yml ├── ionide-analyzers.yml ├── iverilog.yml ├── jakstab.yml ├── jarchitect.yml ├── jbmc.yml ├── jeb-decomplier.yml ├── jedi.yml ├── jet.yml ├── jlisa.yml ├── joern.yml ├── jqassistant.yml ├── jshint.yml ├── jslint.yml ├── jsonlint.yml ├── jsprime.yml ├── kani.yml ├── keploy.yml ├── kics.yml ├── kiuwan.yml ├── klee.yml ├── klint.yml ├── klocwork.yml ├── kmdr.yml ├── krane.yml ├── ktfmt.yml ├── ktlint.yml ├── kube-hunter.yml ├── kube-lint.yml ├── kube-linter.yml ├── kube-score.yml ├── kubeconform.yml ├── kubelinter.yml ├── kubeval.yml ├── lacheck.yml ├── langlint.yml ├── languagetool.yml ├── larastan.yml ├── laser.yml ├── ldra.yml ├── lgtm.yml ├── libvcs4j.yml ├── lint.yml ├── linter-for-dart.yml ├── linter-rust.yml ├── linter.yml ├── lintian.yml ├── lintr.yml ├── linty-fresh.yml ├── liquidhaskell.yml ├── lizard.yml ├── lll.yml ├── lockbud.yml ├── lockfile-lint.yml ├── luacheck.yml ├── lualint.yml ├── luanalysis.yml ├── lunasec.yml ├── mago.yml ├── malcat.yml ├── maligned.yml ├── manalyze.yml ├── mariana-trench.yml ├── markdownlint.yml ├── mate.yml ├── mbake.yml ├── mccabe.yml ├── mcsema.yml ├── mdformat.yml ├── mdl.yml ├── mdsf.yml ├── mega-linter.yml ├── metadata-json-lint.yml ├── metric_fu.yml ├── mirai.yml ├── misshit.yml ├── misspell-fixer.yml ├── misspell.yml ├── misspelled-words-in-context.yml ├── mlint.yml ├── mobb.yml ├── mondrian.yml ├── mopsa.yml ├── multilint.yml ├── mypy.yml ├── mythril.yml ├── mythx.yml ├── nagelfar.yml ├── nakedret.yml ├── nargs.yml ├── nauz-file-detector.yml ├── ndepend.yml ├── net-analyzers.yml ├── neurolint-cli.yml ├── nimfmt.yml ├── njsscan.yml ├── nodejsscan.yml ├── noir.yml ├── nu-html-checker.yml ├── nullaway.yml ├── o360.yml ├── oclint.yml ├── oelint-adv.yml ├── open-static-analyzer.yml ├── openrewrite.yml ├── openscap.yml ├── osv-scanner.yml ├── oversecured.yml ├── owasp-dependency-check.yml ├── oxc.yml ├── pa11y.yml ├── packj.yml ├── paprika.yml ├── parallel-lint.yml ├── parasoft.yml ├── parker.yml ├── parse.yml ├── pascal-analyzer.yml ├── pascal-expert.yml ├── pc-lint.yml ├── pdepend.yml ├── pelusa.yml ├── perlanalyzer.yml ├── perlcritic.yml ├── perltidy.yml ├── pfff.yml ├── pgspot.yml ├── phan.yml ├── phasar.yml ├── php-architecture-tester.yml ├── php-assumptions.yml ├── php-coding-standards-fixer.yml ├── php-insights.yml ├── php-inspections-ea-extended.yml ├── php-parser.yml ├── php-refactoring-browser.yml ├── php-semantic-versioning-checker.yml ├── php-speller.yml ├── php-token-reflection.yml ├── php7cc.yml ├── php7mar.yml ├── php_codesniffer.yml ├── phpca.yml ├── phpcpd.yml ├── phpdcd.yml ├── phpdependencyanalysis.yml ├── phpdeprecationdetector.yml ├── phpdoc-to-typehint.yml ├── phpdocumentor.yml ├── phploc.yml ├── phpmd.yml ├── phpmetrics.yml ├── phpmnd.yml ├── phpqa-jakzal.yml ├── phpqa-jmolivas.yml ├── phpqa.yml ├── phpsa.yml ├── phpstan.yml ├── pip-audit.yml ├── pixee.yml ├── plato.yml ├── pmd.yml ├── polymer-analyzer.yml ├── polyspace-bug-finder.yml ├── polyspace-code-prover.yml ├── polyspace-for-ada.yml ├── portlint.yml ├── postcss.yml ├── prae.yml ├── pre-commit.yml ├── prealloc.yml ├── precaution.yml ├── prettier.yml ├── primitive-erlang-security-tool-pest.yml ├── progpilot.yml ├── project-wallace-css-analyzer.yml ├── promformat.yml ├── promval.yml ├── pronto.yml ├── proselint.yml ├── prospector.yml ├── protolint.yml ├── prusti.yml ├── psalm.yml ├── ptpm.yml ├── ptsecurity.yml ├── pullrequest.yml ├── puma-scan.yml ├── puppet-lint.yml ├── pure.yml ├── putout.yml ├── pvs-studio.yml ├── py-find-injection.yml ├── pyanalyze.yml ├── pycodestyle.yml ├── pydocstyle.yml ├── pyflakes.yml ├── pylama.yml ├── pylint.yml ├── pylyzer.yml ├── pyra.yml ├── pyre-check.yml ├── pyrefly.yml ├── pyright.yml ├── pyroma.yml ├── pysa.yml ├── pyt-python-taint.yml ├── pytype.yml ├── pyupgrade.yml ├── qafoo-quality-analyzer.yml ├── qark.yml ├── quality.yml ├── qualys-container-security.yml ├── quantifiedcode.yml ├── querly.yml ├── qulice.yml ├── qwiet.yml ├── r-language-server.yml ├── radon.yml ├── railroader.yml ├── rails_best_practices.yml ├── rco.yml ├── rector.yml ├── redex.yml ├── reek.yml ├── refactorfirst.yml ├── refactoring-essentials.yml ├── reflection.yml ├── refurb.yml ├── regal.yml ├── relint.yml ├── remark-lint.yml ├── resharper.yml ├── retirejs.yml ├── rev-dep.yml ├── reviewdog.yml ├── revive.yml ├── rhabdomancer.yml ├── rips.yml ├── roodi.yml ├── roslyn-analyzers.yml ├── roslyn-security-guard.yml ├── roslynator.yml ├── rpmlint.yml ├── rslint.yml ├── rubocop.yml ├── rubrowser.yml ├── ruby-lint.yml ├── rubycritic.yml ├── rudra.yml ├── ruff.yml ├── rufo.yml ├── rust-analyzer.yml ├── rust-audit.yml ├── rust-language-server.yml ├── rustfix.yml ├── rustfmt.yml ├── rustviz.yml ├── safeql.yml ├── safesql.yml ├── safety.yml ├── saikuro.yml ├── sandimeter.yml ├── sass-lint.yml ├── sast-online.yml ├── scalastyle.yml ├── scan-build.yml ├── scapegoat.yml ├── scorecard.yml ├── scrutinizer.yml ├── scsslint.yml ├── security-code-scan.yml ├── semgrep-supply-chain.yml ├── semgrep.yml ├── seqra.yml ├── sh.yml ├── shellcheck.yml ├── shellharden.yml ├── shiftleft-scan.yml ├── shipshape.yml ├── shisho.yml ├── sigrid.yml ├── similarity-tester.yml ├── skunk.yml ├── skylos.yml ├── sleek.yml ├── slim-lint.yml ├── slither.yml ├── snyk.yml ├── sobelow.yml ├── solhint.yml ├── solium.yml ├── sonar-delphi.yml ├── sonarqube-cloud.yml ├── sonarqube-for-ide.yml ├── sonarqube-server.yml ├── sonatype.yml ├── soot.yml ├── sorbet.yml ├── soto.yml ├── sourcemeter.yml ├── spark.yml ├── specificity-graph.yml ├── spectral.yml ├── splint.yml ├── spoon.yml ├── spotbugs.yml ├── sqlcheck.yml ├── sqlfluff.yml ├── sqlint.yml ├── sqlvet.yml ├── squawk.yml ├── stan.yml ├── standard-ruby.yml ├── standard.yml ├── staticcheck.yml ├── staticlint.yml ├── staticreviewer.yml ├── statix.yml ├── stc.yml ├── steady.yml ├── steampunk-spotter.yml ├── steep.yml ├── stoke.yml ├── structcheck.yml ├── structslop.yml ├── stylelint.yml ├── styler.yml ├── super-linter.yml ├── svace.yml ├── svf.yml ├── svls.yml ├── swiftformat.yml ├── swiftlint.yml ├── symfony-insight.yml ├── synopsys.yml ├── sys.yml ├── sysdig.yml ├── tailor.yml ├── tangleguard.yml ├── tca.yml ├── tclchecker.yml ├── teamscale.yml ├── tern.yml ├── terraform-compliance.yml ├── terrascan.yml ├── test.yml ├── texlab.yml ├── textlint.yml ├── tflint.yml ├── tfsec.yml ├── threatmapper.yml ├── todocheck.yml ├── traceroute.yml ├── trivy.yml ├── trufflehog.yml ├── trunk.yml ├── trustinsoft.yml ├── tscancode.yml ├── tslint-clean-code.yml ├── tslint-microsoft-contrib.yml ├── tslint.yml ├── tsqllint.yml ├── tsqlrules.yml ├── tsunami.yml ├── tuli.yml ├── twig-lint.yml ├── twiggy.yml ├── ty.yml ├── typescript-call-graph.yml ├── typescript-eslint.yml ├── typl.yml ├── typos ├── unconvert.yml ├── undebt.yml ├── understand.yml ├── unibeautify.yml ├── unimport.yml ├── unparam.yml ├── upsource.yml ├── vale.yml ├── varcheck.yml ├── vera.yml ├── veracode.yml ├── verible-linter-action.yml ├── verifast.yml ├── verilator.yml ├── vetur.yml ├── vint.yml ├── violations-lib.yml ├── visual-expert.yml ├── vscode-verilog-hdl-support.yml ├── vsdiagnostics.yml ├── vuls.yml ├── vulture.yml ├── wala.yml ├── wap.yml ├── warnalyzer.yml ├── wartremover.yml ├── wasm-language-tools.yml ├── weeder.yml ├── weggli.yml ├── wemake-python-styleguide.yml ├── whitehat-application-security-platform.yml ├── wily.yml ├── wintellectanalyzers.yml ├── wotan.yml ├── write-good.yml ├── wsl.yml ├── xcode.yml ├── xenon.yml ├── xo.yml ├── xygeni.yml ├── yamllint.yml ├── yapf.yml ├── yardstick.yml ├── zarn.yml ├── zod.yml ├── zpa.yml └── zydis.yml ================================================ FILE CONTENTS ================================================ ================================================ FILE: .github/FUNDING.yml ================================================ github: analysis-tools-dev open_collective: analysis-tools ================================================ FILE: .github/ISSUE_TEMPLATE/--suggest-tool.yaml ================================================ name: ⚙️ Suggest Tool description: Suggest a new tool to be added to the list title: "⚙️ New Tool Suggestion: " labels: [suggestion] assignees: - mre body: - type: markdown attributes: value: | ❤️ Thank you for taking the time to suggest a new tool! - type: input attributes: label: Tool Name? validations: required: true - type: textarea attributes: label: Description description: What does the tool do? A clear and concise description of what you want to happen. validations: required: true - type: checkboxes attributes: label: Tool category description: A tool can be a formatter, a linter, or both. options: - label: 🌈 Formatter required: false - label: 🔍 Linter required: false - type: textarea attributes: label: tags description: A list of tags (languages) that this tool supports. (See [here](https://github.com/analysis-tools-dev/static-analysis/blob/master/data/tags.yml) for a list of options) placeholder: | * c * cpp * go * js validations: required: true - type: input attributes: label: License description: The license of the tool (e.g. MIT, Apache, or proprietary) validations: required: false - type: checkboxes attributes: label: How can the tool be used? options: - label: Command Line required: false - label: Web Service required: false - label: IDE-Plugin required: false - type: input attributes: label: Source URL description: URL to the source code (if the tool is open source) placeholder: https://github.com/tool/repo validations: required: false - type: input attributes: label: Source URL description: URL to tool homepage (if any) placeholder: https://example.com validations: required: false - type: textarea attributes: label: Resources description: Found a nice product video or a blog post about a tool? Please add it here. placeholder: | * [Product Video](https://www.youtube.com/watch?v=dQw4w9WgXcQ) * [Article](https://analysis-tools.dev/blog/our-mission) validations: required: false ================================================ FILE: .github/ISSUE_TEMPLATE/new-issue.md ================================================ --- name: New issue about: Describe this issue template's purpose here. title: '' labels: '' assignees: '' --- ================================================ FILE: .github/dependabot.yml ================================================ version: 2 updates: - package-ecosystem: cargo directory: "/data/render" schedule: interval: daily time: "11:00" open-pull-requests-limit: 10 ================================================ FILE: .github/pull_request_template.md ================================================ * [ ] I have not changed the `README.md` directly. ================================================ FILE: .github/workflows/auto-merge.yml ================================================ name: auto-merge on: pull_request: jobs: auto-merge: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: ahmadnassri/action-dependabot-auto-merge@v2 with: github-token: ${{ secrets.AUTOMERGE_TOKEN }} ================================================ FILE: .github/workflows/ci.yml ================================================ name: CI on: pull_request: branches: [master] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Prevent file change uses: xalvarez/prevent-file-change-action@v1 with: githubToken: ${{ secrets.GITHUB_TOKEN }} pattern: README.md trustedAuthors: mre, jakubsacha - name: Render list run: make render-skip-deprecated ================================================ FILE: .github/workflows/links.yml ================================================ name: Links on: repository_dispatch: workflow_dispatch: schedule: - cron: "00 18 * * *" jobs: linkChecker: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Link Checker uses: lycheeverse/lychee-action@master with: args: --accept 200,204,429 README.md env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - name: Create Issue From File if: env.lychee_exit_code != 0 uses: peter-evans/create-issue-from-file@v4 with: title: Link Checker Report content-filepath: ./lychee/out.md labels: report, automated issue ================================================ FILE: .github/workflows/render.yml ================================================ name: Render on: push: branches: [master] jobs: build: runs-on: ubuntu-latest permissions: # Give the default GITHUB_TOKEN write permission to commit and push the # added or changed files to the repository. contents: write steps: - uses: actions/checkout@v3 - name: Render list run: make render env: GITHUB_TOKEN: ${{ github.token }} - uses: stefanzweifel/git-auto-commit-action@v4.1.2 with: commit_message: Commit list commit_user_name: Analysis Tools Bot commit_user_email: bot@analysis-tools.dev commit_author: Analysis Tools Bot - name: Redeploy website uses: peter-evans/repository-dispatch@v3 with: token: ${{ secrets.REPO_ACCESS_TOKEN }} repository: analysis-tools-dev/website-next event-type: rebuild ================================================ FILE: .github/workflows/stale.yml ================================================ name: "Close stale issues" on: schedule: - cron: "0 4 * * *" jobs: stale: runs-on: ubuntu-latest steps: - uses: actions/stale@v4.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: > This issue has been automatically marked as stale because it has not had recent activity in the last 60 days. It will be closed in 7 days if no further activity occurs. Thank you for your contributions. days-before-stale: 60 days-before-close: 7 stale-issue-label: stale ================================================ FILE: .github/workflows/stats.yml ================================================ name: Stats on: repository_dispatch: workflow_dispatch: # Disable cron for now as we have not migrated our analytics yet # schedule: # - cron: "00 22 * * *" jobs: stats: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 with: token: ${{ secrets.GH_STATS_COMMIT_TOKEN }} - name: Install logcli run: | rm -rf logcli.zip logcli-linux-amd64 wget -nc -q -O "logcli.zip" "https://github.com/grafana/loki/releases/download/v2.4.2/logcli-linux-amd64.zip" unzip logcli.zip chmod a+x logcli-linux-amd64 - name: Run logcli run: | mkdir -p data/api/stats/ ./logcli-linux-amd64 -q --org-id=${ORG_ID} instant-query 'topk(25, sum(count_over_time({path=~"/tool/.*"}[7d])) by (path))' > data/api/stats_tools_raw.json cat data/api/stats_tools_raw.json | jq '[.[] | {(.metric.path | sub("^\/tool\/"; "")): (.value[1]|tonumber) }] | add' > data/api/stats/tools_unsorted.json cat data/api/stats/tools_unsorted.json | jq 'to_entries | sort_by(.value) | reverse | from_entries' > data/api/stats/tools.json rm data/api/stats/tools_unsorted.json rm data/api/stats_tools_raw.json ./logcli-linux-amd64 -q --org-id=${ORG_ID} instant-query 'topk(25, sum(count_over_time({path=~"/tag/.*"}[7d])) by (path))' > data/api/stats_tags_raw.json cat data/api/stats_tags_raw.json | jq '[.[] | {(.metric.path | sub("^\/tool\/"; "")): (.value[1]|tonumber) }] | add' > data/api/stats/tags_unsorted.json cat data/api/stats/tags_unsorted.json | jq 'to_entries | sort_by(.value) | reverse | from_entries' > data/api/stats/tags.json rm data/api/stats/tags_unsorted.json rm data/api/stats_tags_raw.json env: ORG_ID: ${{secrets.LOKI_ORG_ID}} LOKI_ADDR: http://loki.jorgelbg.me - uses: stefanzweifel/git-auto-commit-action@v4.1.2 with: branch: ${{ github.head_ref }} commit_message: Commit list commit_user_name: Analysis Tools Bot commit_user_email: bot@analysis-tools.dev commit_author: Analysis Tools Bot ================================================ FILE: .gitignore ================================================ logcli-linux-amd64 logcli.zip ================================================ FILE: .lycheeignore ================================================ # Bot detection issue mathworks.com # Forbidden https://www.freepik.com/ # (Occasional) Timeouts https://npo-echelon.ru/en/solutions/appchecker.php https://www.qualys.com/apps/container-security # 415 Unsupported Media Type (site works in browser) dickgrune.com zigrin.com # Cloudflare bot protection spinroot.com # npmjs.com blocks automated requests https://www.npmjs.com/package/tslint-clean-code # GitHub wiki intermittent 502 https://github.com/flowr-analysis/flowr/wiki/Terminology#program-slice ================================================ FILE: .vscode/settings.json ================================================ { "cSpell.words": [ "dlang", "verilog" ] } ================================================ FILE: CONTRIBUTING.md ================================================ # Thank you for contributing Please feel free to open a pull request if you know of a static analysis tool that is not mentioned here. If you're in doubt if a tool is a good fit for the list, **don't open an issue, but create a pull request right away** because that's easier to handle. Thanks! :smiley: ### Requirements Each tool on the list should be - actively maintained (more than one contributor) - actively used (have **more than 20 stars on Github or similar impact**) - relatively mature (project exists for at least three months) ### Format ⚠️ **The main `README.md` is just a rendered version of the data. Do not edit it manually.** To add a new tool, please create a file in the `data/tools` directory like `data/tools/.yml`. Feel free to check out a few other YAML files in that directory to see how it should look like. - Make each tool description as precise as possible. Please limit the description to **500 characters**. - Add a license. If it's a proprietary tool, use `license: proprietary`. - Please add as many tags as possible. You can choose from the tags in `data/tags.yml` If a tool does not match any existing tag, feel free to add a new tag but also add it to `data/tags.yml`. Finally, create a pull request with all your changes. You can call `make render` to check for errors before. This is optional, because it will also be done when creating a pull request. ### How to mark a tool as unmaintained/deprecated Sometimes a tool becomes unmaintained and there's nothing wrong with that. After all, a tool can still be very valuable to the community - even without frequent updates. However, since it is one of the goals of this project to allow people to make an informed decision on what is the best tool for the job, we are marking unmaintained or deprecated tools after a while. [Here](https://github.com/mre/awesome-static-analysis/issues/223) is a nice discussion about why we think this is necessary. If you find a tool, which is unmaintained, please add `deprecated: true` to the entry in `data/tools/` and create a pull request in which you provide an objective explanation as to why you think the tool should be marked deprecated. Every deprecation will be handled on a case-by-case basis. **Thanks for helping out!** :tada: ================================================ FILE: LICENSE ================================================ MIT License Copyright (c) 2021 The analysis tools developers Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ================================================ FILE: Makefile ================================================ # Static Analysis Tools Repository Makefile .PHONY: render render-skip-deprecated check clippy fmt test clean help # Default target shows help help: @echo "Available targets:" @echo " render - Render README.md and JSON API from YAML sources" @echo " render-skip-deprecated - Render without deprecated tools" @echo " check - Run cargo check" @echo " clippy - Run clippy lints" @echo " fmt - Format Rust code" @echo " test - Run tests" @echo " clean - Clean build artifacts" @echo " help - Show this help" # Main rendering targets render: cargo run --manifest-path data/render/Cargo.toml -- --tags data/tags.yml --tools data/tools --md-out README.md --json-out data/api render-skip-deprecated: cargo run --manifest-path data/render/Cargo.toml -- --tags data/tags.yml --tools data/tools --md-out README.md --json-out data/api --skip-deprecated # Development targets check: cargo check --manifest-path data/render/Cargo.toml clippy: cargo clippy --manifest-path data/render/Cargo.toml -- -D warnings fmt: cargo fmt --manifest-path data/render/Cargo.toml test: cargo test --manifest-path data/render/Cargo.toml clean: cargo clean --manifest-path data/render/Cargo.toml ================================================ FILE: README.md ================================================ Analysis Tools Website This repository lists **static analysis tools** for all programming languages, build tools, config files and more. The focus is on tools which improve code quality such as linters and formatters. The official website, [analysis-tools.dev](https://analysis-tools.dev/) is based on this repository and adds rankings, user comments, and additional resources like videos for each tool. [![Website](https://img.shields.io/badge/Website-Online-2B5BAE)](https://analysis-tools.dev) ![CI](https://github.com/analysis-tools-dev/static-analysis/workflows/CI/badge.svg) [![Links](https://github.com/analysis-tools-dev/static-analysis/actions/workflows/links.yml/badge.svg)](https://github.com/analysis-tools-dev/static-analysis/actions/workflows/links.yml) ## Sponsors This project would not be possible without the generous support of our sponsors.
Pixee
If you also want to support this project, head over to our [Github sponsors page](https://github.com/sponsors/analysis-tools-dev). ## Meaning of Symbols: - :copyright: stands for proprietary software. All other tools are Open Source. - :information_source: indicates that the community does not recommend to use this tool for new projects anymore. The icon links to the discussion issue. - :warning: means that this tool was not updated for more than 1 year, or the repo was archived. Pull requests are very welcome! Also check out the sister project, [awesome-dynamic-analysis](https://github.com/mre/awesome-dynamic-analysis). ## Table of Contents #### [Programming Languages](#programming-languages-1) - [ABAP](#abap) - [Ada](#ada) - [Assembly](#asm) - [Awk](#awk) - [C](#c) - [C#](#csharp) - [C++](#cpp) - [Clojure](#clojure) - [CoffeeScript](#coffeescript) - [ColdFusion](#coldfusion) - [Crystal](#crystal) - [Dart](#dart) - [Delphi](#delphi) - [Dlang](#dlang) - [Elixir](#elixir) - [Elm](#elm) - [Erlang](#erlang) - [F#](#fsharp) - [Fortran](#fortran) - [Go](#go) - [Groovy](#groovy) - [Haskell](#haskell) - [Haxe](#haxe) - [Java](#java) - [JavaScript](#javascript) - [Julia](#julia) - [Kotlin](#kotlin) - [Lua](#lua) - [MATLAB](#matlab) - [Nim](#nim) - [Ocaml](#ocaml) - [PHP](#php) - [PL/SQL](#plsql) - [Perl](#perl) - [Python](#python) - [R](#r) - [Rego](#rego) - [Ruby](#ruby) - [Rust](#rust) - [SQL](#sql) - [Scala](#scala) - [Shell](#shell) - [Swift](#swift) - [Tcl](#tcl) - [TypeScript](#typescript) - [Verilog/SystemVerilog](#verilog) - [Vim Script](#vim-script) - [WebAssembly](#wasm) #### [Multiple Languages](#multiple-languages-1) #### [Other](#other-1)
Show Other - [.env](#dotenv) - [Ansible](#ansible) - [Archive](#archive) - [Azure Resource Manager](#arm) - [Binaries](#binary) - [Build tools](#buildtool) - [CSS/SASS/SCSS](#css) - [Config Files](#configfile) - [Configuration Management](#configmanagement) - [Containers](#container) - [Continuous Integration](#ci) - [Deno](#deno) - [Dockerfile](#dockerfile) - [Embedded](#embedded) - [Embedded Ruby (a.k.a. ERB, eRuby)](#erb) - [Gherkin](#gherkin) - [HTML](#html) - [JSON](#json) - [Kubernetes](#kubernetes) - [LaTeX](#latex) - [Laravel](#laravel) - [Makefiles](#make) - [Markdown](#markdown) - [Metalinter](#meta) - [Mobile](#mobile) - [Nix](#nix) - [Node.js](#nodejs) - [Packages](#package) - [Prometheus](#prometheus) - [Protocol Buffers](#protobuf) - [Puppet](#puppet) - [Rails](#rails) - [Security/SAST](#security) - [Smart Contracts](#smart-contracts) - [Support](#support) - [Template-Languages](#template) - [Terraform](#terraform) - [Translation](#translation) - [Vue.js](#vue) - [Writing](#writing) - [YAML](#yaml) - [git](#git)
--- ## Programming Languages

ABAP

- [abaplint](https://abaplint.org) — Linter for ABAP, written in TypeScript. - [abapOpenChecks](https://docs.abapopenchecks.org) — Enhances the SAP Code Inspector with new and customizable checks.

Ada

- [Polyspace for Ada](https://www.mathworks.com/products/polyspace-ada.html) :copyright: — Provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in source code. - [SPARK](https://www.adacore.com/about-spark) :copyright: — Static analysis and formal verification toolset for Ada.

Assembly

- **STOKE** :warning: — A programming-language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations.

Awk

- [gawk --lint](https://www.gnu.org/software/gawk/manual/html_node/Options.html) — Warns about constructs that are dubious or nonportable to other awk implementations.

C

- [Astrée](https://www.absint.com/astree/index.htm) :copyright: — Astrée automatically proves the absence of runtime errors and invalid con­current behavior in C/C++ applications. It is sound for floating-point computations, very fast, and exceptionally precise. The analyzer also checks for MISRA/CERT/CWE/Adaptive Autosar coding rules and supports qualification for ISO 26262, DO-178C level A, and other safety standards. Jenkins and Eclipse plugins are available. - [CBMC](http://www.cprover.org/cbmc) — Bounded model-checker for C programs, user-defined assertions, standard assertions, several coverage metric analyses. - [clang-tidy](https://clang.llvm.org/extra/clang-tidy) — Clang-based C++ linter tool with the (limited) ability to fix issues, too. - [clazy](https://github.com/KDE/clazy) — Qt-oriented static code analyzer based on the Clang framework. clazy is a compiler plugin which allows clang to understand Qt semantics. You get more than 50 Qt related compiler warnings, ranging from unneeded memory allocations to misusage of API, including fix-its for automatic refactoring. - [CMetrics](https://github.com/MetricsGrimoire/CMetrics) — Measures size and complexity for C files. - [CPAchecker](https://cpachecker.sosy-lab.org) — A tool for configurable software verification of C programs. The name CPAchecker was chosen to reflect that the tool is based on the CPA concepts and is used for checking software programs. - [cppcheck](https://cppcheck.sourceforge.io) — Static analysis of C/C++ code. - [CppDepend](https://www.cppdepend.com) :copyright: — Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity. - [cpplint](https://github.com/cpplint/cpplint) — Automated C++ checker that follows Google's style guide. - [cqmetrics](https://github.com/dspinellis/cqmetrics) — Quality metrics for C code. - [CScout](https://www.spinellis.gr/cscout) — Complexity and quality metrics for C and C preprocessor code. - **ENRE-cpp** :warning: — ENRE (ENtity Relationship Extractor) is a tool for extraction of code entity dependencies or relationships from source code. ENRE-cpp is a ENtity Relationship Extractor for C/C++ based on @eclipse/CDT. (Under development) - [ESBMC](http://esbmc.org) — ESBMC is an open source, permissively licensed, context-bounded model checker based on satisfiability modulo theories for the verification of single- and multi-threaded C/C++ programs. - **flawfinder** :warning: — Finds possible security weaknesses. - **flint++** :warning: — Cross-platform, zero-dependency port of flint, a lint program for C++ developed and used at Facebook. - [Frama-C](https://www.frama-c.com) — A sound and extensible static analyzer for C code. - [GCC](https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html) — The GCC compiler has static analysis capabilities since version 10. This option is only available if GCC was configured with analyzer support enabled. It can also output its diagnostics to a JSON file in the SARIF format (from v13). - [Goblint](https://goblint.in.tum.de) — A static analyzer for the analysis of multi-threaded C programs. Its primary focus is the detection of data races, but it also reports other runtime errors, such as buffer overflows and null-pointer dereferences. - [Helix QAC](https://www.perforce.com/products/helix-qac) :copyright: — Enterprise-grade static analysis for embedded software. Supports MISRA, CERT, and AUTOSAR coding standards. - [IKOS](https://github.com/nasa-sw-vnv/ikos) — A sound static analyzer for C/C++ code based on LLVM. - [KLEE](http://klee.github.io/) — A dynamic symbolic execution engine built on top of the LLVM compiler infrastructure. It can auto-generate test cases for programs such that the test cases exercise as much of the program as possible. - [LDRA](https://ldra.com) :copyright: — A tool suite including static analysis (TBVISION) to various standards including MISRA C & C++, JSF++ AV, CWE, CERT C, CERT C++ & Custom Rules. - **MATE** :warning: — A suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++ code. MATE unifies application-specific and low-level vulnerability analysis using code property graphs (CPGs), enabling the discovery of highly application-specific vulnerabilities that depend on both implementation details and the high-level semantics of target C/C++ programs. - [PC-lint](https://pclintplus.com/) :copyright: — Static analysis for C/C++. Runs natively under Windows/Linux/MacOS. Analyzes code for virtually any platform, supporting C11/C18 and C++17. - [Phasar](https://phasar.org) — A LLVM-based static analysis framework which comes with a taint and type state analysis. - [Polyspace Bug Finder](https://www.mathworks.com/products/polyspace-bug-finder.html) :copyright: — Identifies run-time errors, concurrency issues, security vulnerabilities, and other defects in C and C++ embedded software. - [Polyspace Code Prover](https://www.mathworks.com/products/polyspace-code-prover.html) :copyright: — Provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in C and C++ source code. - [scan-build](https://clang-analyzer.llvm.org/scan-build.html) — Frontend to drive the Clang Static Analyzer built into Clang via a regular build. - [splint](http://splint.org) — Annotation-assisted static program checker. - [SVF](https://svf-tools.github.io/SVF) — A static tool that enables scalable and precise interprocedural dependence analysis for C and C++ programs. - [TrustInSoft Analyzer](https://trust-in-soft.com) :copyright: — Exhaustive detection of coding errors and their associated security vulnerabilities. This encompasses a sound undefined behavior detection (buffer overflows, out-of-bounds array accesses, null-pointer dereferences, use-after-free, divide-by-zeros, uninitialized memory accesses, signed overflows, invalid pointer arithmetic, etc.), data flow and control flow verification as well as full functional verification of formal specifications. All versions of C up to C18 and C++ up to C++20 are supported. TrustInSoft Analyzer will acquire ISO 26262 qualification in Q2'2023 (TCL3). A MISRA C checker is also bundled. - **vera++** :warning: — Vera++ is a programmable tool for verification, analysis and transformation of C++ source code.

C#

- [.NET Analyzers](https://github.com/DotNetAnalyzers) — An organization for the development of analyzers (diagnostics and code fixes) using the .NET Compiler Platform. - [ArchUnitNET](https://github.com/TNG/ArchUnitNET) — A C# architecture test library to specify and assert architecture rules in C# for automated testing. - [code-cracker](https://code-cracker.github.io) — An analyzer library for C# and VB that uses Roslyn to produce refactorings, code analysis, and other niceties. - **CSharpEssentials** :warning: — C# Essentials is a collection of Roslyn diagnostic analyzers, code fixes and refactorings that make it easy to work with C# 6 language features. - [Designite](http://www.designite-tools.com) :copyright: — Designite supports detection of various architecture, design, and implementation smells, computation of various code quality metrics, and trend analysis. - [Gendarme](https://www.mono-project.com/docs/tools+libraries/tools/gendarme) — Gendarme inspects programs and libraries that contain code in ECMA CIL format (Mono and .NET). - **Infer#** :warning: — InferSharp (also referred to as Infer#) is an interprocedural and scalable static code analyzer for C#. Via the capabilities of Facebook's Infer, this tool detects null pointer dereferences and resource leaks. - [Meziantou.Analyzer](https://github.com/meziantou/Meziantou.Analyzer) — A Roslyn analyzer to enforce some good practices in C# in terms of design, usage, security, performance, and style. - [NDepend](http://www.ndepend.com) :copyright: — Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity. - [Puma Scan](https://pumasecurity.io) — Puma Scan provides real time secure code analysis for common vulnerabilities (XSS, SQLi, CSRF, LDAPi, crypto, deserialization, etc.) as development teams write code in Visual Studio. - [Roslynator](https://github.com/JosefPihrt/Roslynator) — A collection of 190+ analyzers and 190+ refactorings for C#, powered by Roslyn. - [SonarAnalyzer.CSharp](https://github.com/SonarSource/sonar-dotnet) — These Roslyn analyzers allow you to produce Clean Code that is safe, reliable, and maintainable by helping you find and correct bugs, vulnerabilities, and code smells in your codebase. - **VSDiagnostics** :warning: — A collection of static analyzers based on Roslyn that integrates with VS. - [Wintellect.Analyzers](https://github.com/Wintellect/Wintellect.Analyzers) — .NET Compiler Platform ("Roslyn") diagnostic analyzers and code fixes.

C++

- [Astrée](https://www.absint.com/astree/index.htm) :copyright: — Astrée automatically proves the absence of runtime errors and invalid con­current behavior in C/C++ applications. It is sound for floating-point computations, very fast, and exceptionally precise. The analyzer also checks for MISRA/CERT/CWE/Adaptive Autosar coding rules and supports qualification for ISO 26262, DO-178C level A, and other safety standards. Jenkins and Eclipse plugins are available. - [CBMC](http://www.cprover.org/cbmc) — Bounded model-checker for C programs, user-defined assertions, standard assertions, several coverage metric analyses. - [clang-tidy](https://clang.llvm.org/extra/clang-tidy) — Clang-based C++ linter tool with the (limited) ability to fix issues, too. - [clazy](https://github.com/KDE/clazy) — Qt-oriented static code analyzer based on the Clang framework. clazy is a compiler plugin which allows clang to understand Qt semantics. You get more than 50 Qt related compiler warnings, ranging from unneeded memory allocations to misusage of API, including fix-its for automatic refactoring. - [CMetrics](https://github.com/MetricsGrimoire/CMetrics) — Measures size and complexity for C files. - [cppcheck](https://cppcheck.sourceforge.io) — Static analysis of C/C++ code. - [CppDepend](https://www.cppdepend.com) :copyright: — Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity. - [cpplint](https://github.com/cpplint/cpplint) — Automated C++ checker that follows Google's style guide. - [cqmetrics](https://github.com/dspinellis/cqmetrics) — Quality metrics for C code. - [CScout](https://www.spinellis.gr/cscout) — Complexity and quality metrics for C and C preprocessor code. - **ENRE-cpp** :warning: — ENRE (ENtity Relationship Extractor) is a tool for extraction of code entity dependencies or relationships from source code. ENRE-cpp is a ENtity Relationship Extractor for C/C++ based on @eclipse/CDT. (Under development) - [ESBMC](http://esbmc.org) — ESBMC is an open source, permissively licensed, context-bounded model checker based on satisfiability modulo theories for the verification of single- and multi-threaded C/C++ programs. - **flawfinder** :warning: — Finds possible security weaknesses. - **flint++** :warning: — Cross-platform, zero-dependency port of flint, a lint program for C++ developed and used at Facebook. - [GCC](https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html) — The GCC compiler has static analysis capabilities since version 10. This option is only available if GCC was configured with analyzer support enabled. It can also output its diagnostics to a JSON file in the SARIF format (from v13). - [Helix QAC](https://www.perforce.com/products/helix-qac) :copyright: — Enterprise-grade static analysis for embedded software. Supports MISRA, CERT, and AUTOSAR coding standards. - [IKOS](https://github.com/nasa-sw-vnv/ikos) — A sound static analyzer for C/C++ code based on LLVM. - [KLEE](http://klee.github.io/) — A dynamic symbolic execution engine built on top of the LLVM compiler infrastructure. It can auto-generate test cases for programs such that the test cases exercise as much of the program as possible. - [LDRA](https://ldra.com) :copyright: — A tool suite including static analysis (TBVISION) to various standards including MISRA C & C++, JSF++ AV, CWE, CERT C, CERT C++ & Custom Rules. - **MATE** :warning: — A suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++ code. MATE unifies application-specific and low-level vulnerability analysis using code property graphs (CPGs), enabling the discovery of highly application-specific vulnerabilities that depend on both implementation details and the high-level semantics of target C/C++ programs. - [PC-lint](https://pclintplus.com/) :copyright: — Static analysis for C/C++. Runs natively under Windows/Linux/MacOS. Analyzes code for virtually any platform, supporting C11/C18 and C++17. - [Phasar](https://phasar.org) — A LLVM-based static analysis framework which comes with a taint and type state analysis. - [Polyspace Bug Finder](https://www.mathworks.com/products/polyspace-bug-finder.html) :copyright: — Identifies run-time errors, concurrency issues, security vulnerabilities, and other defects in C and C++ embedded software. - [Polyspace Code Prover](https://www.mathworks.com/products/polyspace-code-prover.html) :copyright: — Provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in C and C++ source code. - [scan-build](https://clang-analyzer.llvm.org/scan-build.html) — Frontend to drive the Clang Static Analyzer built into Clang via a regular build. - [splint](http://splint.org) — Annotation-assisted static program checker. - [SVF](https://svf-tools.github.io/SVF) — A static tool that enables scalable and precise interprocedural dependence analysis for C and C++ programs. - [TrustInSoft Analyzer](https://trust-in-soft.com) :copyright: — Exhaustive detection of coding errors and their associated security vulnerabilities. This encompasses a sound undefined behavior detection (buffer overflows, out-of-bounds array accesses, null-pointer dereferences, use-after-free, divide-by-zeros, uninitialized memory accesses, signed overflows, invalid pointer arithmetic, etc.), data flow and control flow verification as well as full functional verification of formal specifications. All versions of C up to C18 and C++ up to C++20 are supported. TrustInSoft Analyzer will acquire ISO 26262 qualification in Q2'2023 (TCL3). A MISRA C checker is also bundled. - **vera++** :warning: — Vera++ is a programmable tool for verification, analysis and transformation of C++ source code.

Clojure

- [clj-kondo](https://github.com/borkdude/clj-kondo) — A linter for Clojure code that sparks joy. It informs you about potential errors while you are typing.

CoffeeScript

- **coffeelint** :warning: — A style checker that helps keep CoffeeScript code clean and consistent.

ColdFusion

- [Fixinator](https://fixinator.app) :copyright: — Static security code analysis for ColdFusion or CFML code. Designed to work within a CI pipeline or from the developers terminal.

Crystal

- [ameba](https://crystal-ameba.github.io) — A static code analysis tool for Crystal. - [crystal](https://crystal-lang.org) — The Crystal compiler has built-in linting functionality.

Dart

- **Dart Code Metrics** :warning: — Additional linter for Dart. Reports code metrics, checks for anti-patterns and provides additional rules for Dart analyzer. - [effective_dart](https://pub.dev/packages/effective_dart) — Linter rules corresponding to the guidelines in Effective Dart - **lint** :warning: — An opinionated, community-driven set of lint rules for Dart and Flutter projects. Like pedantic but stricter - **Linter for dart** :warning: — Style linter for Dart.

Delphi

- [DelphiLint](https://github.com/integrated-application-development/delphilint) — A Delphi IDE package providing on-the-fly code analysis and linting, powered by SonarDelphi. - [Fix Insight](https://www.tmssoftware.com/site/fixinsight.asp) :copyright: — A free IDE Plugin for static code analysis. A _Pro_ edition includes a command line tool for automation purposes. - [Pascal Analyzer](https://peganza.com/products_pal.html) :copyright: — A static code analysis tool with numerous reports. A free _Lite_ version is available with limited reporting. - [Pascal Expert](https://peganza.com/products_pex.html) :copyright: — IDE plugin for code analysis. Includes a subset of Pascal Analyzer reporting capabilities and is available for Delphi versions 2007 and later. - [SonarDelphi](https://github.com/integrated-application-development/sonar-delphi) — Delphi static analyzer for the SonarQube code quality platform.

Dlang

- [D-scanner](https://github.com/dlang-community/D-Scanner) — D-Scanner is a tool for analyzing D source code.

Elixir

- [credo](https://github.com/rrrene/credo) — A static code analysis tool with a focus on code consistency and teaching. - [dialyxir](https://github.com/jeremyjh/dialyxir) — Mix tasks to simplify use of Dialyzer in Elixir projects. - [sobelow](https://github.com/nccgroup/sobelow) — Security-focused static analysis for the Phoenix Framework.

Elm

- **elm-analyse** :warning: — A tool that allows you to analyse your Elm code, identify deficiencies and apply best practices. - [elm-review](https://package.elm-lang.org/packages/jfmengels/elm-review/latest) — Analyzes whole Elm projects, with a focus on shareable and custom rules written in Elm that add guarantees the Elm compiler doesn't give you.

Erlang

- [dialyzer](https://www.erlang.org/doc/man/dialyzer.html) — The DIALYZER, a DIscrepancy AnaLYZer for ERlang programs. Dialyzer is a static analysis tool that identifies software discrepancies, such as definite type errors, code that has become dead or unreachable because of programming error, and unnecessary tests, in single Erlang modules or entire (sets of) applications. Dialyzer starts its analysis from either debug-compiled BEAM bytecode or from Erlang source code. The file and line number of a discrepancy is reported along with an indication of what the discrepancy is about. Dialyzer bases its analysis on the concept of success typings, which allows for sound warnings (no false positives). - [elvis](https://github.com/inaka/elvis) — Erlang Style Reviewer. - **Primitive Erlang Security Tool (PEST)** :warning: — A tool to do a basic scan of Erlang source code and report any function calls that may cause Erlang source code to be insecure.

F#

- [fantomas](https://fsprojects.github.io/fantomas/) — F# source code formatter. - [FSharpLint](https://github.com/fsprojects/FSharpLint) — Lint tool for F#. - [ionide-analyzers](https://ionide.io/ionide-analyzers/) — A collection of F# analyzers, built with the FSharp.Analyzers.SDK.

Fortran

- [Fortitude](https://fortitude.readthedocs.io) — Fortran linter, inspired by (and built on) Ruff, and based on community best practices. Supports latest Fortran (2023) standard. - [fprettify](https://pypi.python.org/pypi/fprettify) — Auto-formatter for modern fortran source code, written in Python. Fprettify is a tool that provides consistent whitespace, indentation, and delimiter alignment in code, including the ability to change letter case and handle preprocessor directives, all while preserving revision history and tested for editor integration. - **i-Code CNES for Fortran** :warning: — An open source static code analysis tool for Fortran 77, Fortran 90 and Shell.

Go

- [aligncheck](https://gitlab.com/opennota/check) — Find inefficiently packed structs. - [bodyclose](https://github.com/timakin/bodyclose) — Checks whether HTTP response body is closed. - [deadcode](https://github.com/tsenart/deadcode) — Finds unused code. - **dingo-hunter** :warning: — Static analyser for finding deadlocks in Go. - [dogsled](https://github.com/alexkohler/dogsled) — Finds assignments/declarations with too many blank identifiers. - [dupl](https://github.com/mibk/dupl) — Reports potentially duplicated code. - [errcheck](https://github.com/kisielk/errcheck) — Check that error return values are used. - [errwrap](https://github.com/fatih/errwrap) — Wrap and fix Go errors with the new %w verb directive. This tool analyzes fmt.Errorf() calls and reports calls that contain a verb directive that is different than the new %w verb directive introduced in Go v1.13. It's also capable of rewriting calls to use the new %w wrap verb directive. - [flen](https://github.com/lafolle/flen) — Get info on length of functions in a Go package. - **Go Meta Linter** :warning: — Concurrently run Go lint tools and normalise their output. Use `golangci-lint` for new projects. - [go tool vet --shadow](https://golang.org/cmd/vet#hdr-Shadowed_variables) — Reports variables that may have been unintentionally shadowed. - [go vet](https://golang.org/cmd/vet) — Examines Go source code and reports suspicious. - **go-consistent** :warning: — Analyzer that helps you to make your Go programs more consistent. - [go-critic](https://github.com/go-critic/go-critic) — Go source code linter that maintains checks which are currently not implemented in other linters. - [go/ast](https://golang.org/pkg/go/ast) — Package ast declares the types used to represent syntax trees for Go packages. - **goast** :warning: — Go AST (Abstract Syntax Tree) based static analysis tool with Rego. - **gochecknoglobals** :warning: — Checks that no globals are present. - [goconst](https://github.com/jgautheron/goconst) — Finds repeated strings that could be replaced by a constant. - [gocyclo](https://github.com/fzipp/gocyclo) — Calculate cyclomatic complexities of functions in Go source code. - [gofmt -s](https://golang.org/cmd/gofmt) — Checks if the code is properly formatted and could not be further simplified. - [gofumpt](https://github.com/mvdan/gofumpt) — Enforce a stricter format than `gofmt`, while being backwards-compatible. That is, `gofumpt` is happy with a subset of the formats that `gofmt` is happy with. The tool is a fork of `gofmt` as of Go 1.19, and requires Go 1.18 or later. It can be used as a drop-in replacement to format your Go code, and running gofmt after gofumpt should produce no changes. `gofumpt` will never add rules which disagree with `gofmt` formatting. So we extend `gofmt` rather than compete with it. - [goimports](https://pkg.go.dev/golang.org/x/tools/cmd/goimports) — Checks missing or unreferenced package imports. - [gokart](https://github.com/praetorian-inc/gokart) — Golang security analysis with a focus on minimizing false positives. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe. - [GolangCI-Lint](https://golangci-lint.run) — Alternative to `Go Meta Linter`: GolangCI-Lint is a linters aggregator. - [golint](https://github.com/golang/lint) — Prints out coding style mistakes in Go source code. - [goreporter](https://github.com/360EntSecGroup-Skylar/goreporter) — Concurrently runs many linters and normalises their output to a report. - [goroutine-inspect](https://github.com/linuxerwang/goroutine-inspect) — An interactive tool to analyze Golang goroutine dump. - [gosec (gas)](https://securego.io) — Inspects source code for security problems by scanning the Go AST. - [gotype](https://pkg.go.dev/golang.org/x/tools/cmd/gotype) — Syntactic and semantic analysis similar to the Go compiler. - [govulncheck](https://go.dev/blog/vuln) — Govulncheck reports known vulnerabilities that affect Go code. It uses static analysis of source code or a binary's symbol table to narrow down reports to only those that could affect the application. By default, govulncheck makes requests to the Go vulnerability database at https://vuln.go.dev. Requests to the vulnerability database contain only module paths, not code or other properties of your program. - [ineffassign](https://github.com/gordonklaus/ineffassign) — Detect ineffectual assignments in Go code. - **interfacer** :warning: — Suggest narrower interfaces that can be used. - [lll](https://github.com/walle/lll) — Report long lines. - **maligned** :warning: — Detect structs that would take less memory if their fields were sorted. - [misspell](https://github.com/client9/misspell) — Finds commonly misspelled English words. - [nakedret](https://github.com/alexkohler/nakedret) — Finds naked returns. - [nargs](https://github.com/alexkohler/nargs) — Finds unused arguments in function declarations. - [OSV-Scanner](https://osv.dev/) — Vulnerability scanner written in Go which uses the data provided by OSV.dev. Developed by Google to scan dependencies across multiple languages and package managers for known vulnerabilities. Supports container scanning, license scanning, and guided remediation. Works with lockfiles, SBOMs, and container images to identify security issues. - [prealloc](https://github.com/alexkohler/prealloc) — Finds slice declarations that could potentially be preallocated. - [Reviewdog](https://github.com/haya14busa/reviewdog) — A tool for posting review comments from any linter in any code hosting service. - [revive](https://revive.run) — Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint. - **safesql** :warning: — Static analysis tool for Golang that protects against SQL injections. - **shisho** :warning: — A lightweight static code analyzer designed for developers and security teams. It allows you to analyze and transform source code with an intuitive DSL similar to sed, but for code. - [staticcheck](https://staticcheck.io) — Go static analysis that specialises in finding bugs, simplifying code and improving performance. - [structcheck](https://gitlab.com/opennota/check) — Find unused struct fields. - [structslop](https://github.com/orijtech/structslop) — Static analyzer for Go that recommends struct field rearrangements to provide for maximum space/allocation efficiency - [test](https://pkg.go.dev/testing) — Show location of test failures from the stdlib testing module. - **unconvert** :warning: — Detect redundant type conversions. - [unparam](https://github.com/mvdan/unparam) — Find unused function parameters. - [varcheck](https://gitlab.com/opennota/check) — Find unused global variables and constants. - [wsl](https://github.com/bombsimon/wsl) — Enforces empty lines at the right places.

Groovy

- [CodeNarc](https://codenarc.github.io/CodeNarc) — A static analysis tool for Groovy source code, enabling monitoring and enforcement of many coding standards and best practices.

Haskell

- **brittany** :warning: — Haskell source code formatter - [HLint](https://github.com/ndmitchell/hlint) — HLint is a tool for suggesting possible improvements to Haskell code. - [Liquid Haskell](https://ucsd-progsys.github.io/liquidhaskell-blog/) — Liquid Haskell is a refinement type checker for Haskell programs. - [Stan](https://kowainik.github.io/projects/stan) — Stan is a command-line tool for analysing Haskell projects and outputting discovered vulnerabilities in a helpful way with possible solutions for detected problems. - [Weeder](https://github.com/ocharles/weeder) — A tool for detecting dead exports or package imports in Haskell code.

Haxe

- [Haxe Checkstyle](https://haxecheckstyle.github.io/docs/haxe-checkstyle/home.html) — A static analysis tool to help developers write Haxe code that adheres to a coding standard.

Java

- [Checker Framework](https://checkerframework.org) — Pluggable type-checking for Java. This is not just a bug-finder, but a verification tool that gives a guarantee of correctness. It comes with 27 pre-built type systems, and it enables users to define their own type system; the manual lists over 30 user-contributed type systems. - [checkstyle](https://checkstyle.org) — Checking Java source code for adherence to a Code Standard or set of validation rules (best practices). - [ck](https://github.com/mauricioaniche/ck) — Calculates Chidamber and Kemerer object-oriented metrics by processing the source Java files. - [ckjm](http://www.spinellis.gr/sw/ckjm) — Calculates Chidamber and Kemerer object-oriented metrics by processing the bytecode of compiled Java files. - **CogniCrypt** :warning: — Checks Java source and byte code for incorrect uses of cryptographic APIs. - [Dataflow Framework](https://github.com/typetools/checker-framework) — An industrial-strength dataflow framework for Java. The Dataflow Framework is used in the Checker Framework, Google’s Error Prone, Uber’s NullAway, Meta’s Nullsafe, and in other contexts. It is distributed with the Checker Framework. - [DesigniteJava](http://www.designite-tools.com/designitejava) :copyright: — DesigniteJava supports detection of various architecture, design, and implementation smells along with computation of various code quality metrics. - [Diffblue](https://www.diffblue.com/) :copyright: — Diffblue is a software company that provides AI-powered code analysis and testing solutions for software development teams. Its technology helps developers automate testing, find bugs, and reduce manual labor in their software development processes. The company's main product, Diffblue Cover, uses AI to generate and run unit tests for Java code, helping to catch errors and improve code quality. - [Doop](https://plast-lab.github.io/doop-pldi15-tutorial/) — Doop is a declarative framework for static analysis of Java/Android programs, centered on pointer analysis algorithms. Doop provides a large variety of analyses and also the surrounding scaffolding to run an analysis end-to-end (fact generation, processing, statistics, etc.). - **ENRE-java** :warning: — ENRE (ENtity Relationship Extractor) is a tool for extraction of code entity dependencies or relationships from source code. ENRE-java is a ENtity Relationship Extractor for Java projects based on @Eclipse JDT/parser. - [Error Prone](https://errorprone.info) — Catch common Java mistakes as compile-time errors. - [fb-contrib](http://fb-contrib.sourceforge.net) — A plugin for FindBugs with additional bug detectors. - [forbidden-apis](https://github.com/policeman-tools/forbidden-apis) — Detects and forbids invocations of specific method/class/field (like reading from a text stream without a charset). Maven/Gradle/Ant compatible. - [google-java-format](https://github.com/google/google-java-format) — Reformats Java source code to comply with Google Java Style - **HuntBugs** :warning: — Bytecode static analyzer tool based on Procyon Compiler Tools aimed to supersede FindBugs. - [IntelliJ IDEA](https://www.jetbrains.com/idea) :copyright: — Comes bundled with a lot of inspections for Java and Kotlin and includes tools for refactoring, formatting and more. - [JArchitect](https://www.jarchitect.com) :copyright: — Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity. - [JBMC](https://www.cprover.org/jbmc) — Bounded model-checker for Java (bytecode), verifies user-defined assertions, standard assertions, several coverage metric analyses. - [JLiSA](https://github.com/lisa-analyzer/jlisa) — An abstract interpretation-based static analyzer for Java build upon the [LiSA](https://github.com/lisa-analyzer/lisa) framekwork. - [Mariana Trench](https://mariana-tren.ch/) — Our security focused static analysis tool for Android and Java applications. Mariana Trench analyzes Dalvik bytecode and is built to run fast on large codebases (10s of millions of lines of code). It can find vulnerabilities as code changes, before it ever lands in your repository. - [NullAway](https://github.com/uber/NullAway) — Type-based null-pointer checker with low build-time overhead; an [Error Prone](http://errorprone.info/) plugin. - **OWASP Dependency Check** :warning: — Checks dependencies for known, publicly disclosed, vulnerabilities. - [qulice](https://www.qulice.com) — Combines a few (pre-configured) static analysis tools (checkstyle, PMD, Findbugs, ...). - [RefactorFirst](https://github.com/jimbethancourt/RefactorFirst) — Identifies and prioritizes God Classes and Highly Coupled classes in Java codebases you should refactor first. - [Soot](https://soot-oss.github.io/soot) — A framework for analyzing and transforming Java and Android applications. - [Spoon](https://spoon.gforge.inria.fr) — Spoon is a metaprogramming library to analyze and transform Java source code (incl Java 9, 10, 11, 12, 13, 14). It parses source files to build a well-designed AST with powerful analysis and transformation API. Can be integrated in Maven and Gradle. - [SpotBugs](https://spotbugs.github.io) — SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code. - **steady** :warning: — Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. - [Violations Lib](https://github.com/tomasbjerre/violations-lib) — Java library for parsing report files from static code analysis. Used by a bunch of Jenkins, Maven and Gradle plugins.

JavaScript

- **aether** :warning: — Lint, analyze, normalize, transform, sandbox, run, step through, and visualize user JavaScript, in node or the browser. - [Closure Compiler](https://developers.google.com/closure/compiler) — A compiler tool to increase efficiency, reduce size, and provide code warnings in JavaScript files. - **ClosureLinter** :warning: — Ensures that all of your project's JavaScript code follows the guidelines in the Google JavaScript Style Guide. It can also automatically fix many common errors. - **complexity-report** :warning: — Software complexity analysis for JavaScript projects. - [DeepScan](https://deepscan.io) :copyright: — An analyzer for JavaScript which targets runtime errors and quality issues rather than coding conventions. - **es6-plato** :warning: — Visualize JavaScript (ES6) source complexity. - [escomplex](https://github.com/jared-stilwell/escomplex) — Software complexity analysis of JavaScript-family abstract syntax trees. - **Esprima** :warning: — ECMAScript parsing infrastructure for multipurpose analysis. - [flow](https://flow.org) — A static type checker for JavaScript. - **hegel** :warning: — A static type checker for JavaScript with a bias on type inference and strong type systems. - [jshint](https://jshint.com/about) [:information_source:]() — Detect errors and potential problems in JavaScript code and enforce your team's coding conventions. - [JSLint](https://github.com/douglascrockford/JSLint) [:information_source:]() — The JavaScript Code Quality Tool. - **JSPrime** :warning: — Static security analysis tool. - **NodeJSScan** :warning: — A static security code scanner for Node.js applications powered by libsast and semgrep that builds on the njsscan cli tool. It features a UI with various dashboards about an application's security status. - **plato** :warning: — Visualize JavaScript source complexity. - [Polymer-analyzer](https://github.com/Polymer/tools/tree/master/packages/analyzer) — A static analysis framework for Web Components. - [retire.js](https://retirejs.github.io/retire.js) — Scanner detecting the use of JavaScript libraries with known vulnerabilities. - **RSLint** :warning: — A (WIP) JavaScript linter written in Rust designed to be as fast as possible, customizable, and easy to use. - [standard](http://standardjs.com) — An npm module that checks for Javascript Styleguide issues. - [tern](https://ternjs.net) — A JavaScript code analyzer for deep, cross-editor language support. - **TypL** :warning: — With TypL, you just write completely standard JS, and the tool figures out your types via powerful inferencing. - [xo](https://github.com/xojs/xo) — Opinionated but configurable ESLint wrapper with lots of goodies included. Enforces strict and readable code. - **yardstick** :warning: — Javascript code metrics.

Julia

- [JET](https://github.com/aviatesk/JET.jl) — Static type inference system to detect bugs and type instabilities. - [StaticLint](https://github.com/julia-vscode/StaticLint.jl) — Static Code Analysis for Julia

Kotlin

- [detekt](https://detekt.github.io/detekt) — Static code analysis for Kotlin code. - **diktat** :warning: — Strict coding standard for Kotlin and a linter that detects and auto-fixes code smells. - [ktfmt](https://facebook.github.io/ktfmt/) — A program that reformats Kotlin source code to comply with the common community standard for Kotlin code conventions. A ktfmt IntelliJ plugin is available from the plugin repository. To install it, go to your IDE's settings and select the Plugins category. Click the Marketplace tab, search for the ktfmt plugin, and click the Install button. - [ktlint](https://ktlint.github.io) — An anti-bikeshedding Kotlin linter with built-in formatter.

Lua

- [luacheck](https://github.com/lunarmodules/luacheck) — A tool for linting and static analysis of Lua code. - [lualint](https://github.com/philips/lualint) — lualint performs luac-based static analysis of global variable usage in Lua source code. - **Luanalysis** :warning: — An IDE for statically typed Lua development.

MATLAB

- **MISS_HIT** :warning: — MISS_HIT is a free, open-source code quality toolset for MATLAB, Simulink, and Octave. It includes MH Style (style checker and formatter), MH Metrics (complexity metrics), MH Lint (static analysis), MH Trace (requirements traceability), and MH Copyright (copyright management). Designed to work standalone without requiring MATLAB/Octave installation. - [mlint](https://www.mathworks.com/help/matlab/ref/mlint.html) :copyright: — Check MATLAB code files for possible problems.

Nim

- [DrNim](https://nim-lang.org/docs/drnim.html) — DrNim combines the Nim frontend with the Z3 proof engine in order to allow verify / validate software written in Nim. - **nimfmt** :warning: — Nim code formatter / linter / style checker

Ocaml

- [Sys](https://github.com/PLSysSec/sys) — A static/symbolic Tool for finding bugs in (browser) code. It uses the LLVM AST to find bugs like uninitialized memory access. - [VeriFast](https://github.com/verifast/verifast) — A tool for modular formal verification of correctness properties of single-threaded and multithreaded C and Java programs annotated with preconditions and postconditions written in separation logic. To express rich specifications, the programmer can define inductive datatypes, primitive recursive pure functions over these datatypes, and abstract separation logic predicates.

PHP

- [CakeFuzzer](https://zigrin.com/tools/cake-fuzzer/) — Web application security testing tool for CakePHP-based web applications. CakeFuzzer employs a predefined set of attacks that are randomly modified before execution. Leveraging its deep understanding of the Cake PHP framework, Cake Fuzzer launches attacks on all potential application entry points. - [churn-php](https://github.com/bmitch/churn-php) — Helps discover good candidates for refactoring. - [composer-dependency-analyser](https://github.com/shipmonk-rnd/composer-dependency-analyser) — Fast detection of composer dependency issues. * 💪 Powerful: Detects unused, shadow and misplaced composer dependencies * ⚡ Performant: Scans 15 000 files in 2s! * ⚙️ Configurable: Fine-grained ignores via PHP config * 🕸️ Lightweight: No composer dependencies * 🍰 Easy-to-use: No config needed for first try * ✨ Compatible: PHP >= 7.2 - [dephpend](https://github.com/mihaeu/dephpend) — Dependency analysis tool. - [deprecation-detector](https://github.com/sensiolabs-de/deprecation-detector) — Finds usages of deprecated (Symfony) code. - [deptrac](https://github.com/sensiolabs-de/deptrac) — Enforce rules for dependencies between software layers. - [DesignPatternDetector](https://github.com/Halleck45/DesignPatternDetector) — Detection of design patterns in PHP code. - [EasyCodingStandard](https://www.tomasvotruba.com/blog/2017/05/03/combine-power-of-php-code-sniffer-and-php-cs-fixer-in-3-lines) — Combine [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer) and [PHP-CS-Fixer](https://github.com/FriendsOfPHP/PHP-CS-Fixer). - **Enlightn** :warning: — A static and dynamic analysis tool for Laravel applications that provides recommendations to improve the performance, security and code reliability of Laravel apps. Contains 120 automated checks. - [exakat](https://www.exakat.io) — An automated code reviewing engine for PHP. - [GrumPHP](https://github.com/phpro/grumphp) — Checks code on every commit. - [larastan](https://github.com/larastan/larastan) — Adds static analysis to Laravel improving developer productivity and code quality. It is a wrapper around PHPStan. - [mago](https://mago.carthage.software) — Mago is a complete toolchain for PHP, written in Rust, designed from the ground up for maximum performance. - ✨ A blazing-fast formatter that automatically formats your code according to PER-CS, ending style debates forever. - 🔎 An intelligent linter that catches stylistic issues, inconsistencies, and code smells before they become problems. - 🔬 A powerful static analyzer that finds type errors and logical bugs in your code without you ever having to run it. - 🛡️ A robust architectural guard that enforces dependency rules and structural conventions. - **Mondrian** :warning: — A set of static analysis and refactoring tools which use graph theory. - [parallel-lint](https://github.com/php-parallel-lint/PHP-Parallel-Lint) — This tool checks syntax of PHP files faster than serial check with a fancier output. - [Parse](https://github.com/psecio/parse) — A Static Security Scanner. - [pdepend](https://pdepend.org) — Calculates software metrics like cyclomatic complexity for PHP code. - [phan](https://github.com/phan/phan/wiki) — A modern static analyzer from etsy. - [PHP Architecture Tester](https://github.com/carlosas/phpat) — Easy to use architecture testing tool for PHP. - [PHP Assumptions](https://github.com/rskuipers/php-assumptions) — Checks for weak assumptions. - [PHP Coding Standards Fixer](https://cs.symfony.com) — Fixes your code according to standards like PSR-1, PSR-2, and the Symfony standard. - [PHP Insights](https://github.com/nunomaduro/phpinsights) — Instant PHP quality checks from your console. Analysis of code quality and coding style as well as overview of code architecture and its complexity. - [Php Inspections (EA Extended)](https://plugins.jetbrains.com/plugin/7622-php-inspections-ea-extended-) — A Static Code Analyzer for PHP. - [PHP Refactoring Browser](https://qafoolabs.github.io/php-refactoring-browser) — Refactoring helper. - [PHP Semantic Versioning Checker](https://github.com/tomzx/php-semver-checker) — Suggests a next version according to semantic versioning. - [PHP-Parser](https://github.com/nikic/PHP-Parser) — A PHP parser written in PHP. - [php-speller](https://github.com/mekras/php-speller) — PHP spell check library. - **PHP-Token-Reflection** :warning: — Library emulating the PHP internal reflection. - **php7cc** :warning: — PHP 7 Compatibility Checker. - **php7mar** :warning: — Assist developers in porting their code quickly to PHP 7. - **PHP_CodeSniffer** :warning: — Detects violations of a defined set of coding standards. - [PHPArkitect](https://github.com/phparkitect/arkitect) — PHPArkitect helps you to keep your PHP codebase coherent and solid, by permitting to add some architectural constraint check to your workflow. You can express the constraint that you want to enforce, in simple and readable PHP code. - **phpca** :warning: — Finds usage of non-built-in extensions. - **phpcpd** :warning: — Copy/Paste Detector for PHP code. - **phpdcd** :warning: — Dead Code Detector (DCD) for PHP code. - **PhpDependencyAnalysis** :warning: — Builds a dependency graph for a project. - **PhpDeprecationDetector** :warning: — Analyzer of PHP code to search issues with deprecated functionality in newer interpreter versions. It finds removed objects (functions, variables, constants and ini-directives), deprecated functions functionality, and usage of forbidden names or tricks (e.g. reserved identifiers in newer versions). - **phpdoc-to-typehint** :warning: — Add scalar type hints and return types to existing PHP projects using PHPDoc annotations. - [phpDocumentor](https://www.phpdoc.org) — Analyzes PHP source code to generate documentation. - [phploc](https://github.com/sebastianbergmann/phploc) — A tool for quickly measuring the size and analyzing the structure of a PHP project. - [PHPMD](https://phpmd.org) — Finds possible bugs in your code. - [PhpMetrics](http://www.phpmetrics.org) — Calculates and visualizes various code quality metrics. - [phpmnd](https://github.com/povils/phpmnd) — Helps to detect magic numbers. - [PHPQA](https://edgedesigncz.github.io/phpqa) — A tool for running QA tools (phploc, phpcpd, phpcs, pdepend, phpmd, phpmetrics). - [phpqa - jakzal](https://github.com/jakzal/phpqa) — Many tools for PHP static analysis in one container. - [phpqa - jmolivas](https://github.com/jmolivas/phpqa) — PHPQA all-in-one Analyzer CLI tool. - **phpsa** :warning: — Static analysis tool for PHP. - [PHPStan](https://phpstan.org) — PHP Static Analysis Tool - discover bugs in your code without running it! - [Progpilot](https://github.com/designsecurity/progpilot) — A static analysis tool for security purposes. - [Psalm](https://psalm.dev) — Static analysis tool for finding type errors in PHP applications. - **Qafoo Quality Analyzer** :warning: — Visualizes metrics and source code. - [rector](https://getrector.org) — Instant Upgrades and Automated Refactoring of any PHP 5.3+ code. It upgrades your code for PHP 7.4, 8.0 and beyond. Rector promises a low false-positive rate because it looks for narrowly defined AST (abstract syntax tree) patterns. The main use-case are tackling technical debt in your legacy code and removing dead code. Rector provides a set of special rules for Symfony, Doctrine, PHPUnit, and many more. - [Reflection](https://github.com/phpDocumentor/Reflection) — Reflection library to do Static Analysis for PHP Projects - [Symfony Insight](https://insight.symfony.com/) :copyright: — Detect security risks, find bugs and provide actionable metrics for PHP projects. - [Tuli](https://github.com/ircmaxell/Tuli) — A static analysis engine. - [twig-lint](https://github.com/asm89/twig-lint) — twig-lint is a lint tool for your twig files. - [WAP](https://securityonline.info/owasp-wap-web-application-protection-project) — Tool to detect and correct input validation vulnerabilities in PHP (4.0 or higher) web applications and predicts false positives by combining static analysis and data mining.

PL/SQL

- [ZPA](https://zpa.felipebz.com) — An open source parser and code analyzer for PL/SQL and Oracle SQL code.

Perl

- [Perl::Analyzer](https://technix.github.io/Perl-Analyzer/) — Perl-Analyzer is a set of programs and modules that allow users to analyze and visualize Perl codebases by providing information about namespaces and their relations, dependencies, inheritance, and methods implemented, inherited, and redefined in packages, as well as calls to methods from parent packages via SUPER. - [Perl::Critic](https://metacpan.org/pod/Perl::Critic) — Critique Perl source code for best-practices. - [perltidy](https://perltidy.sourceforge.net/) — Perltidy is a Perl script which indents and reformats Perl scripts to make them easier to read. The formatting can be controlled with command line parameters. The default parameter settings approximately follow the suggestions in the Perl Style Guide. Besides reformatting scripts, Perltidy can be a great help in tracking down errors with missing or extra braces, parentheses, and square brackets because it is very good at localizing errors. - [zarn](https://github.com/htrgouvea/zarn) — A lightweight static security analysis tool for modern Perl Apps

Python

- [autoflake](https://github.com/PyCQA/autoflake) — Autoflake removes unused imports and unused variables from Python code. - [autopep8](https://pypi.org/project/autopep8/) — A tool that automatically formats Python code to conform to the PEP 8 style guide. It uses the pycodestyle utility to determine what parts of the code needs to be formatted. - [bandit](https://bandit.readthedocs.io/en/latest) — A tool to find common security issues in Python code. - [bellybutton](https://github.com/hchasestevens/bellybutton) — A linting engine supporting custom project-specific rules. - [Black](https://black.readthedocs.io/en/stable) — The uncompromising Python code formatter. - [Bowler](https://pybowler.io/) — Safe code refactoring for modern Python. Bowler is a refactoring tool for manipulating Python at the syntax tree level. It enables safe, large scale code modifications while guaranteeing that the resulting code compiles and runs. It provides both a simple command line interface and a fluent API in Python for generating complex code modifications in code. - **ciocheck** :warning: — Linter, formatter and test suite helper. As a linter, it is a wrapper around `pep8`, `pydocstyle`, `flake8`, and `pylint`. - [Code Pathfinder](https://codepathfinder.dev) — An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced structural search, derive insights, find vulnerabilities in code. - **cohesion** :warning: — A tool for measuring Python class cohesion. - [deal](https://deal.readthedocs.io/) — Design by contract for Python. Write bug-free code. By adding a few decorators to your code, you get for free tests, static analysis, formal verification, and much more. - [Dlint](https://github.com/dlint-py/dlint) — A tool for ensuring Python code is secure. - [Dodgy](https://github.com/landscapeio/dodgy) — Dodgy is a very basic tool to run against your codebase to search for "dodgy" looking values. It is a series of simple regular expressions designed to detect things such as accidental SCM diff checkins, or passwords or secret keys hard coded into files. - **ENRE-py** :warning: — ENRE (ENtity Relationship Extractor) is a tool for extraction of code entity dependencies or relationships from source code. ENRE-py is a ENtity Relationship Extractor for Python based on Python Language Services of The Standard Library. - [fixit](https://pypi.org/project/fixit) — A framework for creating lint rules and corresponding auto-fixes for source code. - [flake8](https://github.com/PyCQA/flake8) — A wrapper around `pyflakes`, `pycodestyle` and `mccabe`. - [flakeheaven](https://pypi.org/project/flakeheaven/) — flakeheaven is a python linter built around flake8 to enable inheritable and complex toml configuration. - [Griffe](https://mkdocstrings.github.io/griffe/) — Signatures for entire Python programs. Extract the structure, the frame, the skeleton of your project, to generate API documentation or find breaking changes in your API. - **InspectorTiger** :warning: — IT, Inspector Tiger, is a modern python code review tool / framework. It comes with bunch of pre-defined handlers which warns you about improvements and possible bugs. Beside these handlers, you can write your own or use community ones. - [jedi](https://jedi.readthedocs.io/en/latest) — Autocompletion/static analysis library for Python. - [linty fresh](https://github.com/lyft/linty_fresh) — Parse lint errors and report them to Github as comments on a pull request. - [mbake](https://pypi.org/project/mbake/) — mbake is a Makefile formatter and linter. It only took 50 years! - **mccabe** :warning: — Check McCabe complexity. - **multilint** :warning: — A wrapper around `flake8`, `isort` and `modernize`. - [mypy](http://www.mypy-lang.org) — A static type checker that aims to combine the benefits of duck typing and static typing, frequently used with [MonkeyType](https://github.com/Instagram/MonkeyType). - [pip-audit](https://github.com/pypa/pip-audit) — Tool for scanning Python packages for known vulnerabilities. Developed by the Python Packaging Authority (PyPA) and supported by Trail of Bits and Google. Scans Python environments and requirements files to identify vulnerable packages and suggests remediation. Supports GitHub Actions, pre-commit hooks, and multiple vulnerability service integrations. - [prospector](https://github.com/PyCQA/prospector) — A wrapper around `pylint`, `pep8`, `mccabe` and others. - **py-find-injection** :warning: — Find SQL injection vulnerabilities in Python code. - [pyanalyze](https://pyanalyze.readthedocs.io/en/latest/) — A tool for programmatically detecting common mistakes in Python code, such as references to undefined variables and type errors. It can be extended to add additional rules and perform checks specific to particular functions. - [pycodestyle](https://pycodestyle.pycqa.org/en/latest) — (Formerly `pep8`) Check Python code against some of the style conventions in PEP 8. - **pydocstyle** :warning: — Check compliance with Python docstring conventions. - [pyflakes](https://pypi.org/project/pyflakes) — Check Python source files for errors. - [pylint](http://pylint.pycqa.org/en/latest) — Looks for programming errors, helps enforcing a coding standard and sniffs for some code smells. It additionally includes `pyreverse` (an UML diagram generator) and `symilar` (a similarities checker). - [pylyzers](https://mtshiba.github.io/pylyzer/) — A static code analyzer / language server for Python, written in Rust, focused on type checking and readable output. - [Pyra](https://github.com/spangea/Pyra) — Pyra is a high-level linter static analyzer for data science applications written in Python, that helps developers identify potential issues in their data science code written in Python, as an extension of [Lyra](https://github.com/caterinaurban/Lyra). - **pyre-check** :warning: — A fast, scalable type checker for large Python codebases. Pyre-check has been superseded by Pyrefly, its next iteration. - [pyrefly](https://pyrefly.org/) — A fast, incremental type checker and language server for Python, providing IDE features like code navigation, semantic highlighting, and code completion. - [pyright](https://github.com/Microsoft/pyright) — Static type checker for Python, created to address gaps in existing tools like mypy. - [pyroma](https://github.com/regebro/pyroma) — Rate how well a Python project complies with the best practices of the Python packaging ecosystem, and list issues that could be improved. - [Pysa](https://pyre-check.org/docs/pysa-basics.html) — A tool based on Facebook's pyre-check to identify potential security issues in Python code identified with taint analysis. - **PyT - Python Taint** :warning: — A static analysis tool for detecting security vulnerabilities in Python web applications. - [pytype](https://google.github.io/pytype) — A static type analyzer for Python code. - [pyupgrade](https://pypi.org/project/pyupgrade-docs/) — A tool (and pre-commit hook) to automatically upgrade syntax for newer versions of the language. - **QuantifiedCode** :warning: — Automated code review & repair. It helps you to keep track of issues and metrics in your software projects, and can be easily extended to support new types of analyses. - **radon** :warning: — A Python tool that computes various metrics from the source code. - [refurb](https://github.com/dosisod/refurb) — A tool for refurbishing and modernizing Python codebases. Refurb is heavily inspired by clippy, the built-in linter for Rust. - [ruff](https://astral.sh/ruff) — Fast Python linter, written in Rust. 10-100x faster than existing linters. Compatible with Python 3.10. Supports file watcher. - [Safety](https://safetycli.com/) — Python dependency vulnerability scanner designed to enhance software supply chain security by detecting packages with known vulnerabilities. Checks Python dependencies against a database of known security vulnerabilities and provides detailed reports. Supports CI/CD integration and multiple output formats. - [ty](https://docs.astral.sh/ty/) — An extremely fast Python type checker written in Rust. - [unimport](https://unimport.hakancelik.dev) — A linter, formatter for finding and removing unused import statements. - [vulture](https://github.com/jendrikseipp/vulture) — Find unused classes, functions and variables in Python code. - [wemake-python-styleguide](https://wemake-python-styleguide.rtfd.io/) — The strictest and most opinionated python linter ever. - [wily](https://github.com/tonybaloney/wily) — A command-line tool for archiving, exploring and graphing the complexity of Python source code. - **xenon** :warning: — Monitor code complexity using [`radon`](https://github.com/rubik/radon). - **yapf** :warning: — A formatter for Python files created by Google YAPF follows a distinctive methodology, originating from the 'clang-format' tool created by Daniel Jasper. Essentially, the program reframes the code to the most suitable formatting that abides by the style guide, even if the original code already follows the style guide. This concept is similar to the Go programming language's 'gofmt' tool, which aims to put an end to debates about formatting by having the entire codebase of a project pass through YAPF whenever changes are made, thereby maintaining a consistent style throughout the project and eliminating the need to argue about style in every code review.

R

- [CodeDepends](https://github.com/duncantl/CodeDepends) — Static Code Analysis for R. - [cyclocomp](https://github.com/MangoTheCat/cyclocomp) — Quantifies the cyclomatic complexity of R functions / expressions. - [flowR](https://github.com/flowr-analysis/flowr) — A [program slicer](https://github.com/flowr-analysis/flowr/wiki/Terminology#program-slice) and [dataflow analyzer](https://en.wikipedia.org/wiki/Data-flow_analysis) for the [R](https://www.r-project.org/) programming language. Its slicer allows you to reduce a complicated program just to the parts related for a specific task (e.g., the generation of a single or collection of plots, a significance test, ...). The dataflow analysis provides you with a detailed view on the semantics of the R code which can greatly improve other analyses. To use _flowR_, check out the [Visual Studio Code extension](https://marketplace.visualstudio.com/items?itemName=code-inspect.vscode-flowr), the [RStudio Addin](https://github.com/flowr-analysis/rstudio-addin-flowr), the [Docker image](https://hub.docker.com/r/eagleoutice/flowr), or the [R package](https://github.com/flowr-analysis/flowr-r-adapter). - [goodpractice](https://docs.ropensci.org/goodpractice/) — Analyses the source code for R packages and provides best-practice recommendations. - [lintr](https://github.com/jimhester/lintr) — Static Code Analysis for R. - [R Language Server](https://github.com/REditorSupport/languageserver/) — Provides code completion, refactoring, folding, diagnostics (with lintr), and more for R. - [rco](https://jcrodriguez1989.github.io/rco/) — Performance optimizer for R code (with GUI). - [styler](https://styler.r-lib.org) — Formatting of R source code files and pretty-printing of R code.

Rego

- [Regal](https://github.com/styrainc/regal) — Regal is a linter for the policy language Rego. Regal aims to catch bugs and mistakes in policy code, while at the same time helping people learn the language, best practices and idiomatic constructs.

Ruby

- [Active Record Doctor](https://github.com/gregnavis/active_record_doctor) — Identify database issues before they hit production. - [brakeman](https://brakemanscanner.org) — A static analysis security vulnerability scanner for Ruby on Rails applications. - [Bullet](https://github.com/flyerhzm/bullet) — Help to kill N+1 queries and unused eager loading. - [bundler-audit](https://github.com/rubysec/bundler-audit) — Audit Gemfile.lock for gems with security vulnerabilities reported in [Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db). - **cane** :warning: — Code quality threshold checking as part of your build. - **Churn** :warning: — A Project to give the churn file, class, and method for a project for a given checkin. Over time the tool adds up the history of churns to give the number of times a file, class, or method is changing during the life of a project. - [DatabaseConsistency](https://github.com/djezzzl/database_consistency) — The tool to avoid various issues due to inconsistencies and inefficiencies between a database schema and application models. - [dawnscanner](https://github.com/thesp0nge/dawnscanner) — A static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks. - [ERB Lint](https://github.com/Shopify/erb-lint) — Lint your ERB or HTML files - [ERB::Formatter](https://github.com/nebulab/erb-formatter) — Format ERB files with speed and precision. - [Fasterer](https://github.com/DamirSvrtan/fasterer) — Common Ruby idioms checker. - [flay](https://ruby.sadi.st/Flay.html) — Flay analyzes code for structural similarities. - [flog](https://ruby.sadi.st/Flog.html) — Flog reports the most tortured code in an easy to read pain report. The higher the score, the more pain the code is in. - [Fukuzatsu](https://github.com/CoralineAda/fukuzatsu) — A tool for measuring code complexity in Ruby class files. Its analysis generates scores based on cyclomatic complexity algorithms with no added "opinions". - [htmlbeautifier](https://github.com/threedaymonk/htmlbeautifier) — A normaliser/beautifier for HTML that also understands embedded Ruby. Ideal for tidying up Rails templates. - **laser** :warning: — Static analysis and style linter for Ruby code. - **MetricFu** :warning: — MetricFu is a set of tools to provide reports that show which parts of your code might need extra work. - [pelusa](https://github.com/codegram/pelusa) — Static analysis Lint-type tool to improve your OO Ruby code. - **quality** :warning: — Runs quality checks on your code using community tools, and makes sure your numbers don't get any worse over time. - **Querly** :warning: — Pattern Based Checking Tool for Ruby. - **Railroader** :warning: — An open source static analysis security vulnerability scanner for Ruby on Rails applications. - [rails_best_practices](https://rails-bestpractices.com) — A code metric tool for Rails projects - [reek](https://github.com/troessner/reek) — Code smell detector for Ruby. - [Roodi](https://github.com/roodi/roodi) — Roodi stands for Ruby Object Oriented Design Inferometer. It parses your Ruby code and warns you about design issues you have based on the checks that it has configured. - [RuboCop](https://docs.rubocop.org/rubocop) — A Ruby static code analyzer, based on the community Ruby style guide. - [Rubrowser](https://github.com/blazeeboy/rubrowser) — Ruby classes interactive dependency graph generator. - **ruby-lint** :warning: — Static code analysis for Ruby. - [rubycritic](https://github.com/whitesmith/rubycritic) — A Ruby code quality reporter. - [rufo](https://github.com/ruby-formatter/rufo) — An opinionated ruby formatter, intended to be used via the command line as a text-editor plugin, to autoformat files on save or on demand. - **Saikuro** :warning: — A Ruby cyclomatic complexity analyzer. - **SandiMeter** :warning: — Static analysis tool for checking Ruby code for Sandi Metz' rules. - [Skunk](https://github.com/fastruby/skunk) — A SkunkScore Calculator for Ruby Code -- Find the most complicated code without test coverage! - [Sorbet](https://sorbet.org) — A fast, powerful type checker designed for Ruby. - [Standard Ruby](https://github.com/testdouble/standard) — Ruby Style Guide, with linter & automatic code fixer - [Steep](https://github.com/soutaro/steep) — Gradual Typing for Ruby. - [Traceroute](https://github.com/amatsuda/traceroute) — A Rake task gem that helps you find the unused routes and controller actions for your Rails 3+ app.

Rust

- [C2Rust](https://c2rust.com) — C2Rust helps you migrate C99-compliant code to Rust. The translator (or transpiler) produces unsafe Rust code that closely mirrors the input C code. - [cargo udeps](https://github.com/est31/cargo-udeps) — Find unused dependencies in Cargo.toml. It either prints out a "unused crates" line listing the crates, or it prints out a line saying that no crates were unused. - [cargo-audit](https://rustsec.org) — Audit Cargo.lock for crates with security vulnerabilities reported to the [RustSec Advisory Database](https://github.com/RustSec/advisory-db/). - **cargo-bloat** :warning: — Find out what takes most of the space in your executable. supports ELF (Linux, BSD), Mach-O (macOS) and PE (Windows) binaries. - [cargo-breaking](https://github.com/iomentum/cargo-breaking) — cargo-breaking compares a crate's public API between two different branches, shows what changed, and suggests the next version according to semver. - [cargo-call-stack](https://github.com/japaric/cargo-call-stack) — Whole program static stack analysis The tool produces the full call graph of a program as a dot file. - [cargo-deny](https://embarkstudios.github.io/cargo-deny) — A cargo plugin for linting your dependencies. It can be used either as a command line too, a Rust crate, or a Github action for CI. It checks for valid license information, duplicate crates, security vulnerabilities, and more. - [cargo-expand](https://github.com/dtolnay/cargo-expand) — Cargo subcommand to show result of macro expansion and #[derive] expansion applied to the current crate. This is a wrapper around a more verbose compiler command. - [cargo-geiger](https://github.com/geiger-rs/cargo-geiger) — A cargo plugin for analysing the usage of unsafe Rust code Provides statistical output to aid security auditing - **cargo-inspect** :warning: — Inspect Rust code without syntactic sugar to see what the compiler does behind the curtains. - [cargo-semver-checks](https://crates.io/crates/cargo-semver-checks) — Scan your Rust crate releases for semver violations. It can be used either directly via the CLI, as a GitHub Action in CI, or via release managers like `release-plz`. It found semver violations in [more than 1 in 6 of the top 1000 most-downloaded crates](https://predr.ag/blog/semver-violations-are-common-better-tooling-is-the-answer/) on crates.io. - [cargo-show-asm](https://github.com/pacak/cargo-show-asm) — cargo subcommand showing the assembly, LLVM-IR and MIR generated for Rust code - [cargo-spellcheck](https://github.com/drahnr/cargo-spellcheck) — Checks all your documentation for spelling and grammar mistakes with hunspell (ready) and languagetool (preview) - **cargo-unused-features** :warning: — Find potential unused enabled feature flags and prune them. You can generate a simple HTML report from the json to make it easier to inspect results. It removes a feature of a dependency and then compiles the project to see if it still compiles. If it does, the feature flag can possibly be removed, but it can be a false-positive. - [clippy](https://rust-lang.github.io/rust-clippy) — A code linter to catch common mistakes and improve your Rust code. - [diff.rs](https://diff.rs) — Web application (WASM) to render a diff between Rust crate versions. - [dylint](https://www.trailofbits.com/post/write-rust-lints-without-forking-clippy) — A tool for running Rust lints from dynamic libraries. Dylint makes it easy for developers to maintain their own personal lint collections. - **electrolysis** :warning: — A tool for formally verifying Rust programs by transpiling them into definitions in the Lean theorem prover. - **herbie** :warning: — Adds warnings or errors to your crate when using a numerically unstable floating point expression. - [kani](https://github.com/model-checking/kani) — The Kani Rust Verifier is a bit-precise model checker for Rust. Kani is particularly useful for verifying unsafe code blocks in Rust, where the "unsafe superpowers" are unchecked by the compiler. Kani verifies: * Memory safety (e.g., null pointer dereferences) * User-specified assertions (i.e., assert!(...)) * The absence of panics (e.g., unwrap() on None values) * The absence of some types of unexpected behavior (e.g., arithmetic overflows) - **linter-rust** :warning: — Linting your Rust-files in Atom, using rustc and cargo. - [lockbud](https://github.com/BurtonQin/lockbud) — Statically detects Rust deadlocks bugs. It currently detects two common kinds of deadlock bugs: doublelock and locks in conflicting order. It will print bugs in JSON format together with the source code location and an explanation of each bug. - **MIRAI** :warning: — And abstract interpreter operating on Rust's mid-level intermediate language, and providing warnings based on taint analysis. - **prae** :warning: — Provides a convenient macro that allows you to generate type wrappers that promise to always uphold arbitrary invariants that you specified. - **Prusti** :warning: — A static verifier for Rust, based on the Viper verification infrastructure. By default Prusti verifies absence of panics by proving that statements such as unreachable!() and panic!() are unreachable. - **Rudra** :warning: — Rust Memory Safety & Undefined Behavior Detection. It is capable of analyzing single Rust packages as well as all the packages on crates.io. - **Rust Language Server** :warning: — Supports functionality such as 'goto definition', symbol search, reformatting, and code completion, and enables renaming and refactorings. - [rust-analyzer](https://rust-analyzer.github.io) — Supports functionality such as 'goto definition', type inference, symbol search, reformatting, and code completion, and enables renaming and refactorings. - [rust-audit](https://github.com/Shnatsel/rust-audit) — Audit Rust binaries for known bugs or security vulnerabilities. This works by embedding data about the dependency tree (Cargo.lock) in JSON format into a dedicated linker section of the compiled executable. - [rustfix](https://github.com/rust-lang/rustfix) — Read and apply the suggestions made by rustc (and third-party lints, like those offered by clippy). - [rustfmt](https://github.com/rust-lang/rustfmt) — A tool for formatting Rust code according to style guidelines. - [RustViz](https://github.com/rustviz/rustviz) — RustViz is a tool that generates visualizations from simple Rust programs to assist users in better understanding the Rust Lifetime and Borrowing mechanism. It generates SVG files with graphical indicators that integrate with mdbook to render visualizations of data-flow in Rust programs. - [TangleGuard](https://tangleguard.com/) :copyright: — Helps you understand and maintain a scalable software architecture. To do so, it generates a interactive, nested dependency graph out of the source code. You can choose the level of details and get the portion of your codebase that matters to you. - **warnalyzer** :warning: — Show unused code from multi-crate Rust projects

SQL

- [dbcritic](https://github.com/channable/dbcritic) — dbcritic finds problems in a database schema, such as a missing primary key constraint in a table. - [holistic](https://holistic.dev/) — More than 1,300 rules to analyze SQL queries. Takes an SQL schema definition and the query source code to generate improvement recommendations. Detects code smells, unused indexes, unused tables, views, materialized views, and more. - [pgspot](https://github.com/timescale/pgspot) — Spot vulnerabilities in postgres extension scripts. Finds unsafe search_path usage and unsafe object creation in PostgreSQL extension scripts or any other PostgreSQL SQL code. - [sleek](https://github.com/nrempel/sleek) — Sleek is a CLI tool for formatting SQL. It helps you maintain a consistent style across your SQL code, enhancing readability and productivity. The heavy lifting is done by the sqlformat crate. - **sqlcheck** :warning: — Automatically identify anti-patterns in SQL queries. - [SQLFluff](https://www.sqlfluff.com/) — Multiple dialect SQL linter and formatter. - [sqlint](https://github.com/purcell/sqlint) — Simple SQL linter. - [squawk](https://squawkhq.com) — Linter for PostgreSQL, focused on migrations. Prevents unexpected downtime caused by database migrations and encourages best practices around Postgres schemas and SQL. - **tsqllint** :warning: — T-SQL-specific linter. - **TSqlRules** :warning: — TSQL Static Code Analysis Rules for SQL Server. - [Visual Expert](https://www.visual-expert.com) :copyright: — Code analysis for PowerBuilder, Oracle, and SQL Server Explores, analyzes, and documents Code

Scala

- **linter** :warning: — Linter is a Scala static analysis compiler plugin which adds compile-time checks for various possible bugs, inefficiencies, and style problems. - [Scalastyle](http://www.scalastyle.org) — Scalastyle examines your Scala code and indicates potential problems with it. - [scapegoat](https://github.com/sksamuel/scapegoat) — Scala compiler plugin for static code analysis. - [WartRemover](https://www.wartremover.org) — A flexible Scala code linting tool.

Shell

- [bashate](https://github.com/openstack/bashate) — Code style enforcement for bash programs. The output format aims to follow pycodestyle (pep8) default output format. - **i-Code CNES for Shell** :warning: — An open source static code analysis tool for Shell and Fortran (77 and 90). - [kmdr](https://github.com/ediardo/kmdr-cli) — CLI tool for learning commands from your terminal. kmdr delivers a break down of commands with every attribute explained. - [sh](https://pkg.go.dev/mvdan.cc/sh/v3) — A shell parser, formatter, and interpreter with bash support; includes shfmt - [shellcheck](https://www.shellcheck.net) — ShellCheck, a static analysis tool that gives warnings and suggestions for bash/sh shell scripts. - [shellharden](https://github.com/anordal/shellharden) — A syntax highlighter and a tool to semi-automate the rewriting of scripts to ShellCheck conformance, mainly focused on quoting.

Swift

- [SwiftFormat](https://github.com/nicklockwood/SwiftFormat) — A library and command-line formatting tool for reformatting Swift code. - [SwiftLint](https://realm.github.io/SwiftLint) — A tool to enforce Swift style and conventions. - **Tailor** :warning: — A static analysis and lint tool for source code written in Apple's Swift programming language.

Tcl

- [Frink](http://catless.ncl.ac.uk/Programs/Frink) — A Tcl formatting and static check program (can prettify the program, minimise, obfuscate or just sanity check it). - [Nagelfar](https://sourceforge.net/projects/nagelfar) — A static syntax checker for Tcl. - [tclchecker](https://github.com/ActiveState/tdk/blob/master/docs/3.0/TDK_3.0_Checker.txt) — A static syntax analysis module (as part of [TDK](https://github.com/ActiveState/tdk)).

TypeScript

- [Angular ESLint](https://github.com/angular-eslint/angular-eslint#readme) — Linter for Angular projects - **Codelyzer** :warning: — A set of tslint rules for static code analysis of Angular 2 TypeScript projects. - [ENRE-ts](https://github.com/xjtu-enre/ENRE-ts) — ENRE (ENtity Relationship Extractor) is a tool for extraction of code entity dependencies or relationships from source code. ENRE-ts is a ENtity Relationship Extractor for ECMAScript and TypeScript based on @babel/parser. - [fta](https://ftaproject.dev/) — Rust-based static analysis for TypeScript projects - **stc** :warning: — Speedy TypeScript type checker written in Rust - **tslint** :warning: — TSLint has been deprecated as of 2019. Please see [this issue](https://github.com/palantir/tslint/issues/4534) for more details. `typescript-eslint` is now your best option for linting TypeScript. TSLint is an extensible static analysis tool that checks TypeScript code for readability, maintainability, and functionality errors. It is widely supported across modern editors & build systems and can be customized with your own lint rules, configurations, and formatters. - [tslint-clean-code](https://www.npmjs.com/package/tslint-clean-code) — A set of TSLint rules inspired by the Clean Code handbook. - **tslint-microsoft-contrib** :warning: — A set of tslint rules for static code analysis of TypeScript projects maintained by Microsoft. - [TypeScript Call Graph](https://github.com/whyboris/TypeScript-Call-Graph) — CLI to generate an interactive graph of functions and calls from your TypeScript files - [TypeScript ESLint](https://github.com/typescript-eslint/typescript-eslint) — TypeScript language extension for eslint. - [zod](https://zod.dev) — TypeScript-first schema validation with static type inference. The goal is to eliminate duplicative type declarations. With Zod, you declare a validator once and Zod will automatically infer the static TypeScript type. It is easy to compose simpler types into complex data structures.

Verilog/SystemVerilog

- **Icarus Verilog** :warning: — A Verilog simulation and synthesis tool that operates by compiling source code written in IEEE-1364 Verilog into some target format - [svls](https://github.com/dalance/svls) — A Language Server Protocol implementation for Verilog and SystemVerilog, including lint capabilities. - **verible-linter-action** :warning: — Automatic SystemVerilog linting in github actions with the help of Verible Used to lint Verilog and SystemVerilog source files and comment erroneous lines of code in Pull Requests automatically. - [Verilator](https://www.veripool.org/verilator) — A tool which converts Verilog to a cycle-accurate behavioral model in C++ or SystemC. Performs lint code-quality checks. - [vscode-verilog-hdl-support](https://github.com/mshr-h/vscode-verilog-hdl-support) — Verilog HDL/SystemVerilog/Bluespec SystemVerilog support for VS Code. Provides syntax highlighting and Linting support from Icarus Verilog, Vivado Logical Simulation, Modelsim and Verilator

Vim Script

- **vint** :warning: — Fast and Highly Extensible Vim script Language Lint implemented by Python.

WebAssembly

- [Twiggy](https://github.com/rustwasm/twiggy) — Analyzes a binary's call graph to profile code size. The goal is to slim down wasm binary size. - [wasm-language-tools](https://github.com/g-plane/wasm-language-tools) — WebAssembly Language Tools aims to provide and improve the editing experience of WebAssembly Text Format. It also provides an out-of-the-box formatter (a.k.a. pretty printer) for WebAssembly Text Format. ## Multiple languages - [ale](https://github.com/w0rp/ale) — Asynchronous Lint Engine for Vim and NeoVim with support for many languages. - [Android Studio](https://developer.android.com/studio) — Based on IntelliJ IDEA, and comes bundled with tools for Android including Android Lint. - [AppChecker](https://npo-echelon.ru/en/solutions/appchecker.php) :copyright: — Static analysis for C/C++/C#, PHP and Java. - [Application Inspector](https://www.ptsecurity.com/ww-en/products/ai) :copyright: — Commercial Static Code Analysis which generates exploits to verify vulnerabilities. - [ApplicationInspector](https://github.com/microsoft/ApplicationInspector) — Creates reports of over 400 rule patterns for feature detection (e.g. the use of cryptography or version control in apps). - [ArchUnit](https://www.archunit.org) — Unit test your Java or Kotlin architecture. - [ast-grep](https://ast-grep.github.io/) — ast-grep is a powerful tool designed for managing code at scale using Abstract Syntax Trees (AST). Think of it as a hybrid of grep, eslint, and codemod, with the ability to search, lint, and rewrite code based on its structure rather than plain text. It supports multiple languages and is designed to be extensible, allowing you to register custom languages. - **Atom-Beautify** :warning: — Beautify HTML, CSS, JavaScript, PHP, Python, Ruby, Java, C, C++, C#, Objective-C, CoffeeScript, TypeScript, Coldfusion, SQL, and more in Atom editor. - [autocorrect](https://huacnlee.github.io/autocorrect) — A linter and formatter to help you to improve copywriting, correct spaces, words, punctuations between CJK (Chinese, Japanese, Korean). - [Axivion Bauhaus Suite](https://www.axivion.com/en/products-services-9#products_bauhaussuite) :copyright: — Tracks down error-prone code locations, style violations, cloned or dead code, cyclic dependencies and more for C/C++, C#/.NET, Java and Ada 83/Ada 95. - [Bearer](https://github.com/bearer/bearer) — Open-Source static code analysis tool to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). Highly configurable and easily extensible, built for security and engineering teams. - [Better Code Hub](https://bettercodehub.com) :copyright: — Better Code Hub checks your GitHub codebase against 10 engineering guidelines devised by the authority in software quality, Software Improvement Group. - **Betterscan CE** :warning: — Checks your code and infra (various Git repositories supported, cloud stacks, CLI, Web Interface platform, integrationss available) for security and quality issues. Code Scanning/SAST/Linting using many tools/Scanners deduplicated with One Report (AI optional). - [biome](https://biomejs.dev) — A toolchain for web projects, aimed to provide functionalities to maintain them. Biome formats and lints code in a fraction of a second. It is the successor to Rome. It is designed to eventually replace Biome is designed to eventually replace Babel, ESLint, webpack, Prettier, Jest, and others. - [BlockWatch](https://github.com/mennanov/blockwatch) — A language-agnostic linter that keeps code, documentation, and configuration in sync and enforces strict formatting and validation rules. - **BugProve** :warning: :copyright: — BugProve is a firmware analysis platform featuring both static and dynamic analysis techniques to discover memory corruptions, command injections and other classes or common weaknesses in binary code. It also detects vulnerable dependencies, weak cryptographic parameters, misconfigurations, and more. - [callGraph](https://github.com/koknat/callGraph) — Statically generates a call graph image and displays it on screen. - [CAST Highlight](https://www.castsoftware.com/products/highlight) :copyright: — Commercial Static Code Analysis which runs locally, but uploads the results to its cloud for presentation. - [Checkmarx CxSAST](https://www.checkmarx.com/products/static-application-security-testing) :copyright: — Commercial Static Code Analysis which doesn't require pre-compilation. - [ClassGraph](https://github.com/classgraph/classgraph) — A classpath and module path scanner for querying or visualizing class metadata or class relatedness. - [Clayton](https://www.getclayton.com/) :copyright: — AI-powered code reviews for Salesforce. Secure your developments, enforce best practice and control your technical debt in real-time. - **coala** :warning: — Language independent framework for creating code analysis - supports over 60 languages by default. - [Cobra](https://spinroot.com/cobra) :copyright: — Structural source code analyzer by NASA's Jet Propulsion Laboratory. - [Codacy](https://www.codacy.com) :copyright: — Code Analysis to ship Better Code, Faster. - [Code Intelligence](https://www.code-intelligence.com) :copyright: — CI/CD-agnostic DevSecOps platform which combines industry-leading fuzzing engines for finding bugs and visualizing code coverage - [Code-Graph-RAG](https://code-graph-rag.com) — Builds knowledge graphs from multi-language codebases using Tree-sitter AST parsing and stores them in Memgraph. Supports 11 programming languages with a unified graph schema and enables natural language querying and editing of code structure and relationships. Functions as an MCP server for AI assistant integration. - [Codeac](https://www.codeac.io/?ref=awesome-static-analysis) :copyright: — Automated code review tool integrates with GitHub, Bitbucket and GitLab (even self-hosted). Available for JavaScript, TypeScript, Python, Ruby, Go, PHP, Java, Docker, and more. (open-source free) - [codeburner](https://groupon.github.io/codeburner) — Provides a unified interface to sort and act on the issues it finds. - [codechecker](https://codechecker.readthedocs.io/en/latest) — A defect database and viewer extension for the Clang Static Analyzer with web GUI. - [CodeFactor](https://codefactor.io) :copyright: — Automated Code Analysis for repos on GitHub or BitBucket. - [CodeFlow](https://www.getcodeflow.com) :copyright: — Automated code analysis tool to deal with technical depth. Integrates with Bitbucket and Gitlab. (free for Open Source Projects) - [Codemodder](https://codemodder.io/) — Codemodder is a pluggable framework for building expressive codemods. Use Codemodder when you need more than a linter or code formatting tool. Use it to fix non-trivial security issues and other code quality problems. - [codeql](https://github.com/github/codeql) — Deep code analysis - semantic queries and dataflow for several languages with VSCode plugin support. - [CodeQue](https://codeque.co) — Ecosystem for structural matching JavaScript and TypeScript code. Offers search tool that understands code structure. Available as CLI tool and Visual Studio Code extension. It helps to search code faster and more accurately making you workflow more effective. Soon it will offer ESLint plugin to create your own rules in minutes to help with assuring codebase quality. - [CodeRush](https://www.devexpress.com/products/coderush) :copyright: — Code creation, debugging, navigation, refactoring, analysis and visualization tools that use the Roslyn engine in Visual Studio 2015 and up. - [CodeScan](https://www.codescan.io/) :copyright: — Code Quality and Security for Salesforce Developers. Made exclusively for the Salesforce platform, CodeScan’s code analysis solutions provide you with total visibility into your code health. - [CodeScene](https://codescene.com) :copyright: — CodeScene is a quality visualization tool for software. Prioritize technical debt, detect delivery risks, and measure organizational aspects. Fully automated. - [CodeSee](https://www.codesee.io/) :copyright: — CodeSee is mapping and automating your app's services, directories, file dependencies, and code changes. It's like Google Map, but for code.t - [CodeSonar from GrammaTech](https://codesecure.com/our-products/codesonar/) :copyright: — Advanced, whole program, deep path, static analysis of C, C++, Java and C# with easy-to-understand explanations and code and path visualization. - [Codety](https://www.codety.io) :copyright: — Codety Scanner is a comprehensive source code scanner that embeds 5000+ static code analysis rules, which aim to detect code issues for 20+ programming languages and IaC tools. - [Codiga](https://www.codiga.io) :copyright: — Automated Code Reviews and Technical Debt management platform that supports 12+ languages. - [Corgea](https://corgea.com/) :copyright: — Corgea is an AI-powered SAST scanner that helps developers find and fix insecure code. It finds business logic flaws, broken authentication, API vulnerabilities, and more with little false positives. Additionally, it automatically writes security fixes for them to approve. Corgea integrates with GitHub, GitLab, Azure DevOps, IDEs and CLI. It is free to try it. - **Corrode** :warning: — Semi-automatic translation from C to Rust. Could reveal bugs in the original implementation by showing Rust compiler warnings and errors. Superseded by C2Rust. - [Coverity](https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html) :copyright: — Synopsys Coverity supports 20 languages and over 70 frameworks including Ruby on rails, Scala, PHP, Python, JavaScript, TypeScript, Java, Fortran, C, C++, C#, VB.NET. - [cpp-linter-action](https://cpp-linter.github.io/cpp-linter-action/) — A Github Action for linting C/C++ code integrating clang-tidy and clang-format to collect feedback provided in the form of thread comments and/or annotations. - **cqc** :warning: — Check your code quality for js, jsx, vue, css, less, scss, sass and styl files. - **DeepCode** :warning: :copyright: — DeepCode was acquired by Snyk is now Snyk Code. - [DeepSource](https://deepsource.com) :copyright: — In-depth static analysis to find issues in verticals of bug risks, security, anti-patterns, performance, documentation and style. Native integrations with GitHub, GitLab and Bitbucket. Less than 5% false positives. - [deleaker](https://www.deleaker.com/) :copyright: — Deleaker is a memory leak detection tool for C++, .NET, and Delphi, integrating with Visual Studio, Qt Creator, and RAD Studio or running as a standalone application. It helps developers find and fix memory, GDI, and handle leaks efficiently. - [Depends](https://github.com/multilang-depends/depends) — Analyses the comprehensive dependencies of code elements for Java, C/C++, Ruby. - [DerScanner](https://derscanner.com/) :copyright: — Multi-language Static Application Security Testing (SAST) platform that detects critical vulnerabilities, including hardcoded secrets, weak cryptography, backdoors, SQL injections, insecure configurations, etc. - [DevSkim](https://github.com/microsoft/devskim) — Regex-based static analysis tool for Visual Studio, VS Code, and Sublime Text - C/C++, C#, PHP, ASP, Python, Ruby, Java, and others. - [diesel-guard](https://github.com/ayarotsky/diesel-guard) — Linter for dangerous Postgres migration patterns in Diesel and SQLx. Prevents downtime caused by unsafe schema changes. - [dotnet-format](https://github.com/dotnet/format) — A code formatter for .NET. Preferences will be read from an `.editorconfig` file, if present, otherwise a default set of preferences will be used. At this time dotnet-format is able to format C# and Visual Basic projects with a subset of supported `.editorconfig` options. - [Embold](https://embold.io) :copyright: — Intelligent software analytics platform that identifies design issues, code issues, duplication and metrics. Supports Java, C, C++, C#, JavaScript, TypeScript, Python, Go, Kotlin and more. - **emerge** :warning: — Emerge is a source code and dependency visualizer that can be used to gather insights about source code structure, metrics, dependencies and complexity of software projects. After scanning the source code of a project it provides you an interactive web interface to explore and analyze your project by using graph structures. - [Enforster AI](https://enforster.ai/) :copyright: — Enforster AI performs Contextual Code Security SAST, leveraging LLMs and artificial intelligence to reduce and enrich the detection of Logic Flaws, Secrets, Data leaks, Supply chain and technical vulnerabilities. - [ESLint](https://github.com/eslint/eslint) — An extensible linter for JS, following the ECMAScript standard. - [ezno](https://kaleidawave.github.io/posts/introducing-ezno/) — A JavaScript compiler and TypeScript checker written in Rust with a focus on static analysis and runtime performance. Ezno's type checker is built from scratch. The checker is fully compatible with TypeScript type annotations and can work without any type annotations at all. - [Find Security Bugs](https://find-sec-bugs.github.io) — The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects) - [Fortify](https://www.microfocus.com/en-us/cyberres/application-security/static-code-analyzer) :copyright: — A commercial static analysis platform that supports the scanning of C/C++, C#, VB.NET, VB6, ABAP/BSP, ActionScript, Apex, ASP.NET, Classic ASP, VB Script, Cobol, ColdFusion, HTML, Java, JS, JSP, MXML/Flex, Objective-C, PHP, PL/SQL, T-SQL, Python (2.6, 2.7), Ruby (1.9.3), Swift, Scala, VB, and XML. - [Freeplane Code Explorer](https://docs.freeplane.org/user-documentation/Code_Explorer.html) — The Code Explorer mode in Freeplane is designed for analyzing the structure and dependencies of code compiled to JVM class files. It also allows displaying ArchUnit test results directly in Freeplane, if Freeplane is running and ArchUnit detects rule violations during the tests. - [Goodcheck](https://sider.github.io/goodcheck) — Regexp based customizable linter. - **goone** :warning: — Finds N+1 queries (SQL calls in a for loop) in go code - [graudit](http://www.justanotherhacker.com) — Grep rough audit - source code auditing tool. - [HCL AppScan Source](https://www.hcltechsw.com/products/appscan) :copyright: — Commercial Static Code Analysis. - **Hopper** :warning: — A static analysis tool written in scala for languages that run on JVM. - [Hound CI](https://houndci.com) — Comments on style violations in GitHub pull requests. Supports Coffeescript, Go, HAML, JavaScript, Ruby, SCSS and Swift. - **imhotep** :warning: — Comment on commits coming into your repository and check for syntactic errors and general lint warnings. - **include-gardener** :warning: — A multi-language static analyzer for C/C++/Obj-C/Python/Ruby to create a graph (in dot or graphml format) which shows all `#include` relations of a given set of files. - [Infer](https://fbinfer.com) — A static analyzer for Java, C and Objective-C - [Joern](https://joern.io) — Joern is a platform for analyzing source code, bytecode, and binary executables. It generates code property graphs (CPGs), a graph representation of code for cross-language code analysis. Code property graphs are stored in a custom graph database. This allows code to be mined using search queries formulated in a Scala-based domain-specific query language. Joern is developed with the goal of providing a useful tool for vulnerability discovery and research in static program analysis. - [jQAssistant](https://jqassistant.org/) — jQAssistant is a plugin based software analytics platform which allows scanning code structures and metadata from repositories into a Neo4j graph database. The gathered data can be used for ad-hoc exploration using queries, visualization or defining rules for continuous architecture validation. - [keploy](https://keploy.io/) — Keploy is an open-source testing platform that helps developers automate and streamline their testing process. It provides API, and integration testing agents, generating tests, mocks/stubs for APIs that actually work. Additionally, Keploy offers an AI-powered Unit Testing Agent that generates stable, useful unit tests directly in your GitHub PRs and in VSCode, helping catch errors and improve code quality. - [Kiuwan](https://www.kiuwan.com/code-security-sast) :copyright: — Identify and remediate cyber threats in a blazingly fast, collaborative environment, with seamless integration in your SDLC. Python, C\C++, Java, C#, PHP and more. - [Klocwork](https://www.perforce.com/products/klocwork) :copyright: — Quality and Security Static analysis for C/C++, Java and C#. - [LangLint](https://github.com/HzaCode/Langlint) — Automated translation platform for code comments and docstrings across 20+ file types. Eliminates language barriers in international software collaboration. Supports 100+ language pairs with syntax protection. Integrates into CI/CD pipelines like Ruff. 10-20x faster with concurrent processing. - [LGTM](https://lgtm.com/) :copyright: — Find security vulnerabilities, variants, and critical code quality issues using CodeQL queries over source code. Automatic PR code review; free for open source. Formerly semmle. It supports public Git repositories hosted on Bitbucket Cloud, GitHub.com, GitLab.com. - [lizard](https://github.com/terryyin/lizard) — Lizard is an extensible Cyclomatic Complexity Analyzer for many programming languages including C/C++ (doesn't require all the header files or Java imports). It also does copy-paste detection (code clone detection/code duplicate detection) and many other forms of static code analysis. Counts lines of code without comments, CCN (cyclomatic complexity number), token count of functions, parameter count of functions. - [Mega-Linter](https://megalinter.io/) — Mega-Linter can handle any type of project thanks to its 70+ embedded Linters, its advanced reporting, runnable on any CI system or locally, with assisted installation and configuration, able to apply formatting and fixes - [Mobb](https://mobb.ai) :copyright: — Mobb is a trusted, automatic vulnerability fixer that secures applications, reduces security backlogs, and frees developers to focus on innovation. Mobb is free for open-source projects. - [MOPSA](https://mopsa.lip6.fr) — A static analyzer designed to easily reuse abstract domains across widely different languages (such as C and Python). - [Neurolint-CLI](https://neurolint.dev) — Deterministic code transformation tool using AST parsing and rule-based transformations. Automatically fixes 50+ issues including accessibility violations, hydration errors, React 19/Next.js 16 migrations, and configuration updates. Features 5-step fail-safe orchestration to ensure zero breaking changes. Specialized for React, Next.js, and TypeScript projects. - [oclint](http://oclint.org) — A static source code analysis tool to improve quality and reduce defects for C, C++ and Objective-C. - [Offensive 360](https://offensive360.com/) :copyright: — Commercial Static Code Analysis system doesn't require building the source code or pre-compilation. - [OpenRewrite](https://docs.openrewrite.org/) — OpenRewrite [fixes common static analysis issues](https://docs.openrewrite.org/running-recipes/popular-recipe-guides/common-static-analysis-issue-remediation) reported through Sonar and other tools using a Maven and Gradle plugin or the Moderne CLI. - [OpenStaticAnalyzer](https://github.com/sed-inf-u-szeged/OpenStaticAnalyzer) — OpenStaticAnalyzer is a source code analyzer tool, which can perform deep static analysis of the source code of complex systems. - [oxc](https://github.com/web-infra-dev/oxc) — The Oxidation Compiler is creating a suite of high-performance tools for the JavaScript / TypeScript language re-written in Rust. - [parasoft](https://www.parasoft.com/) :copyright: — Automated Software Testing Solutions for unit-, API-, and web UI testing. Complies with MISRA, OWASP, and others. - [pfff](https://github.com/facebookarchive/pfff/wiki/Main) — Facebook's tools for code analysis, visualizations, or style-preserving source transformation for many languages. - [Pixee](https://pixee.ai) :copyright: — Pixeebot finds security and code quality issues in your code and creates merge-ready pull requests with recommended fixes. - [PMD](https://pmd.github.io) — A source code analyzer for Java, Salesforce Apex, Javascript, PLSQL, XML, XSL and others. - [pre-commit](https://pre-commit.com) — A framework for managing and maintaining multi-language pre-commit hooks. - [Precaution](https://www.securesauce.dev/) — Precaution is a static analysis security tool (SAST) designed to find potentially critical vulnerabilities in source code prior to production. It is available as a CLI, GitHub Action, and GitHub App. - [Prettier](https://prettier.io) — An opinionated code formatter. - [Pronto](https://github.com/prontolabs/pronto) — Quick automated code review of your changes. Supports more than 40 runners for various languages, including Clang, Elixir, JavaScript, PHP, Ruby and more. - **PT.PM** :warning: — An engine for searching patterns in the source code, based on Unified AST or UST. At present time C#, Java, PHP, PL/SQL, T-SQL, and JavaScript are supported. Patterns can be described within the code or using a DSL. - [Putout](https://github.com/coderaiser/putout) — Pluggable and configurable code transformer with built-in eslint, babel plugins support for js, jsx typescript, flow, markdown, yaml and json. - [PVS-Studio](https://pvs-studio.com) :copyright: — A ([conditionally free](https://pvs-studio.com/en/order/open-source-license) for FOSS and individual developers) static analysis of C, C++, C# and Java code. For advertising purposes [you can propose a large FOSS project for analysis by PVS employees](https://github.com/viva64/pvs-studio-check-list). Supports CWE mapping, OWASP ASVS, MISRA, AUTOSAR and SEI CERT coding standards. - [pylama](https://klen.github.io/pylama/) — Code audit tool for Python and JavaScript. Wraps pycodestyle, pydocstyle, PyFlakes, Mccabe, Pylint, and more - [Qwiet AI](https://qwiet.ai/) :copyright: — Identify vulnerabilities that are unique to your code base before they reach production. Leverages the Code Property Graph (CPG) to run its analyses concurrently in a single graph of graphs. Automatically finds business logic flaws in dev like hardcoded secrets and logic bombs - [Refactoring Essentials](https://marketplace.visualstudio.com/items?itemName=SharpDevelopTeam.RefactoringEssentialsforVisualStudio) — The free Visual Studio 2015 extension for C# and VB.NET refactorings, including code best practice analyzers. - [relint](https://github.com/codingjoe/relint) — A static file linter that allows you to write custom rules using regular expressions (RegEx). - [ReSharper](https://www.jetbrains.com/resharper) :copyright: — Extends Visual Studio with on-the-fly code inspections for C#, VB.NET, ASP.NET, JavaScript, TypeScript and other technologies. - [Rev-dep](https://github.com/jayu/rev-dep) — Dependency analysis and optimization toolkit for modern JavaScript and TypeScript projects. Trace imports, identify circular dependencies, find unused code, clean node modules. - [RIPS](https://www.ripstech.com) :copyright: — A static source code analyser for vulnerabilities in PHP scripts. - [Roslyn Analyzers](https://github.com/dotnet/roslyn-analyzers) — Roslyn-based implementation of FxCop analyzers. - [Roslyn Security Guard](https://security-code-scan.github.io) — Project that focuses on the identification of potential vulnerabilities such as SQL injection, cross-site scripting (XSS), CSRF, cryptography weaknesses, hardcoded passwords and many more. - [SafeQL](https://safeql.dev) — Validate and auto-generate TypeScript types from raw SQL queries in PostgreSQL. SafeQL is an ESLint plugin for writing SQL queries in a type-safe way. - [SAST Online](https://sast.online/) :copyright: — Check the Android Source code thoroughly to uncover and address potential security concerns and vulnerabilities. Static application security testing (Static Code Analysis) tool Online - **Scrutinizer** :warning: :copyright: — A proprietary code quality checker that can be integrated with GitHub. - [Security Code Scan](https://security-code-scan.github.io) — Security code analyzer for C# and VB.NET. Detects various security vulnerability patterns: SQLi, XSS, CSRF, XXE, Open Redirect, etc. Integrates into Visual Studio 2015 and newer. Detects various security vulnerability patterns: SQLi, XSS, CSRF, XXE, Open Redirect, etc. - [Semgrep](https://semgrep.dev) — A fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. Its rules look like the code you already write; no abstract syntax trees or regex wrestling. Supports 17+ languages. - [Semgrep Supply Chain](https://semgrep.dev/products/semgrep-supply-chain) :copyright: — Quickly find and remediate high-priority security issues. Semgrep Supply Chain prioritizes the 2% of vulnerabilities that are reachable from your code. - [Seqra](https://seqra.dev) — Security-focused static analyzer for Java and Kotlin web applications. Analyzes bytecode with Semgrep-style YAML rules and CodeQL-grade dataflow (with first-class Spring support) to find vulnerabilities that source-only scanners miss. - **ShiftLeft Scan** :warning: — Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines. Note: ShiftLeft rebranded to Qwiet AI in 2023, which was subsequently acquired by Harness in September 2025. This open-source project is no longer maintained. - **shipshape** :warning: — Static program analysis platform that allows custom analyzers to plug in through a common interface. - [Sigrid](https://www.softwareimprovementgroup.com/solutions/sigrid-software-assurance-platform/) :copyright: — Sigrid helps you to improve your software by measuring your system's code quality, and then compares the results against a benchmark of thousands of industry systems to give you concrete advice on areas where you can improve. - [Similarity Tester](https://dickgrune.com/Programs/similarity_tester/) — A tool that finds similarities between or within files to support you encountering DRY principle violations. - [Skylos](https://github.com/duriantaco/skylos) — Dead code detection, security scanning, secrets detection, and code quality analysis for Python, TypeScript, and Go. Framework-aware analysis with 98% recall. Includes CI/CD GitHub Action, VS Code extension, and MCP server for AI agent integration. - [Snyk Code](https://snyk.io) :copyright: — Snyk Code finds security vulnerabilities based on AI. Its speed of analysis allow us to analyse your code in real time and deliver results when you hit the save button in your IDE. Supported languages are Java, JavaScript, Python, PHP, C#, Go and TypeScript. Integrations with GitHub, BitBucket and Gitlab. It is free to try and part of the Snyk platform also covering SCA, containers and IaC. - [SonarQube Cloud](https://sonarcloud.io) :copyright: — SonarQube Cloud enables your team to deliver clean code consistently and efficiently with a code review tool that easily integrates into the cloud DevOps platforms and extend your CI/CD workflow. SonarQube Cloud provides a free plan. - [SonarQube for IDE](https://sonarlint.org) — SonarQube for IDE (formerly SonarLint) is a free IDE extension available for IntelliJ, VS Code, Visual Studio, and Eclipse, to find and fix coding issues in real-time, flagging issues as you code, just like a spell-checker. More than a linter, it also delivers rich contextual guidance to help developers understand why there is an issue, assess the risk, and educate them on how to fix it. - [SonarQube Server](https://sonarqube.org) — SonarQube empowers development teams with a code quality and security solution that deeply integrates into your enterprise environment; enabling you to deploy clean code consistently and reliably. SonarQube provides a free and open source Community Build. - [Sonatype](https://www.sonatype.com) :copyright: — Reports known vulnerabilities in common dependencies and recommends updated packages to minimize breaking changes - [Soto Platform](https://www.hello2morrow.com/products/sotograph) :copyright: — Suite of static analysis tools consisting of the three components Sotoarc (Architecture Analysis), Sotograph (Quality Analysis), and Sotoreport (Quality report). Helps find differences between architecture and implementation, interface violations (e.g. external access of private parts of subsystems, detection of all classes, files, packages and subsystems which are strongly coupled by cyclical relationships and more. The Sotograph product family runs on Windows and Linux. - [SourceMeter](https://www.sourcemeter.com/) :copyright: — Static Code Analysis for C/C++, Java, C#, Python, and RPG III and RPG IV versions (including free-form). - [sqlvet](https://github.com/houqp/sqlvet) — Performs static analysis on raw SQL queries in your Go code base to surface potential runtime errors. It checks for SQL syntax error, identifies unsafe queries that could potentially lead to SQL injections makes sure column count matches value count in INSERT statements and validates table- and column names. - [StaticReviewer](https://securityreviewer.atlassian.net/wiki/spaces/KC/pages/196633/Static+Reviewer) :copyright: — Static Reviewer executes code checks according to the most relevant Secure Coding Standards, OWASP, CWE, CVE, CVSS, MISRA, CERT, for 40+ programming languages, using 1000+ built-in validation rules for Security, Deadcode & Best Practices Available a module for Software Composition Analysis (SCA) to find vulnerabilities in open source and third party libraries. - **Super-Linter** :warning: — Combination of multiple linters to install as a GitHub Action. - [Svace](https://www.ispras.ru/en/technologies/svace/) :copyright: — Static code analysis tool for Java,C,C++,C#,Go. - [Synopsys](https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html) :copyright: — A commercial static analysis platform that allows for scanning of multiple languages (C/C++, Android, C#, Java, JS, PHP, Python, Node.JS, Ruby, Fortran, and Swift). - [Teamscale](https://teamscale.com) :copyright: — Static and dynamic analysis tool supporting more than 25 languages and direct IDE integration. Free hosting for Open Source projects available on request. Free academic licenses available. - [TencentCodeAnalysis](https://tca.tencent.com/) — Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It integrates of a number of self-developed tools, and also supports dynamic integration of code analysis tools in various programming languages. - [ThreatMapper](https://github.com/deepfence/ThreatMapper) — Vulnerability Scanner and Risk Evaluation for containers, serverless and hosts at runtime. ThreatMapper generates runtime BOMs from dependencies and operating system packages, matches against multiple threat feeds, scans for unprotected secrets, and scores issues based on severity and risk-of-exploit. - [todocheck](https://github.com/preslavmihaylov/todocheck) — Linter for integrating annotated TODOs with your issue trackers - [trivy](https://github.com/aquasecurity/trivy) — A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Checks containers and filesystems. - [trunk](https://trunk.io) :copyright: — Modern repositories include many technologies, each with its own set of linters. With 30+ linters and counting, Trunk makes it dead-simple to identify, install, configure, and run the right linters, static analyzers, and formatters for all your repos. - [TscanCode](https://github.com/Tencent/TscanCode) — A fast and accurate static analysis solution for C/C++, C#, Lua codes provided by Tencent. Using GPLv3 license. - [Undebt](https://github.com/Yelp/undebt) — Language-independent tool for massive, automatic, programmable refactoring based on simple pattern definitions. - [Understand](https://www.scitools.com) :copyright: — Code visualization tool that provides code analysis, standards testing, metrics, graphing, dependency analysis and more for Ada, VHDL, and others. - [Unibeautify](https://unibeautify.com) — Universal code beautifier with a GitHub app. Supports HTML, CSS, JavaScript, TypeScript, JSX, Vue, C++, Go, Objective-C, Java, Python, PHP, GraphQL, Markdown, and more. - [Upsource](https://www.jetbrains.com/upsource) :copyright: — Code review tool with static code analysis and code-aware navigation for Java, PHP, JavaScript and Kotlin. - [Veracode](https://www.veracode.com/security/static-code-analysis) :copyright: — Find flaws in binaries and bytecode without requiring source. Support all major programming languages: Java, .NET, JavaScript, Swift, Objective-C, C, C++ and more. - [WALA](https://github.com/wala/WALA) — Static analysis capabilities for Java bytecode and related languages and for JavaScript. - [weggli](https://github.com/googleprojectzero/weggli) — A fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases. - [WhiteHat Application Security Platform](https://source.whitehatsec.com/help/sentinel/sast-service-detail.html) :copyright: — WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10. - **Wotan** :warning: — Pluggable TypeScript and JavaScript linter. - [XCode](https://developer.apple.com/xcode) :copyright: — XCode provides a pretty decent UI for [Clang's](https://clang-analyzer.llvm.org/xcode.html) static code analyzer (C/C++, Obj-C). - [Xygeni](https://xygeni.io/) :copyright: — Xygeni is a comprehensive Software Supply Chain Security platform. It provides Advanced SAST with AI-powered remediation, Software Composition Analysis (SCA) with real-time malware detection, Infrastructure as Code (IaC) scanning, and Secrets detection to ensure end-to-end code security. ## Other

.env

- [GitGuardian ggshield](https://www.gitguardian.com/ggshield) — ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase.

Ansible

- [kics](https://kics.io/) — Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible - [Steampunk Spotter](https://steampunk.si/spotter/) :copyright: — Ansible Playbook Scanning Tool that analyzes and offers recommendations for your playbooks.

Archive

- [alquitran](https://github.com/ferivoz/alquitran) — Inspects tar archives and tries to spot portability issues in regard to POSIX 2017 pax specification and common tar implementations. This project is intended to be used by maintainers of projects who want to offer portable source code archives for as many systems as possible. Checking tar archives with alquitran before publishing them should help spotting issues before they reach distributors and users. - **packj** :warning: — Packj (pronounced package) is a command line (CLI) tool to vet open-source software packages for "risky" attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports. - **pure** :warning: — Pure is a static analysis file format checker that checks ZIP files for dangerous compression ratios, spec deviations, malicious archive signatures, mismatching local and central directory headers, ambiguous UTF-8 filenames, directory and symlink traversals, invalid MS-DOS dates, overlapping headers, overflow, underflow, sparseness, accidental buffer bleeds etc.

Azure Resource Manager

- [AzSK](https://azsk.azurewebsites.net/) — Secure DevOps kit for Azure (AzSK) provides security IntelliSense, Security Verification Tests (SVTs), CICD scan vulnerabilities, compliance issues, and infrastructure misconfiguration in your infrastructure-as-code. Supports Azure via ARM.

Binaries

- [angr](https://github.com/angr/angr) — Binary code analysis tool that also supports symbolic execution. - [binbloom](https://github.com/quarkslab/binbloom) — Analyzes a raw binary firmware and determines features like endianness or the loading address. The tool is compatible with all architectures. Loading address: binbloom can parse a raw binary firmware and determine its loading address. Endianness: binbloom can use heuristics to determine the endianness of a firmware. UDS Database: binbloom can parse a raw binary firmware and check if it contains an array containing UDS command IDs. - [BinSkim](https://github.com/Microsoft/binskim) — A binary static analysis tool that provides security and correctness results for Windows portable executables. - [Black Duck](https://www.blackducksoftware.com) :copyright: — Tool to analyze source code and binaries for reusable code, necessary licenses and potential security aspects. - [bloaty](https://github.com/google/bloaty) — Ever wondered what's making your binary big? Bloaty McBloatface will show you a size profile of the binary so you can understand what's taking up space inside. Bloaty performs a deep analysis of the binary. Using custom ELF, DWARF, and Mach-O parsers, Bloaty aims to accurately attribute every byte of the binary to the symbol or compileunit that produced it. It will even disassemble the binary looking for references to anonymous data. F - **cargo-bloat** :warning: — Find out what takes most of the space in your executable. supports ELF (Linux, BSD), Mach-O (macOS) and PE (Windows) binaries. - [cwe_checker](https://github.com/fkie-cad/cwe_checker) — cwe_checker finds vulnerable patterns in binary executables. - [Ghidra](https://ghidra-sre.org) — A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission - [Hopper](https://www.hopperapp.com/) :copyright: — macOS and Linux reverse engineering tool that lets you disassemble, decompile and debug applications. Hopper displays the code using different representations, e.g. the Control Flow Graph, and the pseudo-code of a procedure. Supports Apple Silicon. - [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware) :copyright: — Binary code analysis tool. - [Jakstab](https://github.com/jkinder/jakstab) — Jakstab is an Abstract Interpretation-based, integrated disassembly and static analysis framework for designing analyses on executables and recovering reliable control flow graphs. - [JEB Decompiler](https://www.pnfsoftware.com/) :copyright: — Decompile and debug binary code. Break down and analyze document files. Android Dalvik, MIPS, ARM, Intel x86, Java, WebAssembly & Ethereum Decompilers. - [Malcat](https://malcat.fr/) :copyright: — Hexadecimal editor and disassembler for malware analysis and binary file inspection. Supports over 50 file formats and multiple CPU architectures (x86/x64, MIPS, .NET, Python, VB p-code). Features rapid analysis, embedded file extraction, Yara signature scanning, anomaly detection, and Python scripting. Designed for malware analysts, SOC operators, incident responders, and CTF players. - [Manalyze](https://github.com/JusticeRage/Manalyze) — A static analyzer, which checks portable executables for malicious content. - **mcsema** :warning: — Framework for lifting x86, amd64, aarch64, sparc32, and sparc64 program binaries to LLVM bitcode. It translates ("lifts") executable binaries from native machine code to LLVM bitcode, which is very useful for performing program analysis methods. - [Nauz File Detector](https://github.com/horsicq/Nauz-File-Detector) — Static Linker/Compiler/Tool detector for Windows, Linux and MacOS. - [rhabdomancer](https://crates.io/crates/rhabdomancer) — IDA Pro headless plugin that locates calls to potentially insecure API functions in a binary file. - [rust-audit](https://github.com/Shnatsel/rust-audit) — Audit Rust binaries for known bugs or security vulnerabilities. This works by embedding data about the dependency tree (Cargo.lock) in JSON format into a dedicated linker section of the compiled executable. - [Twiggy](https://github.com/rustwasm/twiggy) — Analyzes a binary's call graph to profile code size. The goal is to slim down wasm binary size. - [VMware chap](https://github.com/vmware/chap) — chap analyzes un-instrumented ELF core files for leaks, memory growth, and corruption. It is sufficiently reliable that it can be used in automation to catch leaks before they are committed. As an interactive tool, it helps explain memory growth, can identify some forms of corruption, and supplements a debugger by giving the status of various memory locations. - [zydis](https://zydis.re) — Fast and lightweight x86/x86-64 disassembler library

Build tools

- [checkmake](https://github.com/mrtazz/checkmake) — Linter / Analyzer for Makefiles. - [portlint](https://www.freebsd.org/cgi/man.cgi?query=portlint&sektion=1&manpath=FreeBSD+8.1-RELEASE+and+Ports) — A verifier for FreeBSD and DragonFlyBSD port directories.

CSS/SASS/SCSS

- [CSS Stats](https://cssstats.com) — Potentially interesting stats on stylesheets. - [CSScomb](https://github.com/csscomb/csscomb.js) — A coding style formatter for CSS. Supports own configurations to make style sheets beautiful and consistent. - [CSSLint](http://csslint.net) — Does basic syntax checking and finds problematic patterns or signs of inefficiency. - [GraphMyCSS.com](https://graphmycss.com) — CSS Specificity Graph Generator. - [Nu Html Checker](https://validator.github.io/validator/) — Helps you catch problems in your HTML/CSS/SVG - **Parker** :warning: — Stylesheet analysis tool. - [PostCSS](https://postcss.org) — A tool for transforming styles with JS plugins. These plugins can lint your CSS, support variables and mixins, transpile future CSS syntax, inline images, and more. - [Project Wallace CSS Analyzer](https://www.projectwallace.com) — Analytics for CSS, part of [Project Wallace](https://www.projectwallace.com). - **sass-lint** :warning: — A Node-only Sass linter for both sass and scss syntax. - **scsslint** :warning: — Linter for SCSS files. - [Specificity Graph](https://github.com/pocketjoso/specificity-graph) — CSS Specificity Graph Generator. - [Stylelint](http://stylelint.io) — Linter for SCSS/CSS files.

Config Files

- [dotenv-linter](https://dotenv-linter.readthedocs.io/en/latest) — Linting dotenv files like a charm. - [dotenv-linter (Rust)](https://dotenv-linter.github.io/#/) — Lightning-fast linter for .env files. Written in Rust - [gixy](https://github.com/yandex/gixy) — A tool to analyze Nginx configuration. The main goal is to prevent misconfiguration and automate flaw detection.

Configuration Management

- [ansible-lint](https://ansible.readthedocs.io/projects/lint/) — Checks playbooks for practices and behaviour that could potentially be improved. - [AWS CloudFormation Guard](https://github.com/aws-cloudformation/cloudformation-guard) — Check local CloudFormation templates against policy-as-code rules and generate rules from existing templates. - [AzSK](https://azsk.azurewebsites.net/) — Secure DevOps kit for Azure (AzSK) provides security IntelliSense, Security Verification Tests (SVTs), CICD scan vulnerabilities, compliance issues, and infrastructure misconfiguration in your infrastructure-as-code. Supports Azure via ARM. - [cfn-lint](https://github.com/awslabs/cfn-python-lint) — AWS Labs CloudFormation linter. - [cfn_nag](https://github.com/stelligent/cfn_nag) — A linter for AWS CloudFormation templates. - [checkov](https://www.checkov.io) — Static analysis tool for Terraform files (tf>=v0.12), preventing cloud misconfigs at build time. - [cookstyle](https://docs.chef.io/cookstyle.html) — Cookstyle is a linting tool based on the RuboCop Ruby linting tool for Chef cookbooks. - [foodcritic](http://www.foodcritic.io) — A lint tool that checks Chef cookbooks for common problems. - [kics](https://kics.io/) — Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible - [metadata-json-lint](https://github.com/voxpupuli/metadata-json-lint) — Tool to check the validity of Puppet metadata.json files. - **Puppet Lint** :warning: — Check that your Puppet manifests conform to the style guide. - [Steampunk Spotter](https://steampunk.si/spotter/) :copyright: — Ansible Playbook Scanning Tool that analyzes and offers recommendations for your playbooks. - [terraform-compliance](https://terraform-compliance.com) — A lightweight, compliance- and security focused, BDD test framework against Terraform. - [terrascan](https://github.com/cesar-rodriguez/terrascan) — Collection of security and best practice tests for static code analysis of Terraform templates. - [tflint](https://github.com/wata727/tflint) — A Terraform linter for detecting errors that can not be detected by `terraform plan`. - [tfsec](https://github.com/tfsec/tfsec) — Terraform static analysis tool that prevents potential security issues by checking cloud misconfigurations at build time and directly integrates with the HCL parser for better results. Checks for violations of AWS, Azure and GCP security best practice recommendations.

Containers

- [anchore](https://anchore.io) — Discover, analyze, and certify container images. A service that analyzes Docker images and applies user-defined acceptance policies to allow automated container image validation and certification - [clair](https://github.com/coreos/clair) — Vulnerability Static Analysis for Containers. - [Code Pathfinder](https://codepathfinder.dev) — An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced structural search, derive insights, find vulnerabilities in code. - **collector** :warning: — Run arbitrary scripts inside containers, and gather useful information. - **dagda** :warning: — Perform static analysis of known vulnerabilities in docker images/containers. - **Docker Label Inspector** :warning: — Lint and validate Dockerfile labels. - **Dockle** :warning: — Container Image Linter for Security helping build the Best-Practice Docker Image. Scans Docker images for security vulnerabilities and CIS Benchmark compliance. Checks for secrets, credential exposure, and security best practices. Provides multiple severity levels (FATAL, WARN, INFO) and supports various output formats for CI/CD integration. - [GitGuardian ggshield](https://www.gitguardian.com/ggshield) — ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase. - [Grype](https://github.com/anchore/grype) — Vulnerability scanner for container images and filesystems. Developed by Anchore, it scans container images, directories, and archives for known vulnerabilities. Supports multiple image formats, SBOM integration, and VEX (Vulnerability Exploitability eXchange) for accurate vulnerability assessment. Works with various vulnerability databases and provides detailed reporting. - [Haskell Dockerfile Linter](https://github.com/lukasmartinelli/hadolint) — A smarter Dockerfile linter that helps you build best practice Docker images. - [kics](https://kics.io/) — Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible - [krane](https://github.com/appvia/krane) — Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition. - [OpenSCAP](https://www.open-scap.org/) — Suite of automated audit tools to examine the configuration and known vulnerabilities following the NIST-certified Security Content Automation Protocol (SCAP). - [Qualys Container Security](https://www.qualys.com/apps/container-security) :copyright: — Container native application protection to provide visibility and control of containerized applications. - [sysdig](https://sysdig.com/) :copyright: — A secure DevOps platform for cloud and container forensics. Built on an open source stack, Sysdig provides Docker image scanning and created Falco, the open standard for runtime threat detection for containers, Kubernetes and cloud. - [Vuls](https://vuls.io/) — Agent-less Linux vulnerability scanner based on information from NVD, OVAL, etc. It has some container image support, although is not a container specific tool.

Continuous Integration

- [actionlint](https://rhysd.github.io/actionlint) — Static checker for GitHub Actions workflow files. Provides an online version. - [AzSK](https://azsk.azurewebsites.net/) — Secure DevOps kit for Azure (AzSK) provides security IntelliSense, Security Verification Tests (SVTs), CICD scan vulnerabilities, compliance issues, and infrastructure misconfiguration in your infrastructure-as-code. Supports Azure via ARM. - [Code Climate](https://codeclimate.com) — The open and extensible static analysis platform, for everyone. - [Code Pathfinder](https://codepathfinder.dev) — An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced structural search, derive insights, find vulnerabilities in code. - [Codecov](https://about.codecov.io/) :copyright: — Codecov is a company that provides code coverage tools for developers and engineering leaders to gain visibility into their code coverage. They offer flexible and unified reporting, seamless coverage insights, and robust coverage controls. Codecov supports over 20 languages and is CI/CD agnostic. Over 29,000 organizations and 1 million developers use Codecov. Codecov has recently joined Sentry. - [CodeRabbit](https://coderabbit.ai) :copyright: — AI-powered code review tool that helps developers write better code faster. CodeRabbit provides automated code reviews, identifies security vulnerabilities, and suggests code improvements. It integrates with GitHub and GitLab. - [composer-dependency-analyser](https://github.com/shipmonk-rnd/composer-dependency-analyser) — Fast detection of composer dependency issues. * 💪 Powerful: Detects unused, shadow and misplaced composer dependencies * ⚡ Performant: Scans 15 000 files in 2s! * ⚙️ Configurable: Fine-grained ignores via PHP config * 🕸️ Lightweight: No composer dependencies * 🍰 Easy-to-use: No config needed for first try * ✨ Compatible: PHP >= 7.2 - [Diffblue](https://www.diffblue.com/) :copyright: — Diffblue is a software company that provides AI-powered code analysis and testing solutions for software development teams. Its technology helps developers automate testing, find bugs, and reduce manual labor in their software development processes. The company's main product, Diffblue Cover, uses AI to generate and run unit tests for Java code, helping to catch errors and improve code quality. - [exakat](https://www.exakat.io) — An automated code reviewing engine for PHP. - [GitGuardian ggshield](https://www.gitguardian.com/ggshield) — ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase. - [Goblint](https://goblint.in.tum.de) — A static analyzer for the analysis of multi-threaded C programs. Its primary focus is the detection of data races, but it also reports other runtime errors, such as buffer overflows and null-pointer dereferences. - [PullRequest](https://www.hackerone.com/product/code) :copyright: — Code review as a service with built-in static analysis. Increase velocity and reduce technical debt through quality code review by expert engineers backed by best-in-class automation. - **quality** :warning: — Runs quality checks on your code using community tools, and makes sure your numbers don't get any worse over time. - **QuantifiedCode** :warning: — Automated code review & repair. It helps you to keep track of issues and metrics in your software projects, and can be easily extended to support new types of analyses. - [RefactorFirst](https://github.com/jimbethancourt/RefactorFirst) — Identifies and prioritizes God Classes and Highly Coupled classes in Java codebases you should refactor first. - [Reviewdog](https://github.com/haya14busa/reviewdog) — A tool for posting review comments from any linter in any code hosting service. - [Symfony Insight](https://insight.symfony.com/) :copyright: — Detect security risks, find bugs and provide actionable metrics for PHP projects. - [TangleGuard](https://tangleguard.com/) :copyright: — Helps you understand and maintain a scalable software architecture. To do so, it generates a interactive, nested dependency graph out of the source code. You can choose the level of details and get the portion of your codebase that matters to you. - [Violations Lib](https://github.com/tomasbjerre/violations-lib) — Java library for parsing report files from static code analysis. Used by a bunch of Jenkins, Maven and Gradle plugins.

Deno

- [deno_lint](https://github.com/denoland/deno_lint) — Official linter for Deno.

Dockerfile

- [Cloud (IaC) Security for JetBrains IDEs](https://plugins.jetbrains.com/plugin/25413-cloud-iac-security) — Cloud (IaC) Security plugin for JetBrains IDEs. Performs real-time inspections of Docker & Kubernetes IaC with 50+ rules based on Docker image/build security best practices, Kubernetes Pod Security Standards, and NSA/CISA Kubernetes Hardening Guidance. - [Code Pathfinder](https://codepathfinder.dev) — An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced structural search, derive insights, find vulnerabilities in code. - **Dockle** :warning: — Container Image Linter for Security helping build the Best-Practice Docker Image. Scans Docker images for security vulnerabilities and CIS Benchmark compliance. Checks for secrets, credential exposure, and security best practices. Provides multiple severity levels (FATAL, WARN, INFO) and supports various output formats for CI/CD integration.

Embedded

- [oelint-adv](https://github.com/priv-kweihmann/oelint-adv) — Linter for bitbake recipes used in open-embedded and YOCTO

Embedded Ruby (a.k.a. ERB, eRuby)

- [ERB Lint](https://github.com/Shopify/erb-lint) — Lint your ERB or HTML files - [ERB::Formatter](https://github.com/nebulab/erb-formatter) — Format ERB files with speed and precision. - [htmlbeautifier](https://github.com/threedaymonk/htmlbeautifier) — A normaliser/beautifier for HTML that also understands embedded Ruby. Ideal for tidying up Rails templates.

Gherkin

- [gherkin-lint](https://github.com/vsiakka/gherkin-lint) — A linter for the Gherkin-Syntax written in Javascript.

HTML

- [Angular ESLint](https://github.com/angular-eslint/angular-eslint#readme) — Linter for Angular projects - [axe-core](https://www.deque.com/axe/) — Accessibility engine for automated Web UI testing. Tests HTML against WCAG 2.0, 2.1, and 2.2 guidelines. Used by Google Lighthouse, Microsoft Accessibility Insights, and thousands of organizations worldwide. - **Bootlint** :warning: — An HTML linter for Bootstrap projects. - [ERB Lint](https://github.com/Shopify/erb-lint) — Lint your ERB or HTML files - [ERB::Formatter](https://github.com/nebulab/erb-formatter) — Format ERB files with speed and precision. - **grunt-bootlint** :warning: — A Grunt wrapper for [Bootlint](https://github.com/twbs/bootlint), the HTML linter for Bootstrap projects. - **gulp-bootlint** :warning: — A gulp wrapper for [Bootlint](https://github.com/twbs/bootlint), the HTML linter for Bootstrap projects. - **HTML Inspector** :warning: — HTML Inspector is a code quality tool to help you and your team write better markup. - [HTML Tidy](http://www.html-tidy.org) — Corrects and cleans up HTML and XML documents by fixing markup errors and upgrading legacy code to modern standards. - [HTML-Validate](https://html-validate.org/) — Offline HTML5 validator. - [htmlbeautifier](https://github.com/threedaymonk/htmlbeautifier) — A normaliser/beautifier for HTML that also understands embedded Ruby. Ideal for tidying up Rails templates. - [HTMLHint](https://htmlhint.com) — A Static Code Analysis Tool for HTML. - [Nu Html Checker](https://validator.github.io/validator/) — Helps you catch problems in your HTML/CSS/SVG - [Pa11y](https://pa11y.org/) — Automated accessibility testing tool that runs HTML CodeSniffer or axe-core from the command line. Supports CI/CD integration, multiple reporters, and testing against WCAG 2.1 AA standards. - [Polymer-analyzer](https://github.com/Polymer/tools/tree/master/packages/analyzer) — A static analysis framework for Web Components.

JSON

- [jsonlint](https://jsonlint.com/) — A JSON parser and validator with a CLI. Standalone version of jsonlint.com - [Spectral](https://stoplight.io/open-source/spectral) — A flexible JSON/YAML linter, with out-of-the-box support for OpenAPI v2/v3 and AsyncAPI v2.

Kubernetes

- [chart-testing](https://github.com/helm/chart-testing) — ct is the tool for testing Helm charts. It is meant to be used for linting and testing pull requests. It automatically detects charts changed against the target branch. - [Cloud (IaC) Security for JetBrains IDEs](https://plugins.jetbrains.com/plugin/25413-cloud-iac-security) — Cloud (IaC) Security plugin for JetBrains IDEs. Performs real-time inspections of Docker & Kubernetes IaC with 50+ rules based on Docker image/build security best practices, Kubernetes Pod Security Standards, and NSA/CISA Kubernetes Hardening Guidance. - [clusterlint](https://github.com/digitalocean/clusterlint) — Clusterlint queries live Kubernetes clusters for resources, executes common and platform specific checks against these resources and provides actionable feedback to cluster operators. It is a non invasive tool that is run externally. Clusterlint does not alter the resource configurations. - [Datree](https://datree.io/) — A CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies - [kics](https://kics.io/) — Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible - [klint](https://github.com/uswitch/klint) — A tool that listens to changes in Kubernetes resources and runs linting rules against them. Identify and debug erroneous objects and nudge objects in line with the policies as both change over time. Klint helps us encode checks and proactively alert teams when they need to take action. - [krane](https://github.com/appvia/krane) — Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition. - **kube-hunter** :warning: — Hunt for security weaknesses in Kubernetes clusters. - [kube-lint](https://github.com/viglesiasce/kube-lint) — A linter for Kubernetes resources with a customizable rule set. You define a list of rules that you would like to validate against your resources and kube-lint will evaluate those rules against them. - [kube-linter](https://github.com/stackrox/kube-linter) — KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices. - [kube-score](https://kube-score.com) — Static code analysis of your Kubernetes object definitions. - [kubeconform](https://github.com/yannh/kubeconform) — A fast Kubernetes manifests validator with support for custom resources. It is inspired by, contains code from and is designed to stay close to [Kubeval](https://analysis-tools.dev/tool/kubeval), but with the following improvements: * high performance: will validate & download manifests over multiple routines, caching downloaded files in memory * configurable list of remote, or local schemas locations, enabling validating Kubernetes custom resources (CRDs) and offline validation capabilities * uses by default a self-updating fork of the schemas registry maintained by the kubernetes-json-schema project - which guarantees up-to-date schemas for all recent versions of Kubernetes. - [KubeLinter](https://github.com/stackrox/kube-linter) — KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices. - **kubeval** :warning: — Validates your Kubernetes configuration files and supports multiple Kubernetes versions.

LaTeX

- **ChkTeX** :warning: — A linter for LaTex which catches some typographic errors LaTeX oversees. - [lacheck](https://www.ctan.org/pkg/lacheck) — A tool for finding common mistakes in LaTeX documents. - [TeXLab](https://texlab.netlify.app) — A Language Server Protocol implementation for TeX/LaTeX, including lint capabilities.

Laravel

- **Enlightn** :warning: — A static and dynamic analysis tool for Laravel applications that provides recommendations to improve the performance, security and code reliability of Laravel apps. Contains 120 automated checks. - [larastan](https://github.com/larastan/larastan) — Adds static analysis to Laravel improving developer productivity and code quality. It is a wrapper around PHPStan.

Makefiles

- [checkmake](https://github.com/mrtazz/checkmake) — Linter / Analyzer for Makefiles. - [mbake](https://pypi.org/project/mbake/) — mbake is a Makefile formatter and linter. It only took 50 years! - [portlint](https://www.freebsd.org/cgi/man.cgi?query=portlint&sektion=1&manpath=FreeBSD+8.1-RELEASE+and+Ports) — A verifier for FreeBSD and DragonFlyBSD port directories.

Markdown

- [markdownlint](https://github.com/DavidAnson/markdownlint) — Node.js -based style checker and lint tool for Markdown/CommonMark files. - [mdformat](https://mdformat.rtfd.io) — CommonMark compliant Markdown formatter - [mdl](https://github.com/mivok/markdownlint) — A tool to check Markdown files and flag style issues. - [mdsf](https://github.com/hougesen/mdsf) — Format markdown code blocks using your favorite code formatters. - [remark-lint](https://remark.js.org) — Pluggable Markdown code style linter written in JavaScript. - [textlint](https://textlint.github.io/) — textlint is an open source text linting utility written in JavaScript.

Metalinter

- **ciocheck** :warning: — Linter, formatter and test suite helper. As a linter, it is a wrapper around `pep8`, `pydocstyle`, `flake8`, and `pylint`. - [flake8](https://github.com/PyCQA/flake8) — A wrapper around `pyflakes`, `pycodestyle` and `mccabe`. - [flakeheaven](https://pypi.org/project/flakeheaven/) — flakeheaven is a python linter built around flake8 to enable inheritable and complex toml configuration. - **Go Meta Linter** :warning: — Concurrently run Go lint tools and normalise their output. Use `golangci-lint` for new projects. - [goreporter](https://github.com/360EntSecGroup-Skylar/goreporter) — Concurrently runs many linters and normalises their output to a report. - **multilint** :warning: — A wrapper around `flake8`, `isort` and `modernize`. - [prospector](https://github.com/PyCQA/prospector) — A wrapper around `pylint`, `pep8`, `mccabe` and others.

Mobile

- [Android Lint](https://developer.android.com/studio/write/lint) — Run static analysis on Android projects. - **android-lint-summary** :warning: — Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once. - [FlowDroid](https://github.com/secure-software-engineering/FlowDroid) — Static taint analysis tool for Android applications. - **iblessing** :warning: — iblessing is an iOS security exploiting toolkit. It can be used for reverse engineering, binary analysis and vulnerability mining. - [Mariana Trench](https://mariana-tren.ch/) — Our security focused static analysis tool for Android and Java applications. Mariana Trench analyzes Dalvik bytecode and is built to run fast on large codebases (10s of millions of lines of code). It can find vulnerabilities as code changes, before it ever lands in your repository. - [Oversecured](https://oversecured.com) :copyright: — Enterprise vulnerability scanner for Android and iOS apps. It allows app owners and developers to secure each new version of a mobile app by integrating Oversecured into the development process. - **paprika** :warning: — A toolkit to detect some code smells in analyzed Android applications. - **qark** :warning: — Tool to look for several security related Android application vulnerabilities. - [redex](https://fbredex.com) — Redex provides a framework for reading, writing, and analyzing .dex files, and a set of optimization passes that use this framework to improve the bytecode. An APK optimized by Redex should be smaller and faster.

Nix

- [deadnix](https://github.com/astro/deadnix) — Scan Nix files for dead code (unused variable bindings) - [statix](https://github.com/nerdypepper/statix) — Lints and suggestions for the Nix programming language. "statix check" highlights antipatterns in Nix code. "statix fix" can fix several such occurrences.

Node.js

- [lockfile-lint](https://github.com/lirantal/lockfile-lint) — Lint an npm or yarn lockfile to analyze and detect security issues - **njsscan** :warning: — A static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep. - **NodeJSScan** :warning: — A static security code scanner for Node.js applications powered by libsast and semgrep that builds on the njsscan cli tool. It features a UI with various dashboards about an application's security status. - [standard](http://standardjs.com) — An npm module that checks for Javascript Styleguide issues.

Packages

- [composer-dependency-analyser](https://github.com/shipmonk-rnd/composer-dependency-analyser) — Fast detection of composer dependency issues. * 💪 Powerful: Detects unused, shadow and misplaced composer dependencies * ⚡ Performant: Scans 15 000 files in 2s! * ⚙️ Configurable: Fine-grained ignores via PHP config * 🕸️ Lightweight: No composer dependencies * 🍰 Easy-to-use: No config needed for first try * ✨ Compatible: PHP >= 7.2 - [lintian](https://wiki.debian.org/Lintian) — Static analysis tool for Debian packages. - [rpmlint](https://github.com/rpm-software-management/rpmlint) — Tool for checking common errors in rpm packages.

Prometheus

- [promformat](https://github.com/facetoe/promformat) — Promformat is a PromQL formatter written in Python. - [promval](https://github.com/facetoe/promval) — PromQL validator written in Python. It can be used to validate that PromQL expressions are written as expected.

Protocol Buffers

- [buf](https://buf.build) — Provides a CLI linter that enforces good API design choices and structure - [protolint](https://github.com/yoheimuta/protolint) — Pluggable linter and fixer to enforce Protocol Buffer style and conventions.

Puppet

- [metadata-json-lint](https://github.com/voxpupuli/metadata-json-lint) — Tool to check the validity of Puppet metadata.json files.

Rails

- [Active Record Doctor](https://github.com/gregnavis/active_record_doctor) — Identify database issues before they hit production. - [Bullet](https://github.com/flyerhzm/bullet) — Help to kill N+1 queries and unused eager loading. - [DatabaseConsistency](https://github.com/djezzzl/database_consistency) — The tool to avoid various issues due to inconsistencies and inefficiencies between a database schema and application models. - [dawnscanner](https://github.com/thesp0nge/dawnscanner) — A static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks. - [ERB::Formatter](https://github.com/nebulab/erb-formatter) — Format ERB files with speed and precision. - [Skunk](https://github.com/fastruby/skunk) — A SkunkScore Calculator for Ruby Code -- Find the most complicated code without test coverage! - [Traceroute](https://github.com/amatsuda/traceroute) — A Rake task gem that helps you find the unused routes and controller actions for your Rails 3+ app.

Security/SAST

- [AzSK](https://azsk.azurewebsites.net/) — Secure DevOps kit for Azure (AzSK) provides security IntelliSense, Security Verification Tests (SVTs), CICD scan vulnerabilities, compliance issues, and infrastructure misconfiguration in your infrastructure-as-code. Supports Azure via ARM. - [brakeman](https://brakemanscanner.org) — A static analysis security vulnerability scanner for Ruby on Rails applications. - [Cloud (IaC) Security for JetBrains IDEs](https://plugins.jetbrains.com/plugin/25413-cloud-iac-security) — Cloud (IaC) Security plugin for JetBrains IDEs. Performs real-time inspections of Docker & Kubernetes IaC with 50+ rules based on Docker image/build security best practices, Kubernetes Pod Security Standards, and NSA/CISA Kubernetes Hardening Guidance. - [Code Pathfinder](https://codepathfinder.dev) — An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced structural search, derive insights, find vulnerabilities in code. - [Credential Digger](https://github.com/SAP/credential-digger) — Credential Digger is a GitHub scanning tool that identifies hardcoded credentials (Passwords, API Keys, Secret Keys, Tokens, personal information, etc), and filtering the false positive data through a machine learning model called [Password Model](https://huggingface.co/SAPOSS/password-model). This scanner is able to detect passwords and non structured tokens with a low false positive rate. - [Datree](https://datree.io/) — A CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies - [detect-secrets](https://github.com/Yelp/detect-secrets) — An enterprise friendly way of detecting and preventing secrets in code. It does this by running periodic diff outputs against heuristically crafted regex statements, to identify whether any new secret has been committed. This way, it avoids the overhead of digging through all git history, as well as the need to scan the entire repository every time. - **Dockle** :warning: — Container Image Linter for Security helping build the Best-Practice Docker Image. Scans Docker images for security vulnerabilities and CIS Benchmark compliance. Checks for secrets, credential exposure, and security best practices. Provides multiple severity levels (FATAL, WARN, INFO) and supports various output formats for CI/CD integration. - **Enlightn** :warning: — A static and dynamic analysis tool for Laravel applications that provides recommendations to improve the performance, security and code reliability of Laravel apps. Contains 120 automated checks. - [GitGuardian ggshield](https://www.gitguardian.com/ggshield) — ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase. - [Gitleaks](https://github.com/zricethezav/gitleaks) — A SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos. - [gokart](https://github.com/praetorian-inc/gokart) — Golang security analysis with a focus on minimizing false positives. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe. - [Grype](https://github.com/anchore/grype) — Vulnerability scanner for container images and filesystems. Developed by Anchore, it scans container images, directories, and archives for known vulnerabilities. Supports multiple image formats, SBOM integration, and VEX (Vulnerability Exploitability eXchange) for accurate vulnerability assessment. Works with various vulnerability databases and provides detailed reporting. - [HasMySecretLeaked](https://gitguardian.com/hasmysecretleaked) :copyright: — HasMySecretLeaked is a project from GitGuardian that aims to help individual users and organizations search across 20 million exposed secrets to verify if their developer secrets have leaked on public repositories, gists, and issues on GitHub projects. - **iblessing** :warning: — iblessing is an iOS security exploiting toolkit. It can be used for reverse engineering, binary analysis and vulnerability mining. - [kani](https://github.com/model-checking/kani) — The Kani Rust Verifier is a bit-precise model checker for Rust. Kani is particularly useful for verifying unsafe code blocks in Rust, where the "unsafe superpowers" are unchecked by the compiler. Kani verifies: * Memory safety (e.g., null pointer dereferences) * User-specified assertions (i.e., assert!(...)) * The absence of panics (e.g., unwrap() on None values) * The absence of some types of unexpected behavior (e.g., arithmetic overflows) - [kics](https://kics.io/) — Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible - **kube-hunter** :warning: — Hunt for security weaknesses in Kubernetes clusters. - [lockfile-lint](https://github.com/lirantal/lockfile-lint) — Lint an npm or yarn lockfile to analyze and detect security issues - **LunaSec** :warning: — Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. - [Malcat](https://malcat.fr/) :copyright: — Hexadecimal editor and disassembler for malware analysis and binary file inspection. Supports over 50 file formats and multiple CPU architectures (x86/x64, MIPS, .NET, Python, VB p-code). Features rapid analysis, embedded file extraction, Yara signature scanning, anomaly detection, and Python scripting. Designed for malware analysts, SOC operators, incident responders, and CTF players. - **njsscan** :warning: — A static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep. - **NodeJSScan** :warning: — A static security code scanner for Node.js applications powered by libsast and semgrep that builds on the njsscan cli tool. It features a UI with various dashboards about an application's security status. - [OSV-Scanner](https://osv.dev/) — Vulnerability scanner written in Go which uses the data provided by OSV.dev. Developed by Google to scan dependencies across multiple languages and package managers for known vulnerabilities. Supports container scanning, license scanning, and guided remediation. Works with lockfiles, SBOMs, and container images to identify security issues. - [Oversecured](https://oversecured.com) :copyright: — Enterprise vulnerability scanner for Android and iOS apps. It allows app owners and developers to secure each new version of a mobile app by integrating Oversecured into the development process. - [OWASP Noir](https://owasp-noir.github.io/noir/) — Attack surface detector that identifies endpoints by static analysis. - [pip-audit](https://github.com/pypa/pip-audit) — Tool for scanning Python packages for known vulnerabilities. Developed by the Python Packaging Authority (PyPA) and supported by Trail of Bits and Google. Scans Python environments and requirements files to identify vulnerable packages and suggests remediation. Supports GitHub Actions, pre-commit hooks, and multiple vulnerability service integrations. - [PT Application Inspector](https://www.ptsecurity.com) :copyright: — Identifies code flaws and detects vulnerabilities to prevent web attacks. Demonstrates remote code execution by presenting possible exploits. - [Qualys Container Security](https://www.qualys.com/apps/container-security) :copyright: — Container native application protection to provide visibility and control of containerized applications. - **QuantifiedCode** :warning: — Automated code review & repair. It helps you to keep track of issues and metrics in your software projects, and can be easily extended to support new types of analyses. - [Safety](https://safetycli.com/) — Python dependency vulnerability scanner designed to enhance software supply chain security by detecting packages with known vulnerabilities. Checks Python dependencies against a database of known security vulnerabilities and provides detailed reports. Supports CI/CD integration and multiple output formats. - [scorecard](https://github.com/ossf/scorecard) — Security Scorecards - Security health metrics for Open Source - [Steampunk Spotter](https://steampunk.si/spotter/) :copyright: — Ansible Playbook Scanning Tool that analyzes and offers recommendations for your playbooks. - [Symfony Insight](https://insight.symfony.com/) :copyright: — Detect security risks, find bugs and provide actionable metrics for PHP projects. - [tfsec](https://github.com/tfsec/tfsec) — Terraform static analysis tool that prevents potential security issues by checking cloud misconfigurations at build time and directly integrates with the HCL parser for better results. Checks for violations of AWS, Azure and GCP security best practice recommendations. - [trufflehog](https://trufflesecurity.com) — Find credentials all over the place TruffleHog is an open source secret-scanning engine that resolves exposed secrets across your company’s entire tech stack. - [Tsunami Security Scanner](https://github.com/google/tsunami-security-scanner) — A general purpose network security scanner with an extensible plugin system for detecting high severity RCE-like vulnerabilities with high confidence. Custom detectors for finding vulnerabilities (e.g. open APIs) can be added.

Smart Contracts

- [mythril](https://github.com/ConsenSys/mythril) — A symbolic execution framework with batteries included, can be used to find and exploit vulnerabilities in smart contracts automatically. - [MythX](https://mythx.io) :copyright: — MythX is an easy to use analysis platform which integrates several analysis methods like fuzzing, symbolic execution and static analysis to find vulnerabilities with high precision. It can be integrated with toolchains like Remix or VSCode or called from the command-line. - [slither](https://github.com/trailofbits/slither) — Static analysis framework that runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. - [solhint](https://protofire.github.io/solhint) — Solhint is an open source project created by https://protofire.io. Its goal is to provide a linting utility for Solidity code. - [solium](https://ethlint.readthedocs.io/en/latest) — Solium is a linter to identify and fix style and security issues in Solidity smart contracts.

Support

- [LibVCS4j](https://github.com/uni-bremen-agst/libvcs4j) — A Java library that allows existing tools to analyse the evolution of software systems by providing a common API for different version control systems and issue trackers. - [RefactorFirst](https://github.com/jimbethancourt/RefactorFirst) — Identifies and prioritizes God Classes and Highly Coupled classes in Java codebases you should refactor first. - [Violations Lib](https://github.com/tomasbjerre/violations-lib) — Java library for parsing report files from static code analysis. Used by a bunch of Jenkins, Maven and Gradle plugins.

Template-Languages

- [ember-template-lint](https://github.com/ember-template-lint/ember-template-lint) — Linter for Ember or Handlebars templates. - [haml-lint](https://github.com/sds/haml-lint) — Tool for writing clean and consistent HAML. - [slim-lint](https://github.com/sds/slim-lint) — Configurable tool for analyzing Slim templates. - [yamllint](https://yamllint.readthedocs.io) — Checks YAML files for syntax validity, key repetition and cosmetic problems such as lines length, trailing spaces, and indentation.

Terraform

- [GitGuardian ggshield](https://www.gitguardian.com/ggshield) — ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase. - [kics](https://kics.io/) — Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible - **shisho** :warning: — A lightweight static code analyzer designed for developers and security teams. It allows you to analyze and transform source code with an intuitive DSL similar to sed, but for code.

Translation

- [dennis](https://github.com/willkg/dennis) — A set of utilities for working with PO files to ease development and improve quality.

Vue.js

- [HTML-Validate](https://html-validate.org/) — Offline HTML5 validator. - **Vetur** :warning: — Vue tooling for VS Code, powered by vls (vue language server). Vetur has support for formatting embedded HTML, CSS, SCSS, JS, TypeScript, and more. Vetur only has a "whole document formatter" and cannot format arbitrary ranges.

Writing

- **After the Deadline** :warning: — Spell, style and grammar checker. - **alex** :warning: — Catch insensitive, inconsiderate writing - [codespell](https://github.com/codespell-project/codespell) — Check code for common misspellings. - [languagetool](https://languagetool.org) — Style and grammar checker for 25+ languages. It finds many errors that a simple spell checker cannot detect. - [misspell-fixer](https://github.com/vlajos/misspell-fixer) — Quick tool for fixing common misspellings, typos in source code. - [Misspelled Words In Context](https://jwilk.net/software/mwic) — A spell-checker that groups possible misspellings and shows them in their contexts. - [proselint](https://github.com/amperser/proselint) — A linter for English prose with a focus on writing style instead of grammar. - [vale](https://vale.sh) — A syntax-aware linter for prose built with speed and extensibility in mind. - **write-good** :warning: — A linter with a focus on eliminating "weasel words".

YAML

- [Spectral](https://stoplight.io/open-source/spectral) — A flexible JSON/YAML linter, with out-of-the-box support for OpenAPI v2/v3 and AsyncAPI v2. - [yamllint](https://yamllint.readthedocs.io) — Checks YAML files for syntax validity, key repetition and cosmetic problems such as lines length, trailing spaces, and indentation.

git

- [commitlint](https://commitlint.js.org) — checks if your commit messages meet the conventional commit format - [GitGuardian ggshield](https://www.gitguardian.com/ggshield) — ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase. - [HasMySecretLeaked](https://gitguardian.com/hasmysecretleaked) :copyright: — HasMySecretLeaked is a project from GitGuardian that aims to help individual users and organizations search across 20 million exposed secrets to verify if their developer secrets have leaked on public repositories, gists, and issues on GitHub projects. ## More Collections - [Clean code linters](https://github.com/collections/clean-code-linters) — A collection of linters in github collections - [Code Quality Checker Tools For PHP Projects](https://github.com/collections/code-quality-in-php) — A collection of PHP linters in github collections - [go-tools](https://github.com/dominikh/go-tools) — A collection of tools and libraries for working with Go code, including linters and static analysis - [linters](https://github.com/mcandre/linters) — An introduction to static code analysis - [OWASP Source Code Analysis Tools](https://owasp.org/www-community/Source_Code_Analysis_Tools) — List of tools maintained by the Open Web Application Security Project - [php-static-analysis-tools](https://github.com/exakat/php-static-analysis-tools) — A reviewed list of useful PHP static analysis tools - [AppSec Santa — SAST Tools](https://appsecsanta.com/sast-tools) — Independent comparison of 30+ static analysis security testing tools with features, pricing, and alternatives - [Wikipedia](http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis) — A list of tools for static code analysis. ## License [![CC0](https://i.creativecommons.org/p/zero/1.0/88x31.png)](https://creativecommons.org/publicdomain/zero/1.0/) To the extent possible under law, [Matthias Endler](https://endler.dev) has waived all copyright and related or neighboring rights to this work. The underlying source code used to format and display that content is licensed under the MIT license. Title image [Designed by Freepik](https://www.freepik.com). ================================================ FILE: data/.gitignore ================================================ /target/ **/*.rs.bk .env ================================================ FILE: data/README.md ================================================ This is the project's CI environment. Read more about the tooling [here](https://endler.dev/2017/obsolete/). Want to add an entry to the list? Here's how to [contribute](https://github.com/analysis-tools-dev/static-analysis/blob/master/CONTRIBUTING.md). ================================================ FILE: data/api/.gitignore ================================================ STATS.md ================================================ FILE: data/api/README.md ================================================ # API This directory contains machine-readable JSON files of all static analysis tools in the repo. The files can be used to create your own API endpoints from the data, for running more complicated queries on the command-line with `jq`, or for using them inside a Jupyter notebook. The data format is subject to change as we use it for rendering the [website]. The files in this directory are not meant to be edited directly. Instead, update the `.yml` files in the `/data/tools` directory and render the JSON again by calling `make render` from the root directory. [website]: https://analysis-tools.dev ================================================ FILE: data/api/stats/tags.json ================================================ { "/tag/typescript": 152, "/tag/rust": 130, "/tag/nodejs": 114, "/tag/sql": 103, "/tag/go": 97, "/tag/c": 92, "/tag/php": 88, "/tag/binary": 78, "/tag/cpp": 76, "/tag/ruby": 74, "/tag/python": 74, "/tag/csharp": 71, "/tag/shell": 64, "/tag/kotlin": 63, "/tag/vue": 59, "/tag/swift": 57, "/tag/javascript": 55, "/tag/lua": 47, "/tag/java": 44, "/tag/protobuf": 42, "/tag/groovy": 42, "/tag/yaml": 37, "/tag/plsql": 37, "/tag/verilog": 36, "/tag/security": 36 } ================================================ FILE: data/api/stats/tools.json ================================================ { "mega-linter": 221, "semgrep": 81, "lizard": 55, "sqlcheck": 47, "codeql": 44, "better-code-hub": 32, "rust-analyzer": 31, "callgraph": 31, "hcl-appscan-source": 29, "codescene": 28, "black": 28, "sonatype": 27, "mypy": 27, "eslint": 27, "tencentcodeanalysis": 26, "sonarqube": 26, "fortify": 26, "kubeval": 25, "vera": 23, "sigrid": 23, "searchdiggity": 23, "trivy": 22, "coverity": 22, "c2rust": 22, "typl": 21 } ================================================ FILE: data/api/tags.json ================================================ { "languages": [ { "name": ".NET", "value": "dotnet", "tag_type": "Language" }, { "name": "ABAP", "value": "abap", "tag_type": "Language" }, { "name": "ActionScript", "value": "actionscript", "tag_type": "Language" }, { "name": "Active Server Pages", "value": "asp", "tag_type": "Language" }, { "name": "Ada", "value": "ada", "tag_type": "Language" }, { "name": "Apex", "value": "apex", "tag_type": "Language" }, { "name": "ASP.NET", "value": "aspnet", "tag_type": "Language" }, { "name": "Assembly", "value": "asm", "tag_type": "Language" }, { "name": "Awk", "value": "awk", "tag_type": "Language" }, { "name": "C", "value": "c", "tag_type": "Language" }, { "name": "C#", "value": "csharp", "tag_type": "Language" }, { "name": "C++", "value": "cpp", "tag_type": "Language" }, { "name": "Clojure", "value": "clojure", "tag_type": "Language" }, { "name": "COBOL", "value": "cobol", "tag_type": "Language" }, { "name": "CoffeeScript", "value": "coffeescript", "tag_type": "Language" }, { "name": "ColdFusion", "value": "coldfusion", "tag_type": "Language" }, { "name": "Crystal", "value": "crystal", "tag_type": "Language" }, { "name": "Dart", "value": "dart", "tag_type": "Language" }, { "name": "Delphi", "value": "delphi", "tag_type": "Language" }, { "name": "Dlang", "value": "dlang", "tag_type": "Language" }, { "name": "Elixir", "value": "elixir", "tag_type": "Language" }, { "name": "Elm", "value": "elm", "tag_type": "Language" }, { "name": "Erlang", "value": "erlang", "tag_type": "Language" }, { "name": "F#", "value": "fsharp", "tag_type": "Language" }, { "name": "Fortran", "value": "fortran", "tag_type": "Language" }, { "name": "Go", "value": "go", "tag_type": "Language" }, { "name": "Groovy", "value": "groovy", "tag_type": "Language" }, { "name": "Haskell", "value": "haskell", "tag_type": "Language" }, { "name": "Haxe", "value": "haxe", "tag_type": "Language" }, { "name": "Java", "value": "java", "tag_type": "Language" }, { "name": "JavaScript", "value": "javascript", "tag_type": "Language" }, { "name": "JavaServer Pages", "value": "jsp", "tag_type": "Language" }, { "name": "Jimple", "value": "jimple", "tag_type": "Language" }, { "name": "JSX", "value": "jsx", "tag_type": "Language" }, { "name": "Julia", "value": "julia", "tag_type": "Language" }, { "name": "Kotlin", "value": "kotlin", "tag_type": "Language" }, { "name": "Lightning Web Components", "value": "lwc", "tag_type": "Language" }, { "name": "Lisp", "value": "lisp", "tag_type": "Language" }, { "name": "Lua", "value": "lua", "tag_type": "Language" }, { "name": "MATLAB", "value": "matlab", "tag_type": "Language" }, { "name": "Nim", "value": "nim", "tag_type": "Language" }, { "name": "Objective C", "value": "objectivec", "tag_type": "Language" }, { "name": "Ocaml", "value": "ocaml", "tag_type": "Language" }, { "name": "Pascal", "value": "pascal", "tag_type": "Language" }, { "name": "Perl", "value": "perl", "tag_type": "Language" }, { "name": "PHP", "value": "php", "tag_type": "Language" }, { "name": "PL/SQL", "value": "plsql", "tag_type": "Language" }, { "name": "PowerShell", "value": "powershell", "tag_type": "Language" }, { "name": "Python", "value": "python", "tag_type": "Language" }, { "name": "R", "value": "r", "tag_type": "Language" }, { "name": "Raku", "value": "raku", "tag_type": "Language" }, { "name": "Rego", "value": "rego", "tag_type": "Language" }, { "name": "Ruby", "value": "ruby", "tag_type": "Language" }, { "name": "Rust", "value": "rust", "tag_type": "Language" }, { "name": "Scala", "value": "scala", "tag_type": "Language" }, { "name": "Shell", "value": "shell", "tag_type": "Language" }, { "name": "SQL", "value": "sql", "tag_type": "Language" }, { "name": "Swift", "value": "swift", "tag_type": "Language" }, { "name": "Tcl", "value": "tcl", "tag_type": "Language" }, { "name": "TSQL", "value": "tsql", "tag_type": "Language" }, { "name": "TypeScript", "value": "typescript", "tag_type": "Language" }, { "name": "VBScript", "value": "vbscript", "tag_type": "Language" }, { "name": "Verilog/SystemVerilog", "value": "verilog", "tag_type": "Language" }, { "name": "Vim Script", "value": "vim-script", "tag_type": "Language" }, { "name": "Visual Basic", "value": "vbasic", "tag_type": "Language" }, { "name": "Visual Basic .NET", "value": "vbnet", "tag_type": "Language" }, { "name": "Visual Basic for Applications (VBA)", "value": "vba", "tag_type": "Language" }, { "name": "Visualforce", "value": "visualforce", "tag_type": "Language" }, { "name": "WebAssembly", "value": "wasm", "tag_type": "Language" } ], "other": [ { "name": ".env", "value": "dotenv", "tag_type": "Other" }, { "name": "Ansible", "value": "ansible", "tag_type": "Other" }, { "name": "Archive", "value": "archive", "tag_type": "Other" }, { "name": "Azure Resource Manager", "value": "arm", "tag_type": "Other" }, { "name": "Binaries", "value": "binary", "tag_type": "Other" }, { "name": "Build tools", "value": "buildtool", "tag_type": "Other" }, { "name": "Cloud Formation", "value": "cloudformation", "tag_type": "Other" }, { "name": "Config Files", "value": "configfile", "tag_type": "Other" }, { "name": "Configuration Management", "value": "configmanagement", "tag_type": "Other" }, { "name": "Containers", "value": "container", "tag_type": "Other" }, { "name": "Continuous Integration", "value": "ci", "tag_type": "Other" }, { "name": "CSS/SASS/SCSS", "value": "css", "tag_type": "Other" }, { "name": "Deno", "value": "deno", "tag_type": "Other" }, { "name": "Dockerfile", "value": "dockerfile", "tag_type": "Other" }, { "name": "Embedded Ruby (a.k.a. ERB, eRuby)", "value": "erb", "tag_type": "Other" }, { "name": "Embedded", "value": "embedded", "tag_type": "Other" }, { "name": "Gherkin", "value": "gherkin", "tag_type": "Other" }, { "name": "Ghidra", "value": "ghidra", "tag_type": "Other" }, { "name": "git", "value": "git", "tag_type": "Other" }, { "name": "HTML", "value": "html", "tag_type": "Other" }, { "name": "JSON", "value": "json", "tag_type": "Other" }, { "name": "Kubernetes", "value": "kubernetes", "tag_type": "Other" }, { "name": "Laravel", "value": "laravel", "tag_type": "Other" }, { "name": "LaTeX", "value": "latex", "tag_type": "Other" }, { "name": "Less", "value": "less", "tag_type": "Other" }, { "name": "Makefiles", "value": "make", "tag_type": "Other" }, { "name": "Markdown", "value": "markdown", "tag_type": "Other" }, { "name": "Metalinter", "value": "meta", "tag_type": "Other" }, { "name": "Mobile", "value": "mobile", "tag_type": "Other" }, { "name": "Nix", "value": "nix", "tag_type": "Other" }, { "name": "Node.js", "value": "nodejs", "tag_type": "Other" }, { "name": "Packages", "value": "package", "tag_type": "Other" }, { "name": "PhoneGap", "value": "phonegap", "tag_type": "Other" }, { "name": "Prometheus", "value": "prometheus", "tag_type": "Other" }, { "name": "Protocol Buffers", "value": "protobuf", "tag_type": "Other" }, { "name": "Puppet", "value": "puppet", "tag_type": "Other" }, { "name": "Rails", "value": "rails", "tag_type": "Other" }, { "name": "Security/SAST", "value": "security", "tag_type": "Other" }, { "name": "Smart Contracts", "value": "smart-contracts", "tag_type": "Other" }, { "name": "Support", "value": "support", "tag_type": "Other" }, { "name": "Spring", "value": "spring", "tag_type": "Other" }, { "name": "Template-Languages", "value": "template", "tag_type": "Other" }, { "name": "Terraform", "value": "terraform", "tag_type": "Other" }, { "name": "Translation", "value": "translation", "tag_type": "Other" }, { "name": "Vue.js", "value": "vue", "tag_type": "Other" }, { "name": "Writing", "value": "writing", "tag_type": "Other" }, { "name": "XML", "value": "xml", "tag_type": "Other" }, { "name": "YAML", "value": "yaml", "tag_type": "Other" } ] } ================================================ FILE: data/api/tools.json ================================================ { "abaplint": { "name": "abaplint", "categories": [ "linter" ], "languages": [ "abap" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli", "service", "ide-plugin" ], "homepage": "https://abaplint.org", "source": "https://github.com/abaplint/abaplint", "pricing": null, "plans": null, "description": "Linter for ABAP, written in TypeScript.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "abapopenchecks": { "name": "abapOpenChecks", "categories": [ "linter" ], "languages": [ "abap" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://docs.abapopenchecks.org", "source": "https://github.com/larshp/abapOpenChecks", "pricing": null, "plans": null, "description": "Enhances the SAP Code Inspector with new and customizable checks.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "actionlint": { "name": "actionlint", "categories": [ "linter" ], "languages": [], "other": [ "ci" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://rhysd.github.io/actionlint", "source": "https://github.com/rhysd/actionlint", "pricing": null, "plans": null, "description": "Static checker for GitHub Actions workflow files. Provides an online version.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "active-record-doctor": { "name": "Active Record Doctor", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [ "rails" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/gregnavis/active_record_doctor", "source": "https://github.com/gregnavis/active_record_doctor", "pricing": null, "plans": null, "description": "Identify database issues before they hit production.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "aether": { "name": "aether", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "http://aetherjs.com", "source": "https://github.com/codecombat/aether", "pricing": null, "plans": null, "description": "Lint, analyze, normalize, transform, sandbox, run, step through, and visualize user JavaScript, in node or the browser.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "after-the-deadline": { "name": "After the Deadline", "categories": [ "linter" ], "languages": [], "other": [ "writing" ], "licenses": [ "GPL v2" ], "types": [ "cli" ], "homepage": "https://open.afterthedeadline.com", "source": "https://open.afterthedeadline.com", "pricing": null, "plans": null, "description": "Spell, style and grammar checker.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ale": { "name": "ale", "categories": [ "linter" ], "languages": [ "javascript", "python" ], "other": [], "licenses": [ "BSD 2-Clause \"Simplified\" License" ], "types": [ "ide-plugin" ], "homepage": "https://github.com/w0rp/ale", "source": "https://github.com/w0rp/ale", "pricing": null, "plans": null, "description": "Asynchronous Lint Engine for Vim and NeoVim with support for many languages.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "alex": { "name": "alex", "categories": [ "linter" ], "languages": [], "other": [ "writing" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://alexjs.com", "source": "https://github.com/get-alex/alex", "pricing": null, "plans": null, "description": "Catch insensitive, inconsiderate writing", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "aligncheck": { "name": "aligncheck", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "GPL v2" ], "types": [ "cli" ], "homepage": "https://gitlab.com/opennota/check", "source": "https://gitlab.com/opennota/check", "pricing": null, "plans": null, "description": "Find inefficiently packed structs.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "alquitran": { "name": "alquitran", "categories": [ "linter" ], "languages": [], "other": [ "archive" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/ferivoz/alquitran", "source": "https://github.com/ferivoz/alquitran", "pricing": null, "plans": null, "description": "Inspects tar archives and tries to spot portability issues in regard to POSIX 2017 pax specification and common tar implementations.\nThis project is intended to be used by maintainers of projects who want to offer portable source code archives for as many systems as possible. Checking tar archives with alquitran before publishing them should help spotting issues before they reach distributors and users.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ameba": { "name": "ameba", "categories": [ "linter" ], "languages": [ "crystal" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://crystal-ameba.github.io", "source": "https://github.com/crystal-ameba/ameba", "pricing": null, "plans": null, "description": "A static code analysis tool for Crystal.", "discussion": null, "deprecated": null, "resources": [ { "title": "Crystal Language Static Code Analysis with the Ameba Shard", "url": "https://www.youtube.com/watch?v=SV8tV79Lvog" } ], "reviews": null, "demos": null, "wrapper": null }, "anchore": { "name": "anchore", "categories": [ "linter" ], "languages": [], "other": [ "container" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://anchore.io", "source": "https://github.com/anchore/anchore-engine", "pricing": null, "plans": null, "description": "Discover, analyze, and certify container images. A service that analyzes Docker images and applies user-defined acceptance policies to allow automated container image validation and certification ", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "android-lint": { "name": "Android Lint", "categories": [ "linter" ], "languages": [], "other": [ "mobile" ], "licenses": [ "Android Software Development Kit License Agreement" ], "types": [ "cli" ], "homepage": "https://developer.android.com/studio/write/lint", "source": "https://android.googlesource.com", "pricing": null, "plans": null, "description": "Run static analysis on Android projects.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "android-lint-summary": { "name": "android-lint-summary", "categories": [ "linter" ], "languages": [], "other": [ "mobile" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://passy.github.io/android-lint-summary", "source": "https://github.com/passy/android-lint-summary", "pricing": null, "plans": null, "description": "Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "android-studio": { "name": "Android Studio", "categories": [ "linter" ], "languages": [ "java", "kotlin" ], "other": [], "licenses": [ "Android Software Development Kit License Agreement" ], "types": [ "ide-plugin" ], "homepage": "https://developer.android.com/studio", "source": "https://android.googlesource.com/platform/tools/adt/idea/+/refs/heads/mirror-goog-studio-master-dev", "pricing": null, "plans": null, "description": "Based on IntelliJ IDEA, and comes bundled with tools for Android including Android Lint.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "angr": { "name": "angr", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "BSD 2-Clause \"Simplified\" License" ], "types": [ "cli" ], "homepage": "https://github.com/angr/angr", "source": null, "pricing": null, "plans": null, "description": "Binary code analysis tool that also supports symbolic execution.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "angular-eslint": { "name": "Angular ESLint", "categories": [ "linter" ], "languages": [ "typescript" ], "other": [ "html" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/angular-eslint/angular-eslint#readme", "source": "https://github.com/angular-eslint/angular-eslint", "pricing": null, "plans": null, "description": "Linter for Angular projects", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ansible-lint": { "name": "ansible-lint", "categories": [ "linter" ], "languages": [], "other": [ "configmanagement" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://ansible.readthedocs.io/projects/lint/", "source": "https://github.com/ansible/ansible-lint", "pricing": null, "plans": null, "description": "Checks playbooks for practices and behaviour that could potentially be improved.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "appchecker": { "name": "AppChecker", "categories": [ "linter" ], "languages": [ "c", "cpp", "java", "php" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://npo-echelon.ru/en/solutions/appchecker.php", "source": null, "pricing": "https://npo-echelon.ru/en/solutions/appchecker.php", "plans": { "free": false, "oss": false }, "description": "Static analysis for C/C++/C#, PHP and Java.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "application-inspector": { "name": "Application Inspector", "categories": [ "linter" ], "languages": [ "asp", "c", "csharp", "cpp", "java", "javascript", "objectivec", "php", "sql", "swift", "vbnet" ], "other": [ "html", "security" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.ptsecurity.com/ww-en/products/ai", "source": null, "pricing": "https://global.ptsecurity.com/en/products/ai/", "plans": { "free": false, "oss": false }, "description": "Commercial Static Code Analysis which generates exploits to verify vulnerabilities.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "applicationinspector": { "name": "ApplicationInspector", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "go", "java", "javascript", "objectivec", "php", "powershell", "python", "ruby" ], "other": [ "html" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/microsoft/ApplicationInspector", "source": "https://github.com/microsoft/ApplicationInspector", "pricing": null, "plans": null, "description": "Creates reports of over 400 rule patterns for feature detection (e.g. the use of cryptography or version control in apps).", "discussion": null, "deprecated": null, "resources": [ { "title": "Introducing Microsoft Application Inspector", "url": "https://www.microsoft.com/security/blog/2020/01/16/introducing-microsoft-application-inspector/" } ], "reviews": null, "demos": null, "wrapper": null }, "archunit": { "name": "ArchUnit", "categories": [ "linter" ], "languages": [ "java", "kotlin" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://www.archunit.org", "source": "https://github.com/TNG/ArchUnit", "pricing": null, "plans": null, "description": "Unit test your Java or Kotlin architecture.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "archunitnet": { "name": "ArchUnitNET", "categories": [ "linter" ], "languages": [ "csharp" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/TNG/ArchUnitNET", "source": "https://github.com/TNG/ArchUnitNET", "pricing": null, "plans": null, "description": "A C# architecture test library to specify and assert architecture rules in C# for automated testing.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ast-grep": { "name": "ast-grep", "categories": [ "linter" ], "languages": [ "c", "csharp", "go", "java", "javascript", "jsx", "kotlin", "lua", "python", "ruby", "rust", "typescript" ], "other": [ "json", "yaml" ], "licenses": [ "MIT" ], "types": [ "cli", "ide-plugin" ], "homepage": "https://ast-grep.github.io/", "source": "https://github.com/ast-grep/ast-grep", "pricing": null, "plans": null, "description": "ast-grep is a powerful tool designed for managing code at scale using Abstract Syntax Trees (AST). Think of it as a hybrid of grep, eslint, and codemod, with the ability to search, lint, and rewrite code based on its structure rather than plain text.\nIt supports multiple languages and is designed to be extensible, allowing you to register custom languages.", "discussion": null, "deprecated": null, "resources": [ { "title": "ast-grep Quick Start Guide", "url": "https://ast-grep.github.io/guide/quick-start.html" } ], "reviews": [ "https://stackshare.io/ast-grep" ], "demos": [ "https://ast-grep.github.io/playground.html" ], "wrapper": null }, "astree": { "name": "Astrée", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.absint.com/astree/index.htm", "source": null, "pricing": "https://www.absint.com/astree/contact.htm", "plans": { "free": false, "oss": false }, "description": "Astrée automatically proves the absence of runtime errors and invalid con­current behavior in C/C++ applications. It is sound for floating-point computations, very fast, and exceptionally precise. The analyzer also checks for MISRA/CERT/CWE/Adaptive Autosar coding rules and supports qualification for ISO 26262, DO-178C level A, and other safety standards. Jenkins and Eclipse plugins are available.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "atom-beautify": { "name": "Atom-Beautify", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "coffeescript", "coldfusion", "java", "javascript", "objectivec", "php", "python", "ruby", "sql", "typescript" ], "other": [ "css", "html" ], "licenses": [ "MIT License" ], "types": [ "ide-plugin" ], "homepage": "https://atom.io/packages/atom-beautify", "source": "https://github.com/Glavin001/atom-beautify", "pricing": null, "plans": null, "description": "Beautify HTML, CSS, JavaScript, PHP, Python, Ruby, Java, C, C++, C#, Objective-C, CoffeeScript, TypeScript, Coldfusion, SQL, and more in Atom editor.", "discussion": null, "deprecated": true, "resources": [ { "title": "Adding Atom Beautify Package to Atom", "url": "https://www.youtube.com/watch?v=oBz6rXG0XT8" }, { "title": "10 Essential Atom Editor Packages & Setup", "url": "https://www.youtube.com/watch?v=aiXNKHKWlmY" } ], "reviews": null, "demos": null, "wrapper": null }, "autocorrect": { "name": "autocorrect", "categories": [ "linter", "formatter" ], "languages": [ "csharp", "go", "javascript", "jsx", "python", "ruby", "rust", "scala", "shell", "typescript" ], "other": [ "css", "html", "json", "markdown", "vue", "writing", "xml", "yaml" ], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://huacnlee.github.io/autocorrect", "source": "https://github.com/huacnlee/autocorrect", "pricing": null, "plans": null, "description": "A linter and formatter to help you to improve copywriting, correct spaces, words, punctuations between CJK (Chinese, Japanese, Korean).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "autoflake": { "name": "autoflake", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/PyCQA/autoflake", "source": "https://github.com/PyCQA/autoflake", "pricing": null, "plans": null, "description": "Autoflake removes unused imports and unused variables from Python code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "autopep8": { "name": "autopep8", "categories": [ "formatter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://pypi.org/project/autopep8/", "source": "https://github.com/hhatto/autopep8", "pricing": null, "plans": null, "description": "A tool that automatically formats Python code to conform to the PEP 8 style guide.\nIt uses the pycodestyle utility to determine what parts of the code needs to be formatted.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "aws-cloudformation-guard": { "name": "AWS CloudFormation Guard", "categories": [ "linter" ], "languages": [], "other": [ "configmanagement" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/aws-cloudformation/cloudformation-guard", "source": "https://github.com/aws-cloudformation/cloudformation-guard", "pricing": null, "plans": null, "description": "Check local CloudFormation templates against policy-as-code rules and generate rules from existing templates.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "axe-core": { "name": "axe-core", "categories": [ "linter" ], "languages": [], "other": [ "html" ], "licenses": [ "MPL-2.0" ], "types": [ "cli" ], "homepage": "https://www.deque.com/axe/", "source": "https://github.com/dequelabs/axe-core", "pricing": null, "plans": null, "description": "Accessibility engine for automated Web UI testing. Tests HTML against WCAG 2.0, 2.1, and 2.2 guidelines. Used by Google Lighthouse, Microsoft Accessibility Insights, and thousands of organizations worldwide.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "axivion-bauhaus-suite": { "name": "Axivion Bauhaus Suite", "categories": [ "linter" ], "languages": [ "c", "cpp", "java", "php" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.axivion.com/en/products-services-9#products_bauhaussuite", "source": null, "pricing": "https://www.axivion.com/pricing", "plans": null, "description": "Tracks down error-prone code locations, style violations, cloned or dead code, cyclic dependencies and more for C/C++, C#/.NET, Java and Ada 83/Ada 95.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "azsk": { "name": "AzSK", "categories": [ "linter" ], "languages": [], "other": [ "arm", "configmanagement", "ci", "security" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://azsk.azurewebsites.net/", "source": "https://github.com/azsk/DevOpsKit", "pricing": null, "plans": null, "description": "Secure DevOps kit for Azure (AzSK) provides security IntelliSense, Security Verification Tests (SVTs), CICD scan vulnerabilities, compliance issues, and infrastructure misconfiguration in your infrastructure-as-code. Supports Azure via ARM.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "bandit": { "name": "bandit", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://bandit.readthedocs.io/en/latest", "source": "https://github.com/PyCQA/bandit", "pricing": null, "plans": null, "description": "A tool to find common security issues in Python code.", "discussion": null, "deprecated": null, "resources": [ { "title": "Code security with Bandit and Safety — Perfect Python", "url": "https://www.youtube.com/watch?v=YZOKnvisJpw" }, { "title": "The Python Podcast.__init__: Bandit with Tim Kelsey, Travis McPeak, and Eric Brown - E62", "url": "https://www.pythonpodcast.com/episodepage/bandit-with-tim-kelsey-travis-mcpeak-and-eric-brown" } ], "reviews": null, "demos": null, "wrapper": null }, "bashate": { "name": "bashate", "categories": [ "linter" ], "languages": [ "shell" ], "other": [], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/openstack/bashate", "source": "https://github.com/openstack/bashate", "pricing": null, "plans": null, "description": "Code style enforcement for bash programs. The output format aims to follow pycodestyle (pep8) default output format.", "discussion": null, "deprecated": null, "resources": [ { "title": "Official bashate documentation", "url": "https://docs.openstack.org/bashate" } ], "reviews": null, "demos": null, "wrapper": null }, "bearer": { "name": "Bearer", "categories": [ "linter" ], "languages": [ "c", "go", "java", "javascript", "jsx", "ruby", "typescript" ], "other": [ "ci", "html", "json", "rails", "security", "yaml" ], "licenses": [ "Elastic License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/bearer/bearer", "source": "https://github.com/bearer/bearer", "pricing": "https://www.bearer.com/plans", "plans": { "free": false, "oss": true }, "description": "Open-Source static code analysis tool to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). Highly configurable and easily extensible, built for security and engineering teams.", "discussion": null, "deprecated": null, "resources": [ { "title": "Bearer's built-in set of rules to prevent cirtical security risks and vulnerabilities", "url": "https://docs.bearer.com/reference/rules/" }, { "title": "Bearer CLI: 2 months in retrospect of new features and improvements!", "url": "https://www.bearer.com/blog/bearer-cli-2-months-in-retrospect-of-new-features-and-improvements" } ], "reviews": null, "demos": null, "wrapper": null }, "bellybutton": { "name": "bellybutton", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/hchasestevens/bellybutton", "source": "https://github.com/hchasestevens/bellybutton", "pricing": null, "plans": null, "description": "A linting engine supporting custom project-specific rules.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "better-code-hub": { "name": "Better Code Hub", "categories": [ "linter" ], "languages": [ "csharp", "cpp", "go", "groovy", "java", "javascript", "kotlin", "objectivec", "perl", "php", "python", "ruby", "scala", "shell", "swift", "typescript" ], "other": [ "smart-contracts" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://bettercodehub.com", "source": null, "pricing": "https://bettercodehub.com/pricing", "plans": { "free": true, "oss": true }, "description": "Better Code Hub checks your GitHub codebase against 10 engineering guidelines devised by the authority in software quality, Software Improvement Group.", "discussion": null, "deprecated": null, "resources": [ { "title": "Better Code Hub introduction video", "url": "https://www.youtube.com/watch?v=diERwdr2omM" } ], "reviews": null, "demos": null, "wrapper": null }, "betterscan-ce": { "name": "Betterscan CE", "categories": [ "linter" ], "languages": [ "apex", "c", "csharp", "cpp", "go", "java", "javascript", "kotlin", "perl", "php", "python", "ruby", "scala", "swift", "typescript" ], "other": [ "ci", "security" ], "licenses": [ "AGPL-3.0" ], "types": [ "cli" ], "homepage": "https://github.com/tcosolutions/betterscan-ce", "source": "https://github.com/tcosolutions/betterscan-ce", "pricing": null, "plans": { "free": false, "oss": true }, "description": "Checks your code and infra (various Git repositories supported, cloud stacks, CLI, Web Interface platform, integrationss available) for security and quality issues. Code Scanning/SAST/Linting using many tools/Scanners deduplicated with One Report (AI optional).", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "binbloom": { "name": "binbloom", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/quarkslab/binbloom", "source": "https://github.com/quarkslab/binbloom", "pricing": null, "plans": null, "description": "Analyzes a raw binary firmware and determines features like endianness or the loading address. The tool is compatible with all architectures.\nLoading address: binbloom can parse a raw binary firmware and determine its loading address. Endianness: binbloom can use heuristics to determine the endianness of a firmware. UDS Database: binbloom can parse a raw binary firmware and check if it contains an array containing UDS command IDs.", "discussion": null, "deprecated": null, "resources": [ { "title": "Tutorial: Binbloom - Raw Binary Firmware Analysis Software", "url": "https://www.kitploit.com/2020/10/binbloom-raw-binary-firmware-analysis.html?m=1" } ], "reviews": null, "demos": null, "wrapper": null }, "binskim": { "name": "BinSkim", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/Microsoft/binskim", "source": "https://github.com/Microsoft/binskim", "pricing": null, "plans": null, "description": "A binary static analysis tool that provides security and correctness results for Windows portable executables.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "biome": { "name": "biome", "categories": [ "linter" ], "languages": [ "javascript", "typescript" ], "other": [ "css", "json" ], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://biomejs.dev", "source": "https://github.com/biomejs/biome", "pricing": null, "plans": null, "description": "A toolchain for web projects, aimed to provide functionalities to maintain them. Biome formats and lints code in a fraction of a second. It is the successor to Rome. It is designed to eventually replace Biome is designed to eventually replace Babel, ESLint, webpack, Prettier, Jest, and others.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "black": { "name": "Black", "categories": [ "formatter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://black.readthedocs.io/en/stable", "source": "https://github.com/psf/black", "pricing": null, "plans": null, "description": "The uncompromising Python code formatter.", "discussion": null, "deprecated": null, "resources": [ { "title": "Using the black code formatter in Python", "url": "https://www.youtube.com/watch?v=InA-oAWu3Mo" }, { "title": "Łukasz Langa - Life Is Better Painted Black, or: How to Stop Worrying and Embrace Auto-Formatting", "url": "https://www.youtube.com/watch?v=esZLCuWs_2Y" } ], "reviews": [ "https://luminousmen.com/post/my-unpopular-opinion-about-black-code-formatter" ], "demos": [ "https://black.vercel.app/" ], "wrapper": null }, "black-duck": { "name": "Black Duck", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.blackducksoftware.com", "source": null, "pricing": "https://www.synopsys.com/software-integrity/contact-sales.html", "plans": { "free": false, "oss": false }, "description": "Tool to analyze source code and binaries for reusable code, necessary licenses and potential security aspects.", "discussion": null, "deprecated": null, "resources": [ { "title": "Black Duck SCA & Coverity Static Analysis (SAST) Integrations with Amazon AWS CI Tools | Synopsys", "url": "https://www.youtube.com/watch?v=GEvxbU6EmiA" } ], "reviews": null, "demos": null, "wrapper": null }, "bloaty": { "name": "bloaty", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/google/bloaty", "source": "https://github.com/google/bloaty", "pricing": null, "plans": null, "description": "Ever wondered what's making your binary big? Bloaty McBloatface will show you a size profile of the binary so you can understand what's taking up space inside. Bloaty performs a deep analysis of the binary. Using custom ELF, DWARF, and Mach-O parsers, Bloaty aims to accurately attribute every byte of the binary to the symbol or compileunit that produced it. It will even disassemble the binary looking for references to anonymous data. F", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "blockwatch": { "name": "BlockWatch", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "go", "java", "javascript", "jsx", "kotlin", "php", "python", "ruby", "rust", "shell", "sql", "swift", "typescript" ], "other": [ "css", "html", "make", "markdown", "xml", "yaml" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/mennanov/blockwatch", "source": "https://github.com/mennanov/blockwatch", "pricing": null, "plans": null, "description": "A language-agnostic linter that keeps code, documentation, and configuration in sync and enforces strict formatting and validation rules.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "bodyclose": { "name": "bodyclose", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/timakin/bodyclose", "source": "https://github.com/timakin/bodyclose", "pricing": null, "plans": null, "description": "Checks whether HTTP response body is closed.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "bootlint": { "name": "Bootlint", "categories": [ "linter" ], "languages": [], "other": [ "html" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/twbs/bootlint", "source": "https://github.com/twbs/bootlint", "pricing": null, "plans": null, "description": "An HTML linter for Bootstrap projects.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "bowler": { "name": "Bowler", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://pybowler.io/", "source": "https://github.com/facebookincubator/bowler", "pricing": null, "plans": null, "description": "Safe code refactoring for modern Python. Bowler is a refactoring tool for manipulating Python at the syntax tree level. It enables safe, large scale code modifications while guaranteeing that the resulting code compiles and runs. It provides both a simple command line interface and a fluent API in Python for generating complex code modifications in code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "brakeman": { "name": "brakeman", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [ "security" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://brakemanscanner.org", "source": "https://github.com/presidentbeef/brakeman", "pricing": null, "plans": null, "description": "A static analysis security vulnerability scanner for Ruby on Rails applications.", "discussion": null, "deprecated": null, "resources": [ { "title": "Brakeman: A Security Scanner for Ruby on Rails", "url": "https://www.youtube.com/watch?v=pTUlPq4glOg" } ], "reviews": null, "demos": null, "wrapper": null }, "brittany": { "name": "brittany", "categories": [ "formatter" ], "languages": [ "haskell" ], "other": [], "licenses": [ "GNU Affero General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://github.com/lspitzner/brittany", "source": "https://github.com/lspitzner/brittany", "pricing": null, "plans": null, "description": "Haskell source code formatter", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "buf": { "name": "buf", "categories": [ "linter" ], "languages": [], "other": [ "protobuf" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://buf.build", "source": "https://github.com/bufbuild/buf", "pricing": null, "plans": null, "description": "Provides a CLI linter that enforces good API design choices and structure", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "bugprove": { "name": "BugProve", "categories": [ "linter" ], "languages": [ "asm", "c", "cpp" ], "other": [ "binary", "security" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://bugprove.com", "source": null, "pricing": null, "plans": { "free": true }, "description": "BugProve is a firmware analysis platform featuring both static and dynamic analysis techniques to discover memory corruptions, command injections and other classes or common weaknesses in binary code. It also detects vulnerable dependencies, weak cryptographic parameters, misconfigurations, and more.", "discussion": null, "deprecated": true, "resources": [ { "title": "BugProve Product Intro by John Hammond", "url": "https://www.youtube.com/watch?v=orTvsOlFS5k" } ], "reviews": [ "https://www.g2.com/products/bugprove/reviews" ], "demos": null, "wrapper": null }, "bullet": { "name": "Bullet", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [ "rails" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/flyerhzm/bullet", "source": "https://github.com/flyerhzm/bullet", "pricing": null, "plans": null, "description": "Help to kill N+1 queries and unused eager loading.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "bundler-audit": { "name": "bundler-audit", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://github.com/rubysec/bundler-audit", "source": "https://github.com/rubysec/bundler-audit", "pricing": null, "plans": null, "description": "Audit Gemfile.lock for gems with security vulnerabilities reported in [Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "c2rust": { "name": "C2Rust", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://c2rust.com", "source": "https://github.com/immunant/c2rust", "pricing": null, "plans": null, "description": "C2Rust helps you migrate C99-compliant code to Rust. The translator (or transpiler) produces unsafe Rust code that closely mirrors the input C code.", "discussion": null, "deprecated": null, "resources": [ { "title": "RustConf 2018 - C2Rust: Migrating Legacy Code to Rust by Per Larsen", "url": "https://www.youtube.com/watch?v=WEsR0Vv7jhg&t=233s" } ], "reviews": null, "demos": null, "wrapper": null }, "cakefuzzer": { "name": "CakeFuzzer", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "GNU GPL" ], "types": [ "cli" ], "homepage": "https://zigrin.com/tools/cake-fuzzer/", "source": "https://github.com/Zigrin-Security/CakeFuzzer", "pricing": null, "plans": null, "description": "Web application security testing tool for CakePHP-based web applications. CakeFuzzer employs a predefined set of attacks that are randomly modified before execution. Leveraging its deep understanding of the Cake PHP framework, Cake Fuzzer launches attacks on all potential application entry points.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "callgraph": { "name": "callGraph", "categories": [ "linter" ], "languages": [ "awk", "dart", "fortran", "go", "javascript", "julia", "kotlin", "lua", "matlab", "pascal", "perl", "php", "python", "r", "raku", "ruby", "rust", "scala", "shell", "swift", "tcl", "typescript" ], "other": [], "licenses": [ "GNU General Public License" ], "types": [ "cli" ], "homepage": "https://github.com/koknat/callGraph", "source": "https://github.com/koknat/callGraph", "pricing": null, "plans": null, "description": "Statically generates a call graph image and displays it on screen.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cane": { "name": "cane", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/square/cane", "source": "https://github.com/square/cane", "pricing": null, "plans": null, "description": "Code quality threshold checking as part of your build.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cargo-audit": { "name": "cargo-audit", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://rustsec.org", "source": "https://github.com/RustSec/cargo-audit", "pricing": null, "plans": null, "description": "Audit Cargo.lock for crates with security vulnerabilities reported to the [RustSec Advisory Database](https://github.com/RustSec/advisory-db/).", "discussion": null, "deprecated": null, "resources": [ { "title": "Keep your Users Safe and Scan Your Rust Dependencies With This Tool", "url": "https://www.youtube.com/watch?v=V8RfQ0uihzE" }, { "title": "How to audit Rust code in 4 minutes!", "url": "https://www.youtube.com/watch?v=w2Co88TzrsQ" } ], "reviews": null, "demos": null, "wrapper": null }, "cargo-bloat": { "name": "cargo-bloat", "categories": [ "linter" ], "languages": [ "rust" ], "other": [ "binary" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/RazrFalcon/cargo-bloat", "source": "https://github.com/RazrFalcon/cargo-bloat", "pricing": null, "plans": null, "description": "Find out what takes most of the space in your executable. supports ELF (Linux, BSD), Mach-O (macOS) and PE (Windows) binaries.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cargo-breaking": { "name": "cargo-breaking", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MPL-2.0" ], "types": [ "cli" ], "homepage": "https://github.com/iomentum/cargo-breaking", "source": "https://github.com/iomentum/cargo-breaking", "pricing": null, "plans": null, "description": "cargo-breaking compares a crate's public API between two different branches, shows what changed, and suggests the next version according to semver.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cargo-call-stack": { "name": "cargo-call-stack", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Apache-2.0" ], "types": [ "cli" ], "homepage": "https://github.com/japaric/cargo-call-stack", "source": "https://github.com/japaric/cargo-call-stack", "pricing": null, "plans": null, "description": "Whole program static stack analysis The tool produces the full call graph of a program as a dot file.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cargo-deny": { "name": "cargo-deny", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Apache License" ], "types": [ "cli" ], "homepage": "https://embarkstudios.github.io/cargo-deny", "source": "https://github.com/EmbarkStudios/cargo-deny", "pricing": null, "plans": null, "description": "A cargo plugin for linting your dependencies. It can be used either as a command line too, a Rust crate, or a Github action for CI. It checks for valid license information, duplicate crates, security vulnerabilities, and more.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cargo-expand": { "name": "cargo-expand", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/dtolnay/cargo-expand", "source": "https://github.com/dtolnay/cargo-expand", "pricing": null, "plans": null, "description": "Cargo subcommand to show result of macro expansion and #[derive] expansion applied to the current crate. This is a wrapper around a more verbose compiler command.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cargo-geiger": { "name": "cargo-geiger", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/geiger-rs/cargo-geiger", "source": "https://github.com/geiger-rs/cargo-geiger", "pricing": null, "plans": null, "description": "A cargo plugin for analysing the usage of unsafe Rust code Provides statistical output to aid security auditing", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cargo-inspect": { "name": "cargo-inspect", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/mre/cargo-inspect", "source": "https://github.com/mre/cargo-inspect", "pricing": null, "plans": null, "description": "Inspect Rust code without syntactic sugar to see what the compiler does behind the curtains.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cargo-semver-checks": { "name": "cargo-semver-checks", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Apache License (Version 2.0) or MIT" ], "types": [ "cli" ], "homepage": "https://crates.io/crates/cargo-semver-checks", "source": "https://github.com/obi1kenobi/cargo-semver-checks", "pricing": null, "plans": null, "description": "Scan your Rust crate releases for semver violations. It can be used either directly via the CLI, as a GitHub Action in CI, or via release managers like `release-plz`. It found semver violations in [more than 1 in 6 of the top 1000 most-downloaded crates](https://predr.ag/blog/semver-violations-are-common-better-tooling-is-the-answer/) on crates.io.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cargo-show-asm": { "name": "cargo-show-asm", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MIT / Apache 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/pacak/cargo-show-asm", "source": "https://github.com/pacak/cargo-show-asm", "pricing": null, "plans": null, "description": "cargo subcommand showing the assembly, LLVM-IR and MIR generated for Rust code", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cargo-spellcheck": { "name": "cargo-spellcheck", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Apache 2.0 / MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/drahnr/cargo-spellcheck", "source": "https://github.com/drahnr/cargo-spellcheck", "pricing": null, "plans": null, "description": "Checks all your documentation for spelling and grammar mistakes with hunspell (ready) and languagetool (preview)", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cargo-udeps": { "name": "cargo udeps", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MIT License / Apache 2.0 license" ], "types": [ "cli" ], "homepage": "https://github.com/est31/cargo-udeps", "source": "https://github.com/est31/cargo-udeps", "pricing": null, "plans": null, "description": "Find unused dependencies in Cargo.toml. It either prints out a \"unused crates\" line listing the crates, or it prints out a line saying that no crates were unused.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cargo-unused-features": { "name": "cargo-unused-features", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/TimonPost/cargo-unused-features", "source": "https://github.com/TimonPost/cargo-unused-features", "pricing": null, "plans": null, "description": "Find potential unused enabled feature flags and prune them. You can generate a simple HTML report from the json to make it easier to inspect results.\nIt removes a feature of a dependency and then compiles the project to see if it still compiles. If it does, the feature flag can possibly be removed, but it can be a false-positive.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cast-highlight": { "name": "CAST Highlight", "categories": [ "linter" ], "languages": [ "abap", "c", "csharp", "cpp", "cobol", "java", "javascript", "jsp", "php", "plsql", "python", "tsql", "vbasic" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.castsoftware.com/products/highlight", "source": null, "pricing": "https://www.castsoftware.com/products/highlight/pricing#pricing", "plans": null, "description": "Commercial Static Code Analysis which runs locally, but uploads the results to its cloud for presentation.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cbmc": { "name": "CBMC", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "BSD-4-Clause-UC" ], "types": [ "cli" ], "homepage": "http://www.cprover.org/cbmc", "source": "https://github.com/diffblue/cbmc", "pricing": null, "plans": null, "description": "Bounded model-checker for C programs, user-defined assertions, standard assertions, several coverage metric analyses.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cfn-lint": { "name": "cfn-lint", "categories": [ "linter" ], "languages": [], "other": [ "configmanagement" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/awslabs/cfn-python-lint", "source": "https://github.com/awslabs/cfn-python-lint", "pricing": null, "plans": null, "description": "AWS Labs CloudFormation linter.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cfn-nag": { "name": "cfn_nag", "categories": [ "linter" ], "languages": [], "other": [ "configmanagement" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/stelligent/cfn_nag", "source": "https://github.com/stelligent/cfn_nag", "pricing": null, "plans": null, "description": "A linter for AWS CloudFormation templates.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "chart-testing": { "name": "chart-testing", "categories": [ "linter" ], "languages": [], "other": [ "kubernetes" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/helm/chart-testing", "source": "https://github.com/helm/chart-testing", "pricing": null, "plans": null, "description": "ct is the tool for testing Helm charts. It is meant to be used for linting and testing pull requests. It automatically detects charts changed against the target branch.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "checker-framework": { "name": "Checker Framework", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "GPL with Classpath exception / MIT License" ], "types": [ "cli" ], "homepage": "https://checkerframework.org", "source": "https://github.com/typetools/checker-framework", "pricing": null, "plans": null, "description": "Pluggable type-checking for Java. This is not just a bug-finder, but a verification tool that gives a guarantee of correctness. It comes with 27 pre-built type systems, and it enables users to define their own type system; the manual lists over 30 user-contributed type systems.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "checkmake": { "name": "checkmake", "categories": [ "linter" ], "languages": [], "other": [ "buildtool", "make" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/mrtazz/checkmake", "source": "https://github.com/mrtazz/checkmake", "pricing": null, "plans": null, "description": "Linter / Analyzer for Makefiles.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "checkmarx-cxsast": { "name": "Checkmarx CxSAST", "categories": [ "linter" ], "languages": [ "asp", "apex", "c", "csharp", "cpp", "go", "groovy", "java", "javascript", "objectivec", "perl", "php", "python", "ruby", "scala", "swift", "vbscript", "vbasic", "vbnet", "visualforce" ], "other": [ "html", "mobile", "nodejs", "phonegap", "security" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.checkmarx.com/products/static-application-security-testing", "source": null, "pricing": "https://checkmarx.com/packaging/", "plans": { "free": false, "oss": false }, "description": "Commercial Static Code Analysis which doesn't require pre-compilation.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "checkov": { "name": "checkov", "categories": [ "linter" ], "languages": [], "other": [ "configmanagement" ], "licenses": [ "Apache-2.0" ], "types": [ "cli" ], "homepage": "https://www.checkov.io", "source": "https://github.com/bridgecrewio/checkov", "pricing": null, "plans": null, "description": "Static analysis tool for Terraform files (tf>=v0.12), preventing cloud misconfigs at build time.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "checkstyle": { "name": "checkstyle", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://checkstyle.org", "source": "https://github.com/checkstyle/checkstyle", "pricing": null, "plans": null, "description": "Checking Java source code for adherence to a Code Standard or set of validation rules (best practices).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "chktex": { "name": "ChkTeX", "categories": [ "linter" ], "languages": [], "other": [ "latex" ], "licenses": [ "GNU Public License version 2 or greater" ], "types": [ "cli" ], "homepage": "http://www.nongnu.org/chktex", "source": "http://git.savannah.nongnu.org/cgit/chktex.git", "pricing": null, "plans": null, "description": "A linter for LaTex which catches some typographic errors LaTeX oversees.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "churn": { "name": "Churn", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/danmayer/churn", "source": "https://github.com/danmayer/churn", "pricing": null, "plans": null, "description": "A Project to give the churn file, class, and method for a project for a given checkin. Over time the tool adds up the history of churns to give the number of times a file, class, or method is changing during the life of a project.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "churn-php": { "name": "churn-php", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/bmitch/churn-php", "source": "https://github.com/bmitch/churn-php", "pricing": null, "plans": null, "description": "Helps discover good candidates for refactoring.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ciocheck": { "name": "ciocheck", "categories": [ "formatter", "meta" ], "languages": [ "python" ], "other": [ "meta" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/ContinuumIO/ciocheck", "source": "https://github.com/ContinuumIO/ciocheck", "pricing": null, "plans": null, "description": "Linter, formatter and test suite helper. As a linter, it is a wrapper around `pep8`, `pydocstyle`, `flake8`, and `pylint`.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ck": { "name": "ck", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/mauricioaniche/ck", "source": "https://github.com/mauricioaniche/ck", "pricing": null, "plans": null, "description": "Calculates Chidamber and Kemerer object-oriented metrics by processing the source Java files.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ckjm": { "name": "ckjm", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "http://www.spinellis.gr/sw/ckjm", "source": "https://github.com/dspinellis/ckjm", "pricing": null, "plans": null, "description": "Calculates Chidamber and Kemerer object-oriented metrics by processing the bytecode of compiled Java files.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "clair": { "name": "clair", "categories": [ "linter" ], "languages": [], "other": [ "container" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/coreos/clair", "source": "https://github.com/coreos/clair", "pricing": null, "plans": null, "description": "Vulnerability Static Analysis for Containers.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "clang-tidy": { "name": "clang-tidy", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "Apache License v2.0 with LLVM Exceptions" ], "types": [ "cli" ], "homepage": "https://clang.llvm.org/extra/clang-tidy", "source": "https://clang.llvm.org/extra/clang-tidy", "pricing": null, "plans": null, "description": "Clang-based C++ linter tool with the (limited) ability to fix issues, too.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "classgraph": { "name": "ClassGraph", "categories": [ "linter" ], "languages": [ "groovy", "java", "kotlin" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/classgraph/classgraph", "source": "https://github.com/classgraph/classgraph", "pricing": null, "plans": null, "description": "A classpath and module path scanner for querying or visualizing class metadata or class relatedness.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "clayton": { "name": "Clayton", "categories": [ "linter" ], "languages": [ "apex", "lwc", "visualforce" ], "other": [], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.getclayton.com/", "source": null, "pricing": "https://www.getclayton.com/pricing", "plans": null, "description": "AI-powered code reviews for Salesforce. Secure your developments, enforce best practice and control your technical debt in real-time.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "clazy": { "name": "clazy", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "LGPL" ], "types": [ "cli" ], "homepage": "https://github.com/KDE/clazy", "source": "https://github.com/KDE/clazy", "pricing": null, "plans": null, "description": "Qt-oriented static code analyzer based on the Clang framework. clazy is a compiler plugin which allows clang to understand Qt semantics. You get more than 50 Qt related compiler warnings, ranging from unneeded memory allocations to misusage of API, including fix-its for automatic refactoring.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "clippy": { "name": "clippy", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Apache-2.0, MIT license" ], "types": [ "cli" ], "homepage": "https://rust-lang.github.io/rust-clippy", "source": "https://github.com/rust-lang/rust-clippy", "pricing": null, "plans": null, "description": "A code linter to catch common mistakes and improve your Rust code.", "discussion": null, "deprecated": null, "resources": [ { "title": "Rust For Beginners Tutorial - Linting with Clippy", "url": "https://www.youtube.com/watch?v=BE9KY6X7aUM" }, { "title": "Easy Rust 096: Final example of iterators and quick look at clippy", "url": "https://www.youtube.com/watch?v=OgcrRt84bUY" } ], "reviews": null, "demos": [ "https://play.rust-lang.org" ], "wrapper": null }, "clj-kondo": { "name": "clj-kondo", "categories": [ "linter" ], "languages": [ "clojure" ], "other": [], "licenses": [ "Eclipse Public License 1.0" ], "types": [ "cli" ], "homepage": "https://github.com/borkdude/clj-kondo", "source": "https://github.com/borkdude/clj-kondo", "pricing": null, "plans": null, "description": "A linter for Clojure code that sparks joy. It informs you about potential errors while you are typing.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "closure-compiler": { "name": "Closure Compiler", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://developers.google.com/closure/compiler", "source": "https://github.com/google/closure-compiler", "pricing": null, "plans": null, "description": "A compiler tool to increase efficiency, reduce size, and provide code warnings in JavaScript files.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "closurelinter": { "name": "ClosureLinter", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/google/closure-linter", "source": "https://github.com/google/closure-linter", "pricing": null, "plans": null, "description": "Ensures that all of your project's JavaScript code follows the guidelines in the Google JavaScript Style Guide. It can also automatically fix many common errors.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cloud-iac-security-for-jetbrains-ides": { "name": "Cloud (IaC) Security for JetBrains IDEs", "categories": [ "linter" ], "languages": [], "other": [ "dockerfile", "kubernetes", "security" ], "licenses": [ "MIT" ], "types": [ "ide-plugin" ], "homepage": "https://plugins.jetbrains.com/plugin/25413-cloud-iac-security", "source": "https://github.com/NordCoderd/cloud-security-plugin", "pricing": null, "plans": null, "description": "Cloud (IaC) Security plugin for JetBrains IDEs. Performs real-time inspections of Docker & Kubernetes IaC with 50+ rules based on Docker image/build security best practices, Kubernetes Pod Security Standards, and NSA/CISA Kubernetes Hardening Guidance.", "discussion": null, "deprecated": null, "resources": [ { "title": "Bundled-rules documentation", "url": "https://protsenko.dev/infrastructure-security/" } ], "reviews": null, "demos": null, "wrapper": null }, "clusterlint": { "name": "clusterlint", "categories": [ "linter" ], "languages": [], "other": [ "kubernetes" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/digitalocean/clusterlint", "source": "https://github.com/digitalocean/clusterlint", "pricing": null, "plans": null, "description": "Clusterlint queries live Kubernetes clusters for resources, executes common and platform specific checks against these resources and provides actionable feedback to cluster operators. It is a non invasive tool that is run externally. Clusterlint does not alter the resource configurations.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cmetrics": { "name": "CMetrics", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "GNU General Public License v2.0" ], "types": [ "cli" ], "homepage": "https://github.com/MetricsGrimoire/CMetrics", "source": "https://github.com/MetricsGrimoire/CMetrics", "pricing": null, "plans": null, "description": "Measures size and complexity for C files.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "coala": { "name": "coala", "categories": [ "linter" ], "languages": [ "c", "cpp", "java", "javascript" ], "other": [ "css" ], "licenses": [ "AGPL-3.0-only" ], "types": [ "cli" ], "homepage": "https://github.com/coala/coala", "source": "https://github.com/coala/coala", "pricing": null, "plans": null, "description": "Language independent framework for creating code analysis - supports over 60 languages by default.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cobra": { "name": "Cobra", "categories": [ "linter" ], "languages": [ "ada", "c", "cpp", "python" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://spinroot.com/cobra", "source": null, "pricing": null, "plans": { "free": true, "oss": true }, "description": "Structural source code analyzer by NASA's Jet Propulsion Laboratory.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "codacy": { "name": "Codacy", "categories": [ "linter" ], "languages": [ "apex", "csharp", "cpp", "coffeescript", "crystal", "elixir", "go", "groovy", "java", "javascript", "jsp", "kotlin", "php", "plsql", "python", "ruby", "scala", "shell", "swift", "tsql", "typescript", "vbscript", "visualforce" ], "other": [ "css", "json", "markdown", "xml" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.codacy.com", "source": null, "pricing": "https://www.codacy.com/pricing", "plans": { "free": false, "oss": true }, "description": "Code Analysis to ship Better Code, Faster.", "discussion": null, "deprecated": null, "resources": [ { "title": "Automate your code quality with Codacy Static Analysis Tool", "url": "https://www.youtube.com/watch?v=oxqTu2ouxaw" }, { "title": "A founder's journey - Codacy", "url": "https://www.youtube.com/watch?v=lVxkD_bmbFY" } ], "reviews": null, "demos": null, "wrapper": null }, "code-climate": { "name": "Code Climate", "categories": [ "linter" ], "languages": [], "other": [ "ci" ], "licenses": [ "AGPL-3.0 License" ], "types": [ "service" ], "homepage": "https://codeclimate.com", "source": "https://github.com/codeclimate/codeclimate", "pricing": null, "plans": null, "description": "The open and extensible static analysis platform, for everyone.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "code-cracker": { "name": "code-cracker", "categories": [ "linter" ], "languages": [ "csharp" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://code-cracker.github.io", "source": "https://github.com/code-cracker/code-cracker", "pricing": null, "plans": null, "description": "An analyzer library for C# and VB that uses Roslyn to produce refactorings, code analysis, and other niceties.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "code-graph-rag": { "name": "Code-Graph-RAG", "categories": [ "meta" ], "languages": [ "cpp", "go", "java", "javascript", "lua", "python", "rust", "scala", "typescript" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://code-graph-rag.com", "source": "https://github.com/vitali87/code-graph-rag", "pricing": null, "plans": null, "description": "Builds knowledge graphs from multi-language codebases using Tree-sitter AST parsing and stores them in Memgraph. Supports 11 programming languages with a unified graph schema and enables natural language querying and editing of code structure and relationships. Functions as an MCP server for AI assistant integration.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "code-intelligence": { "name": "Code Intelligence", "categories": [ "linter" ], "languages": [ "c", "cpp", "go", "java" ], "other": [ "security" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.code-intelligence.com", "source": null, "pricing": "https://www.code-intelligence.com/product-pricing", "plans": { "free": false, "oss": true }, "description": "CI/CD-agnostic DevSecOps platform which combines industry-leading fuzzing engines for finding bugs and visualizing code coverage", "discussion": null, "deprecated": null, "resources": [ { "title": "Code Intelligence | Introduction", "url": "https://www.youtube.com/watch?v=Qfsz_ZTKM6Y" } ], "reviews": null, "demos": null, "wrapper": null }, "code-pathfinder": { "name": "Code Pathfinder", "categories": [ "linter" ], "languages": [ "python" ], "other": [ "container", "ci", "dockerfile", "security" ], "licenses": [ "AGPL-3.0" ], "types": [ "cli" ], "homepage": "https://codepathfinder.dev", "source": "https://github.com/shivasurya/code-pathfinder", "pricing": null, "plans": null, "description": "An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced structural search, derive insights, find vulnerabilities in code.", "discussion": null, "deprecated": null, "resources": [ { "title": "Code Pathfinder Rules Registry", "url": "https://codepathfinder.dev/registry" } ], "reviews": null, "demos": null, "wrapper": null }, "codeac": { "name": "Codeac", "categories": [ "linter" ], "languages": [ "go", "java", "javascript", "php", "python", "ruby", "typescript" ], "other": [ "container", "ci" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.codeac.io/?ref=awesome-static-analysis", "source": null, "pricing": "https://www.codeac.io/pricing.html", "plans": { "free": true, "oss": true }, "description": "Automated code review tool integrates with GitHub, Bitbucket and GitLab (even self-hosted). Available for JavaScript, TypeScript, Python, Ruby, Go, PHP, Java, Docker, and more. (open-source free)", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "codeburner": { "name": "codeburner", "categories": [ "meta" ], "languages": [ "c", "cpp", "java", "javascript", "php" ], "other": [ "meta" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://groupon.github.io/codeburner", "source": "https://github.com/groupon/codeburner", "pricing": null, "plans": null, "description": "Provides a unified interface to sort and act on the issues it finds.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "codechecker": { "name": "codechecker", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [ "buildtool" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://codechecker.readthedocs.io/en/latest", "source": "https://github.com/Ericsson/codechecker", "pricing": null, "plans": null, "description": "A defect database and viewer extension for the Clang Static Analyzer with web GUI.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "codecov": { "name": "Codecov", "categories": [ "linter" ], "languages": [], "other": [ "ci" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://about.codecov.io/", "source": null, "pricing": "https://about.codecov.io/pricing/", "plans": { "free": true, "oss": true }, "description": "Codecov is a company that provides code coverage tools for developers and engineering leaders to gain visibility into their code coverage.\nThey offer flexible and unified reporting, seamless coverage insights, and robust coverage controls. Codecov supports over 20 languages and is CI/CD agnostic. Over 29,000 organizations and 1 million developers use Codecov. Codecov has recently joined Sentry.", "discussion": null, "deprecated": null, "resources": [ { "title": "Codecov Overview", "url": "https://www.youtube.com/watch?v=wwFookaYHoo" }, { "title": "Codecov Onboarding 1: Account Creation", "url": "https://www.youtube.com/watch?v=8xToLcchs4Y" }, { "title": "Codecov Github Tutorial/Demo", "url": "https://docs.codecov.com/docs/github-tutorial" } ], "reviews": [ "https://www.g2.com/products/codecov/reviews" ], "demos": null, "wrapper": null }, "codedepends": { "name": "CodeDepends", "categories": [ "linter" ], "languages": [ "r" ], "other": [], "licenses": [ "GPL" ], "types": [ "cli" ], "homepage": "https://github.com/duncantl/CodeDepends", "source": "https://github.com/duncantl/CodeDepends", "pricing": null, "plans": null, "description": "Static Code Analysis for R.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "codefactor": { "name": "CodeFactor", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "coffeescript", "dart", "go", "groovy", "java", "javascript", "kotlin", "php", "powershell", "python", "r", "ruby", "scala", "shell", "swift", "typescript" ], "other": [ "container", "ci", "css", "html", "vue", "yaml" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://codefactor.io", "source": null, "pricing": "https://codefactor.io/pricing", "plans": { "free": false, "oss": true }, "description": "Automated Code Analysis for repos on GitHub or BitBucket.", "discussion": null, "deprecated": null, "resources": [ { "title": "Getting started with CodeFactor.io", "url": "https://www.youtube.com/watch?v=0wL1bgoya2U" } ], "reviews": null, "demos": null, "wrapper": null }, "codeflow": { "name": "CodeFlow", "categories": [ "linter" ], "languages": [ "java", "javascript", "php", "python", "ruby", "typescript" ], "other": [ "container", "ci", "css" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.getcodeflow.com", "source": null, "pricing": "https://www.getcodeflow.com", "plans": { "free": false, "oss": true }, "description": "Automated code analysis tool to deal with technical depth. Integrates with Bitbucket and Gitlab. (free for Open Source Projects)", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "codelyzer": { "name": "Codelyzer", "categories": [ "linter" ], "languages": [ "typescript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "http://codelyzer.com", "source": "https://github.com/mgechev/codelyzer", "pricing": null, "plans": null, "description": "A set of tslint rules for static code analysis of Angular 2 TypeScript projects.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "codemodder": { "name": "Codemodder", "categories": [ "linter" ], "languages": [ "java", "python" ], "other": [], "licenses": [ "GNU AFFERO GENERAL PUBLIC LICENSE 3.0" ], "types": [ "cli" ], "homepage": "https://codemodder.io/", "source": "https://github.com/pixee/codemodder-java", "pricing": null, "plans": null, "description": "Codemodder is a pluggable framework for building expressive codemods. Use Codemodder when you need more than a linter or code formatting tool. Use it to fix non-trivial security issues and other code quality problems.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "codenarc": { "name": "CodeNarc", "categories": [ "linter" ], "languages": [ "groovy" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://codenarc.github.io/CodeNarc", "source": "https://github.com/CodeNarc/CodeNarc", "pricing": null, "plans": null, "description": "A static analysis tool for Groovy source code, enabling monitoring and enforcement of many coding standards and best practices.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "codeql": { "name": "codeql", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "java", "javascript", "python", "typescript" ], "other": [ "ci", "security" ], "licenses": [ "MIT" ], "types": [ "service", "ide-plugin" ], "homepage": "https://github.com/github/codeql", "source": null, "pricing": null, "plans": null, "description": "Deep code analysis - semantic queries and dataflow for several languages with VSCode plugin support.", "discussion": null, "deprecated": null, "resources": [ { "title": "Community-powered security analysis with CodeQL - GitHub Universe 2020", "url": "https://www.youtube.com/watch?v=Y6PjAaZKNYk" }, { "title": "Continuous code analysis with CodeQL", "url": "https://www.youtube.com/watch?v=KEPiDz2oO-I" } ], "reviews": null, "demos": null, "wrapper": null }, "codeque": { "name": "CodeQue", "categories": [ "linter" ], "languages": [ "javascript", "jsx", "lua", "python", "typescript" ], "other": [ "json" ], "licenses": [ "Sustainable Use License" ], "types": [ "cli", "ide-plugin" ], "homepage": "https://codeque.co", "source": "https://github.com/codeque-co/codeque", "pricing": null, "plans": null, "description": "Ecosystem for structural matching JavaScript and TypeScript code. Offers search tool that understands code structure. Available as CLI tool and Visual Studio Code extension. It helps to search code faster and more accurately making you workflow more effective. Soon it will offer ESLint plugin to create your own rules in minutes to help with assuring codebase quality.", "discussion": null, "deprecated": null, "resources": [ { "title": "Documentation", "url": "https://codeque.co/docs" }, { "title": "Visual Studio Code Extension", "url": "https://codeque.co/r/vsc" }, { "title": "CLI via NPM", "url": "https://www.npmjs.com/package/@codeque/cli" }, { "title": "Core via NPM", "url": "https://www.npmjs.com/package/@codeque/core" } ], "reviews": null, "demos": null, "wrapper": null }, "coderabbit": { "name": "CodeRabbit", "categories": [ "linter" ], "languages": [], "other": [ "ci" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://coderabbit.ai", "source": "https://github.com/coderabbitai", "pricing": "https://coderabbit.ai/pricing", "plans": { "free": true, "oss": true }, "description": "AI-powered code review tool that helps developers write better code faster. CodeRabbit provides automated code reviews, identifies security vulnerabilities, and suggests code improvements. It integrates with GitHub and GitLab.", "discussion": null, "deprecated": null, "resources": [ { "title": "AI Code Reviews Demo", "url": "https://www.youtube.com/watch?v=3SyUOSebG7E" } ], "reviews": null, "demos": null, "wrapper": null }, "coderush": { "name": "CodeRush", "categories": [ "linter" ], "languages": [ "dotnet", "aspnet", "csharp" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.devexpress.com/products/coderush", "source": null, "pricing": "https://www.devexpress.com/buy/net/", "plans": null, "description": "Code creation, debugging, navigation, refactoring, analysis and visualization tools that use the Roslyn engine in Visual Studio 2015 and up.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "codescan": { "name": "CodeScan", "categories": [ "linter" ], "languages": [ "apex", "lwc", "visualforce" ], "other": [], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.codescan.io/", "source": null, "pricing": "https://www.codescan.io/pricing", "plans": null, "description": "Code Quality and Security for Salesforce Developers. Made exclusively for the Salesforce platform, CodeScan’s code analysis solutions provide you with total visibility into your code health.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "codescene": { "name": "CodeScene", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "clojure", "dart", "elixir", "erlang", "go", "groovy", "java", "javascript", "kotlin", "perl", "php", "powershell", "python", "ruby", "scala", "swift", "typescript" ], "other": [], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://codescene.com", "source": null, "pricing": "https://codescene.com/pricing", "plans": { "free": false, "oss": true }, "description": "CodeScene is a quality visualization tool for software. Prioritize technical debt, detect delivery risks, and measure organizational aspects. Fully automated.", "discussion": null, "deprecated": null, "resources": [ { "title": "CodeScene Introduction - short video with the essentials of CodeScene", "url": "https://www.youtube.com/watch?v=4Mwv-Swxo84" }, { "title": "Augmented Code Analysis with CodeScene", "url": "https://www.youtube.com/watch?v=c2lqk98bC00" }, { "title": "Beyond code: interview with Adam Tornhill about CodeScene", "url": "https://www.youtube.com/watch?v=tbCA2JiO_K8" } ], "reviews": [ "https://www.capterra.com/p/193379/CodeScene/" ], "demos": null, "wrapper": null }, "codesee": { "name": "CodeSee", "categories": [ "linter" ], "languages": [ "go", "java", "javascript", "python", "rust", "typescript" ], "other": [], "licenses": [ "proprietary" ], "types": [ "service", "ide-plugin" ], "homepage": "https://www.codesee.io/", "source": null, "pricing": "https://www.codesee.io/pricing", "plans": { "free": true, "oss": false }, "description": "CodeSee is mapping and automating your app's services, directories, file dependencies, and code changes. It's like Google Map, but for code.t", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": [ "https://www.codesee.io/maps-demos" ], "wrapper": null }, "codesonar-from-grammatech": { "name": "CodeSonar from GrammaTech", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "java" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://codesecure.com/our-products/codesonar/", "source": null, "pricing": "https://codesecure.com/trial-request/", "plans": { "free": false, "oss": false }, "description": "Advanced, whole program, deep path, static analysis of C, C++, Java and C# with easy-to-understand explanations and code and path visualization.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "codespell": { "name": "codespell", "categories": [ "linter" ], "languages": [], "other": [ "writing" ], "licenses": [ "GNU General Public License v2.0" ], "types": [ "cli" ], "homepage": "https://github.com/codespell-project/codespell", "source": "https://github.com/codespell-project/codespell", "pricing": null, "plans": null, "description": "Check code for common misspellings.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "codety": { "name": "Codety", "categories": [ "linter" ], "languages": [ "cpp", "go", "java", "javascript", "jsp", "kotlin", "plsql", "python", "scala", "swift", "typescript" ], "other": [ "ci", "json" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.codety.io", "source": "https://github.com/codetyio/codety-scanner", "pricing": "https://www.codety.io", "plans": { "free": true, "oss": true }, "description": "Codety Scanner is a comprehensive source code scanner that embeds 5000+ static code analysis rules, which aim to detect code issues for 20+ programming languages and IaC tools.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "codiga": { "name": "Codiga", "categories": [ "linter" ], "languages": [ "apex", "c", "cpp", "go", "java", "javascript", "kotlin", "php", "python", "ruby", "scala", "typescript" ], "other": [ "ci", "dockerfile" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.codiga.io", "source": null, "pricing": "https://www.codiga.io/pricing", "plans": { "free": true, "oss": false }, "description": "Automated Code Reviews and Technical Debt management platform that supports 12+ languages.", "discussion": null, "deprecated": null, "resources": [ { "title": "Codiga Code Analysis Demonstration", "url": "https://www.youtube.com/watch?v=hQ_BjDYlsCU" }, { "title": "Codiga Coding Assistant", "url": "https://www.youtube.com/watch?v=alS_h2ig7ZI" } ], "reviews": [ "https://www.capterra.com/p/234335/Codiga/" ], "demos": null, "wrapper": null }, "coffeelint": { "name": "coffeelint", "categories": [ "linter" ], "languages": [ "coffeescript" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://coffeelint.github.io/", "source": "https://github.com/clutchski/coffeelint", "pricing": null, "plans": null, "description": "A style checker that helps keep CoffeeScript code clean and consistent.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cognicrypt": { "name": "CogniCrypt", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "Eclipse Public License 2.0" ], "types": [ "cli" ], "homepage": "https://www.eclipse.org/cognicrypt", "source": "https://github.com/eclipse-cognicrypt/CogniCrypt", "pricing": null, "plans": null, "description": "Checks Java source and byte code for incorrect uses of cryptographic APIs.", "discussion": null, "deprecated": true, "resources": [ { "title": "Tutorial: CogniCrypt basics, and how to integrate your own Crypto APIs into CognICrypt", "url": "https://www.youtube.com/watch?v=vOZKN8yQcAY" } ], "reviews": null, "demos": null, "wrapper": null }, "cohesion": { "name": "cohesion", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://github.com/mschwager/cohesion", "source": "https://github.com/mschwager/cohesion", "pricing": null, "plans": null, "description": "A tool for measuring Python class cohesion.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "collector": { "name": "collector", "categories": [ "formatter" ], "languages": [], "other": [ "container" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/banyanops/collector", "source": "https://github.com/banyanops/collector", "pricing": null, "plans": null, "description": "Run arbitrary scripts inside containers, and gather useful information.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "commitlint": { "name": "commitlint", "categories": [ "linter" ], "languages": [], "other": [ "git" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://commitlint.js.org", "source": "https://github.com/conventional-changelog/commitlint", "pricing": null, "plans": null, "description": "checks if your commit messages meet the conventional commit format", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "complexity-report": { "name": "complexity-report", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/escomplex/complexity-report", "source": "https://github.com/escomplex/complexity-report", "pricing": null, "plans": null, "description": "Software complexity analysis for JavaScript projects.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "composer-dependency-analyser": { "name": "composer-dependency-analyser", "categories": [ "linter" ], "languages": [ "php" ], "other": [ "ci", "package" ], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/shipmonk-rnd/composer-dependency-analyser", "source": "https://github.com/shipmonk-rnd/composer-dependency-analyser", "pricing": null, "plans": null, "description": "Fast detection of composer dependency issues.\n\n* 💪 Powerful: Detects unused, shadow and misplaced composer dependencies\n* ⚡ Performant: Scans 15 000 files in 2s!\n* ⚙️ Configurable: Fine-grained ignores via PHP config\n* 🕸️ Lightweight: No composer dependencies\n* 🍰 Easy-to-use: No config needed for first try\n* ✨ Compatible: PHP >= 7.2\n", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cookstyle": { "name": "cookstyle", "categories": [ "linter" ], "languages": [], "other": [ "configmanagement" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://docs.chef.io/cookstyle.html", "source": "https://github.com/chef/cookstyle", "pricing": null, "plans": null, "description": "Cookstyle is a linting tool based on the RuboCop Ruby linting tool for Chef cookbooks.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "corgea": { "name": "Corgea", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "go", "java", "javascript", "kotlin", "php", "python", "ruby", "typescript" ], "other": [ "ci", "security" ], "licenses": [ "proprietary" ], "types": [ "cli", "service" ], "homepage": "https://corgea.com/", "source": null, "pricing": "https://corgea.com/pricing", "plans": { "free": true, "oss": false }, "description": "Corgea is an AI-powered SAST scanner that helps developers find and fix insecure code. It finds business logic flaws, broken authentication, API vulnerabilities, and more with little false positives. Additionally, it automatically writes security fixes for them to approve. Corgea integrates with GitHub, GitLab, Azure DevOps, IDEs and CLI. It is free to try it.", "discussion": null, "deprecated": null, "resources": [ { "title": "Product homepage", "url": "https://corgea.com/" }, { "title": "Corgea Docs", "url": "https://docs.corgea.app/" } ], "reviews": null, "demos": null, "wrapper": null }, "corrode": { "name": "Corrode", "categories": [ "linter" ], "languages": [ "c", "cpp", "rust" ], "other": [], "licenses": [ "GNU General Public License v2.0" ], "types": [ "cli" ], "homepage": "https://github.com/jameysharp/corrode", "source": "https://github.com/jameysharp/corrode", "pricing": null, "plans": null, "description": "Semi-automatic translation from C to Rust. Could reveal bugs in the original implementation by showing Rust compiler warnings and errors. Superseded by C2Rust.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "coverity": { "name": "Coverity", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "fortran", "java", "javascript", "php", "python", "scala", "typescript", "vbnet" ], "other": [ "rails", "security" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html", "source": null, "pricing": "https://www.synopsys.com/software-integrity/contact-sales.html", "plans": { "free": false, "oss": true }, "description": "Synopsys Coverity supports 20 languages and over 70 frameworks including Ruby on rails, Scala, PHP, Python, JavaScript, TypeScript, Java, Fortran, C, C++, C#, VB.NET.", "discussion": null, "deprecated": null, "resources": [ { "title": "Coverity - Static Analysis by Synopsys", "url": "https://www.youtube.com/watch?v=FZ-ySGEcD0c" }, { "title": "Checkmarx - Source Code Analysis Made Easy 2017", "url": "https://www.youtube.com/watch?v=zo1pCl6yQ34" } ], "reviews": [ "https://www.g2.com/products/coverity/reviews", "https://www.gartner.com/reviews/market/application-security-testing/vendor/synopsys/product/coverity-sast", "https://www.peerspot.com/products/coverity-reviews" ], "demos": null, "wrapper": null }, "cpachecker": { "name": "CPAchecker", "categories": [ "linter" ], "languages": [ "c" ], "other": [], "licenses": [ "Apache 2.0 License" ], "types": [ "cli" ], "homepage": "https://cpachecker.sosy-lab.org", "source": "https://cpachecker.sosy-lab.org/download.php", "pricing": null, "plans": null, "description": "A tool for configurable software verification of C programs. The name CPAchecker was chosen to reflect that the tool is based on the CPA concepts and is used for checking software programs.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cpp-linter-action": { "name": "cpp-linter-action", "categories": [ "linter" ], "languages": [ "c", "cpp", "python" ], "other": [ "ci" ], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://cpp-linter.github.io/cpp-linter-action/", "source": "https://github.com/cpp-linter/cpp-linter-action", "pricing": null, "plans": null, "description": "A Github Action for linting C/C++ code integrating clang-tidy and clang-format to collect feedback provided in the form of thread comments and/or annotations.", "discussion": null, "deprecated": null, "resources": [ { "title": "C/C++ Lint Action introduction", "url": "https://github.com/cpp-linter/cpp-linter-action" } ], "reviews": null, "demos": null, "wrapper": null }, "cppcheck": { "name": "cppcheck", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://cppcheck.sourceforge.io", "source": "https://github.com/danmar/cppcheck", "pricing": null, "plans": null, "description": "Static analysis of C/C++ code.", "discussion": null, "deprecated": null, "resources": [ { "title": "Cppcheck introduction", "url": "https://www.viva64.com/en/t/0083/" }, { "title": "Using cppcheck for C & C++ Static Analysis", "url": "https://www.youtube.com/watch?v=oJ8SXVoefaA" } ], "reviews": [ "https://sourceforge.net/projects/cppcheck/reviews/" ], "demos": [ "https://cppcheck.sourceforge.io/demo/", "https://www.g2.com/products/cppcheck/reviews" ], "wrapper": null }, "cppdepend": { "name": "CppDepend", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.cppdepend.com", "source": null, "pricing": "https://www.cppdepend.com/purchase", "plans": null, "description": "Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity.", "discussion": null, "deprecated": false, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cpplint": { "name": "cpplint", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "Apache-2.0" ], "types": [ "cli" ], "homepage": "https://github.com/cpplint/cpplint", "source": "https://github.com/cpplint/cpplint", "pricing": null, "plans": null, "description": "Automated C++ checker that follows Google's style guide.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cqc": { "name": "cqc", "categories": [ "linter" ], "languages": [ "javascript", "jsx" ], "other": [ "css", "less", "vue" ], "licenses": [ "BSD-3-Clause (original text)" ], "types": [ "cli" ], "homepage": "https://github.com/xcatliu/cqc", "source": "https://github.com/xcatliu/cqc", "pricing": null, "plans": null, "description": "Check your code quality for js, jsx, vue, css, less, scss, sass and styl files.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cqmetrics": { "name": "cqmetrics", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/dspinellis/cqmetrics", "source": "https://github.com/dspinellis/cqmetrics", "pricing": null, "plans": null, "description": "Quality metrics for C code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "credential-digger": { "name": "Credential Digger", "categories": [ "linter" ], "languages": [], "other": [ "security" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/SAP/credential-digger", "source": "https://github.com/SAP/credential-digger", "pricing": null, "plans": null, "description": "Credential Digger is a GitHub scanning tool that identifies hardcoded credentials (Passwords, API Keys, Secret Keys, Tokens, personal information, etc), and filtering the false positive data through a machine learning model called [Password Model](https://huggingface.co/SAPOSS/password-model). This scanner is able to detect passwords and non structured tokens with a low false positive rate. ", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "credo": { "name": "credo", "categories": [ "linter" ], "languages": [ "elixir" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/rrrene/credo", "source": "https://github.com/rrrene/credo", "pricing": null, "plans": null, "description": "A static code analysis tool with a focus on code consistency and teaching.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "crystal": { "name": "crystal", "categories": [ "linter" ], "languages": [ "crystal" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://crystal-lang.org", "source": "https://github.com/crystal-lang/crystal", "pricing": null, "plans": null, "description": "The Crystal compiler has built-in linting functionality.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cscout": { "name": "CScout", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://www.spinellis.gr/cscout", "source": "https://github.com/dspinellis/cscout", "pricing": null, "plans": null, "description": "Complexity and quality metrics for C and C preprocessor code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "csharpessentials": { "name": "CSharpEssentials", "categories": [ "linter" ], "languages": [ "csharp" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/DustinCampbell/CSharpEssentials", "source": "https://github.com/DustinCampbell/CSharpEssentials", "pricing": null, "plans": null, "description": "C# Essentials is a collection of Roslyn diagnostic analyzers, code fixes and refactorings that make it easy to work with C# 6 language features.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "css-stats": { "name": "CSS Stats", "categories": [ "linter" ], "languages": [], "other": [ "css" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://cssstats.com", "source": "https://github.com/cssstats/cssstats", "pricing": null, "plans": null, "description": "Potentially interesting stats on stylesheets.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "csscomb": { "name": "CSScomb", "categories": [ "formatter" ], "languages": [], "other": [ "css" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/csscomb/csscomb.js", "source": "https://github.com/csscomb/csscomb.js", "pricing": null, "plans": null, "description": "A coding style formatter for CSS. Supports own configurations to make style sheets beautiful and consistent.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "csslint": { "name": "CSSLint", "categories": [ "linter" ], "languages": [], "other": [ "css" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "http://csslint.net", "source": "https://github.com/CSSLint/csslint", "pricing": null, "plans": null, "description": "Does basic syntax checking and finds problematic patterns or signs of inefficiency.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cwe-checker": { "name": "cwe_checker", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "GNU Lesser General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://github.com/fkie-cad/cwe_checker", "source": "https://github.com/fkie-cad/cwe_checker", "pricing": null, "plans": null, "description": "cwe_checker finds vulnerable patterns in binary executables.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cyclocomp": { "name": "cyclocomp", "categories": [ "linter" ], "languages": [ "r" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/MangoTheCat/cyclocomp", "source": "https://github.com/MangoTheCat/cyclocomp", "pricing": null, "plans": null, "description": "Quantifies the cyclomatic complexity of R functions / expressions.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "d-scanner": { "name": "D-scanner", "categories": [ "linter" ], "languages": [ "dlang" ], "other": [], "licenses": [ "Boost Software License 1.0" ], "types": [ "cli" ], "homepage": "https://github.com/dlang-community/D-Scanner", "source": "https://github.com/dlang-community/D-Scanner", "pricing": null, "plans": null, "description": "D-Scanner is a tool for analyzing D source code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dagda": { "name": "dagda", "categories": [ "linter" ], "languages": [], "other": [ "container" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/eliasgranderubio/dagda", "source": "https://github.com/eliasgranderubio/dagda", "pricing": null, "plans": null, "description": "Perform static analysis of known vulnerabilities in docker images/containers.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dart-code-metrics": { "name": "Dart Code Metrics", "categories": [ "linter" ], "languages": [ "dart" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://pub.dev/packages/dart_code_metrics", "source": "https://github.com/dart-code-checker/dart-code-metrics", "pricing": null, "plans": null, "description": "Additional linter for Dart. Reports code metrics, checks for anti-patterns and provides additional rules for Dart analyzer.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "databaseconsistency": { "name": "DatabaseConsistency", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [ "rails" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/djezzzl/database_consistency", "source": "https://github.com/djezzzl/database_consistency", "pricing": null, "plans": null, "description": "The tool to avoid various issues due to inconsistencies and inefficiencies between a database schema and application models.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dataflow-framework": { "name": "Dataflow Framework", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "GPL with Classpath exception / MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/typetools/checker-framework", "source": "https://github.com/typetools/checker-framework", "pricing": null, "plans": null, "description": "An industrial-strength dataflow framework for Java. The Dataflow Framework is used in the Checker Framework, Google’s Error Prone, Uber’s NullAway, Meta’s Nullsafe, and in other contexts. It is distributed with the Checker Framework.", "discussion": null, "deprecated": null, "resources": [ { "title": "User Manual", "url": "https://checkerframework.org/manual/checker-framework-dataflow-manual.pdf" } ], "reviews": null, "demos": null, "wrapper": null }, "datree": { "name": "Datree", "categories": [ "linter" ], "languages": [], "other": [ "kubernetes", "security" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://datree.io/", "source": "https://github.com/datreeio/datree", "pricing": null, "plans": null, "description": "A CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dawnscanner": { "name": "dawnscanner", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [ "rails" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/thesp0nge/dawnscanner", "source": "https://github.com/thesp0nge/dawnscanner", "pricing": null, "plans": null, "description": "A static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dbcritic": { "name": "dbcritic", "categories": [ "linter" ], "languages": [ "sql" ], "other": [], "licenses": [ "BSD-3-Clause License" ], "types": [ "cli" ], "homepage": "https://github.com/channable/dbcritic", "source": "https://github.com/channable/dbcritic", "pricing": null, "plans": null, "description": "dbcritic finds problems in a database schema, such as a missing primary key constraint in a table.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "deadcode": { "name": "deadcode", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/tsenart/deadcode", "source": "https://github.com/tsenart/deadcode", "pricing": null, "plans": null, "description": "Finds unused code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "deadnix": { "name": "deadnix", "categories": [ "linter" ], "languages": [], "other": [ "nix" ], "licenses": [ "GPL-3.0" ], "types": [ "cli" ], "homepage": "https://github.com/astro/deadnix", "source": "https://github.com/astro/deadnix", "pricing": null, "plans": null, "description": "Scan Nix files for dead code (unused variable bindings)", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "deal": { "name": "deal", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://deal.readthedocs.io/", "source": "https://github.com/life4/deal", "pricing": null, "plans": null, "description": "Design by contract for Python. Write bug-free code. By adding a few decorators to your code, you get for free tests, static analysis, formal verification, and much more.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "deepcode": { "name": "DeepCode", "categories": [ "linter" ], "languages": [ "c", "cpp", "java", "javascript", "python", "typescript" ], "other": [], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://snyk.io/platform/deepcode-ai/", "source": null, "pricing": null, "plans": null, "description": "DeepCode was acquired by Snyk is now Snyk Code.", "discussion": null, "deprecated": true, "resources": [ { "title": "Intro to DeepCode", "url": "https://www.youtube.com/watch?v=5ThvYN3nWcg" }, { "title": "Introduction to DeepCode's CLI - Install, config, first use", "url": "https://www.youtube.com/watch?v=PG8PmrKEuLY" } ], "reviews": null, "demos": null, "wrapper": null }, "deepscan": { "name": "DeepScan", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://deepscan.io", "source": null, "pricing": "https://deepscan.io/pricing", "plans": { "free": false, "oss": true }, "description": "An analyzer for JavaScript which targets runtime errors and quality issues rather than coding conventions.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "deepsource": { "name": "DeepSource", "categories": [ "linter" ], "languages": [ "go", "javascript", "python", "ruby", "sql" ], "other": [ "configmanagement", "container" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://deepsource.com", "source": null, "pricing": "https://deepsource.io/pricing", "plans": { "free": true, "oss": true }, "description": "In-depth static analysis to find issues in verticals of bug risks, security, anti-patterns, performance, documentation and style. Native integrations with GitHub, GitLab and Bitbucket. Less than 5% false positives.", "discussion": null, "deprecated": null, "resources": [ { "title": "What is DeepSource?", "url": "https://www.youtube.com/watch?v=SwEQXK1ms_U" }, { "title": "Static analysis for C# with DeepSource", "url": "https://www.youtube.com/watch?v=hgWui62Aa0E" } ], "reviews": [ "https://www.capterra.com/p/199025/DeepSource/" ], "demos": null, "wrapper": null }, "deleaker": { "name": "deleaker", "categories": [ "linter" ], "languages": [ "dotnet", "c", "csharp", "cpp", "delphi" ], "other": [], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.deleaker.com/", "source": null, "pricing": "https://www.deleaker.com/order.html", "plans": { "free": false, "oss": false }, "description": "Deleaker is a memory leak detection tool for C++, .NET, and Delphi, integrating with Visual Studio, Qt Creator, and RAD Studio or running as a standalone application. It helps developers find and fix memory, GDI, and handle leaks efficiently.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "delphilint": { "name": "DelphiLint", "categories": [ "linter" ], "languages": [ "delphi" ], "other": [], "licenses": [ "LGPL-3.0-only license" ], "types": [ "ide-plugin" ], "homepage": "https://github.com/integrated-application-development/delphilint", "source": "https://github.com/integrated-application-development/delphilint", "pricing": null, "plans": null, "description": "A Delphi IDE package providing on-the-fly code analysis and linting, powered by SonarDelphi.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dennis": { "name": "dennis", "categories": [ "linter" ], "languages": [], "other": [ "translation" ], "licenses": [ "BSD-3-Clause" ], "types": [ "cli" ], "homepage": "https://github.com/willkg/dennis", "source": "https://github.com/willkg/dennis", "pricing": null, "plans": null, "description": "A set of utilities for working with PO files to ease development and improve quality.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "deno-lint": { "name": "deno_lint", "categories": [ "linter" ], "languages": [], "other": [ "deno" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/denoland/deno_lint", "source": "https://github.com/denoland/deno_lint", "pricing": null, "plans": null, "description": "Official linter for Deno.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "depends": { "name": "Depends", "categories": [ "linter" ], "languages": [ "c", "cpp", "java", "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/multilang-depends/depends", "source": "https://github.com/multilang-depends/depends", "pricing": null, "plans": null, "description": "Analyses the comprehensive dependencies of code elements for Java, C/C++, Ruby.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dephpend": { "name": "dephpend", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/mihaeu/dephpend", "source": "https://github.com/mihaeu/dephpend", "pricing": null, "plans": null, "description": "Dependency analysis tool.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "deprecation-detector": { "name": "deprecation-detector", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/sensiolabs-de/deprecation-detector", "source": "https://github.com/sensiolabs-de/deprecation-detector", "pricing": null, "plans": null, "description": "Finds usages of deprecated (Symfony) code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "deptrac": { "name": "deptrac", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/sensiolabs-de/deptrac", "source": "https://github.com/sensiolabs-de/deptrac", "pricing": null, "plans": null, "description": "Enforce rules for dependencies between software layers.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "derscanner": { "name": "DerScanner", "categories": [ "linter" ], "languages": [ "abap", "asp", "apex", "c", "csharp", "cpp", "cobol", "dart", "delphi", "go", "groovy", "java", "javascript", "kotlin", "objectivec", "pascal", "perl", "php", "plsql", "python", "ruby", "rust", "scala", "swift", "vbscript", "vbasic", "vbnet" ], "other": [ "html", "mobile", "nodejs", "security", "xml" ], "licenses": [ "proprietary" ], "types": [ "cli", "service" ], "homepage": "https://derscanner.com/", "source": null, "pricing": "https://derscanner.com/pricing", "plans": null, "description": "Multi-language Static Application Security Testing (SAST) platform that detects critical vulnerabilities, including hardcoded secrets, weak cryptography, backdoors, SQL injections, insecure configurations, etc.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "designite": { "name": "Designite", "categories": [ "linter" ], "languages": [ "csharp" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "http://www.designite-tools.com", "source": null, "pricing": "http://www.designite-tools.com/buy", "plans": null, "description": "Designite supports detection of various architecture, design, and implementation smells, computation of various code quality metrics, and trend analysis.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "designitejava": { "name": "DesigniteJava", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "http://www.designite-tools.com/designitejava", "source": null, "pricing": "http://www.designite-tools.com/buy", "plans": null, "description": "DesigniteJava supports detection of various architecture, design, and implementation smells along with computation of various code quality metrics.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "designpatterndetector": { "name": "DesignPatternDetector", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/Halleck45/DesignPatternDetector", "source": "https://github.com/Halleck45/DesignPatternDetector", "pricing": null, "plans": null, "description": "Detection of design patterns in PHP code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "detect-secrets": { "name": "detect-secrets", "categories": [ "linter" ], "languages": [], "other": [ "security" ], "licenses": [ "Apache-2.0" ], "types": [ "cli" ], "homepage": "https://github.com/Yelp/detect-secrets", "source": "https://github.com/Yelp/detect-secrets", "pricing": null, "plans": null, "description": "An enterprise friendly way of detecting and preventing secrets in code.\nIt does this by running periodic diff outputs against heuristically crafted regex statements, to identify whether any new secret has been committed. This way, it avoids the overhead of digging through all git history, as well as the need to scan the entire repository every time.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "detekt": { "name": "detekt", "categories": [ "linter" ], "languages": [ "kotlin" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://detekt.github.io/detekt", "source": "https://github.com/detekt/detekt", "pricing": null, "plans": null, "description": "Static code analysis for Kotlin code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "devskim": { "name": "DevSkim", "categories": [ "linter" ], "languages": [ "asp", "c", "cpp", "java", "php", "python", "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "ide-plugin" ], "homepage": "https://github.com/microsoft/devskim", "source": "https://github.com/microsoft/devskim", "pricing": null, "plans": null, "description": "Regex-based static analysis tool for Visual Studio, VS Code, and Sublime Text - C/C++, C#, PHP, ASP, Python, Ruby, Java, and others.", "discussion": null, "deprecated": null, "resources": [ { "title": "ToorCon 19 — Pavel Bansky - Detecting security issues as fast as you making them", "url": "https://www.youtube.com/watch?v=VK80nTLGUk4" } ], "reviews": null, "demos": null, "wrapper": null }, "dialyxir": { "name": "dialyxir", "categories": [ "linter" ], "languages": [ "elixir" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/jeremyjh/dialyxir", "source": "https://github.com/jeremyjh/dialyxir", "pricing": null, "plans": null, "description": "Mix tasks to simplify use of Dialyzer in Elixir projects.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dialyzer": { "name": "dialyzer", "categories": [ "linter" ], "languages": [ "erlang" ], "other": [], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://www.erlang.org/doc/man/dialyzer.html", "source": "https://github.com/erlang/otp/tree/master/lib/dialyzer", "pricing": null, "plans": null, "description": "The DIALYZER, a DIscrepancy AnaLYZer for ERlang programs. Dialyzer is a static analysis tool that identifies software discrepancies, such as definite type errors, code that has become dead or unreachable because of programming error, and unnecessary tests, in single Erlang modules or entire (sets of) applications.\nDialyzer starts its analysis from either debug-compiled BEAM bytecode or from Erlang source code. The file and line number of a discrepancy is reported along with an indication of what the discrepancy is about. Dialyzer bases its analysis on the concept of success typings, which allows for sound warnings (no false positives).", "discussion": null, "deprecated": null, "resources": [ { "title": "ElixirConf 2016 - Dialyzer: Optimistic Type Checking for Erlang and Elixir by Jason Voegele", "url": "https://www.youtube.com/watch?v=JT0ECYZ9FaQ" }, { "title": "Sean Cribbs - Chemanalysis: Dialyzing Elixir | Code BEAM SF 19", "url": "https://www.youtube.com/watch?v=k4au7VioXNk" }, { "title": "Stavros Aronis - What does Dialyzer think about me? | Code BEAM STO 19", "url": "https://www.youtube.com/watch?v=Nxsw1jRE2A4&t=709s" } ], "reviews": null, "demos": null, "wrapper": null }, "diesel-guard": { "name": "diesel-guard", "categories": [ "linter" ], "languages": [ "rust", "sql" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/ayarotsky/diesel-guard", "source": "https://github.com/ayarotsky/diesel-guard", "pricing": null, "plans": null, "description": "Linter for dangerous Postgres migration patterns in Diesel and SQLx. Prevents downtime caused by unsafe schema changes.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "diff-rs": { "name": "diff.rs", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://diff.rs", "source": "https://github.com/xfbs/diff.rs", "pricing": null, "plans": null, "description": "Web application (WASM) to render a diff between Rust crate versions.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "diffblue": { "name": "Diffblue", "categories": [ "linter" ], "languages": [ "java" ], "other": [ "ci" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.diffblue.com/", "source": null, "pricing": "https://www.diffblue.com/pricing/", "plans": { "free": true }, "description": "Diffblue is a software company that provides AI-powered code analysis and testing solutions for software development teams.\nIts technology helps developers automate testing, find bugs, and reduce manual labor in their software development processes. The company's main product, Diffblue Cover, uses AI to generate and run unit tests for Java code, helping to catch errors and improve code quality.", "discussion": null, "deprecated": null, "resources": [ { "title": "Diffblue Cover Overview", "url": "https://www.youtube.com/watch?v=9vt1szlaAKw" }, { "title": "Codecov Github Tutorial/Demo", "url": "https://docs.codecov.com/docs/github-tutorial" }, { "title": "Diffblue Cover in Eclipse", "url": "https://www.youtube.com/watch?v=jiUgMs21NNE" }, { "title": "Diffblue Cover on a Pull Request", "url": "https://www.youtube.com/watch?v=dhN-mbgOSMo" } ], "reviews": null, "demos": null, "wrapper": null }, "diktat": { "name": "diktat", "categories": [ "linter", "formatter" ], "languages": [ "kotlin" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://diktat.saveourtool.com", "source": "https://github.com/saveourtool/diktat", "pricing": null, "plans": null, "description": "Strict coding standard for Kotlin and a linter that detects and auto-fixes code smells.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dingo-hunter": { "name": "dingo-hunter", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/nickng/dingo-hunter", "source": "https://github.com/nickng/dingo-hunter", "pricing": null, "plans": null, "description": "Static analyser for finding deadlocks in Go.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dlint": { "name": "Dlint", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://github.com/dlint-py/dlint", "source": "https://github.com/dlint-py/dlint", "pricing": null, "plans": null, "description": "A tool for ensuring Python code is secure.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "docker-label-inspector": { "name": "Docker Label Inspector", "categories": [ "linter" ], "languages": [], "other": [ "container" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/garethr/docker-label-inspector", "source": "https://github.com/garethr/docker-label-inspector", "pricing": null, "plans": null, "description": "Lint and validate Dockerfile labels.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dockle": { "name": "Dockle", "categories": [ "linter" ], "languages": [], "other": [ "container", "dockerfile", "security" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/goodwithtech/dockle", "source": "https://github.com/goodwithtech/dockle", "pricing": null, "plans": null, "description": "Container Image Linter for Security helping build the Best-Practice Docker Image. Scans Docker images for security vulnerabilities and CIS Benchmark compliance. Checks for secrets, credential exposure, and security best practices. Provides multiple severity levels (FATAL, WARN, INFO) and supports various output formats for CI/CD integration.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dodgy": { "name": "Dodgy", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/landscapeio/dodgy", "source": "https://github.com/landscapeio/dodgy", "pricing": null, "plans": null, "description": "Dodgy is a very basic tool to run against your codebase to search for \"dodgy\" looking values. It is a series of simple regular expressions designed to detect things such as accidental SCM diff checkins, or passwords or secret keys hard coded into files.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dogsled": { "name": "dogsled", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/alexkohler/dogsled", "source": "https://github.com/alexkohler/dogsled", "pricing": null, "plans": null, "description": "Finds assignments/declarations with too many blank identifiers.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "doop": { "name": "Doop", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "UPL" ], "types": [ "cli" ], "homepage": "https://plast-lab.github.io/doop-pldi15-tutorial/", "source": "https://github.com/plast-lab/doop", "pricing": null, "plans": null, "description": "Doop is a declarative framework for static analysis of Java/Android programs, centered on pointer analysis algorithms. Doop provides a large variety of analyses and also the surrounding scaffolding to run an analysis end-to-end (fact generation, processing, statistics, etc.).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dotenv-linter": { "name": "dotenv-linter", "categories": [ "linter" ], "languages": [], "other": [ "configfile" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://dotenv-linter.readthedocs.io/en/latest", "source": "https://github.com/wemake-services/dotenv-linter", "pricing": null, "plans": null, "description": "Linting dotenv files like a charm.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dotenv-linter-rust": { "name": "dotenv-linter (Rust)", "categories": [ "linter" ], "languages": [], "other": [ "configfile" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://dotenv-linter.github.io/#/", "source": "https://github.com/dotenv-linter/dotenv-linter", "pricing": null, "plans": null, "description": "Lightning-fast linter for .env files. Written in Rust", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dotnet-format": { "name": "dotnet-format", "categories": [ "linter" ], "languages": [ "dotnet", "csharp", "vbasic" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/dotnet/format", "source": "https://github.com/dotnet/format", "pricing": null, "plans": null, "description": "A code formatter for .NET. Preferences will be read from an `.editorconfig` file, if present, otherwise a default set of preferences will be used. At this time dotnet-format is able to format C# and Visual Basic projects with a subset of supported `.editorconfig` options.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "drnim": { "name": "DrNim", "categories": [ "linter" ], "languages": [ "nim" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://nim-lang.org/docs/drnim.html", "source": "https://nim-lang.org/docs/drnim.html", "pricing": null, "plans": null, "description": "DrNim combines the Nim frontend with the Z3 proof engine in order to allow verify / validate software written in Nim.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dupl": { "name": "dupl", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/mibk/dupl", "source": "https://github.com/mibk/dupl", "pricing": null, "plans": null, "description": "Reports potentially duplicated code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dylint": { "name": "dylint", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MIT License / Apache 2.0 license" ], "types": [ "cli" ], "homepage": "https://www.trailofbits.com/post/write-rust-lints-without-forking-clippy", "source": "https://github.com/trailofbits/dylint", "pricing": null, "plans": null, "description": "A tool for running Rust lints from dynamic libraries. Dylint makes it easy for developers to maintain their own personal lint collections.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "easycodingstandard": { "name": "EasyCodingStandard", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://www.tomasvotruba.com/blog/2017/05/03/combine-power-of-php-code-sniffer-and-php-cs-fixer-in-3-lines", "source": "https://github.com/Symplify/EasyCodingStandard", "pricing": null, "plans": null, "description": "Combine [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer) and [PHP-CS-Fixer](https://github.com/FriendsOfPHP/PHP-CS-Fixer).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "effective-dart": { "name": "effective_dart", "categories": [ "linter" ], "languages": [ "dart" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://pub.dev/packages/effective_dart", "source": "https://github.com/tenhobi/effective_dart", "pricing": null, "plans": null, "description": "Linter rules corresponding to the guidelines in Effective Dart", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "electrolysis": { "name": "electrolysis", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://kha.github.io/electrolysis", "source": "https://github.com/Kha/electrolysis", "pricing": null, "plans": null, "description": "A tool for formally verifying Rust programs by transpiling them into definitions in the Lean theorem prover.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "elm-analyse": { "name": "elm-analyse", "categories": [ "linter" ], "languages": [ "elm" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://stil4m.github.io/elm-analyse", "source": "https://github.com/stil4m/elm-analyse", "pricing": null, "plans": null, "description": "A tool that allows you to analyse your Elm code, identify deficiencies and apply best practices.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "elm-review": { "name": "elm-review", "categories": [ "linter" ], "languages": [ "elm" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://package.elm-lang.org/packages/jfmengels/elm-review/latest", "source": "https://github.com/jfmengels/elm-review", "pricing": null, "plans": null, "description": "Analyzes whole Elm projects, with a focus on shareable and custom rules written in Elm that add guarantees the Elm compiler doesn't give you.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "elvis": { "name": "elvis", "categories": [ "linter" ], "languages": [ "erlang" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/inaka/elvis", "source": "https://github.com/inaka/elvis", "pricing": null, "plans": null, "description": "Erlang Style Reviewer.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ember-template-lint": { "name": "ember-template-lint", "categories": [ "linter" ], "languages": [], "other": [ "template" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/ember-template-lint/ember-template-lint", "source": "https://github.com/ember-template-lint/ember-template-lint", "pricing": null, "plans": null, "description": "Linter for Ember or Handlebars templates.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "embold": { "name": "Embold", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "go", "java", "javascript", "kotlin", "python", "typescript" ], "other": [], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://embold.io", "source": null, "pricing": "https://embold.io/pricing", "plans": { "free": true, "oss": false }, "description": "Intelligent software analytics platform that identifies design issues, code issues, duplication and metrics. Supports Java, C, C++, C#, JavaScript, TypeScript, Python, Go, Kotlin and more.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "emerge": { "name": "emerge", "categories": [ "linter" ], "languages": [ "c", "cpp", "go", "java", "javascript", "kotlin", "objectivec", "php", "python", "ruby", "swift", "typescript" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli", "service" ], "homepage": "https://github.com/glato/emerge", "source": "https://github.com/glato/emerge", "pricing": null, "plans": null, "description": "Emerge is a source code and dependency visualizer that can be used to gather insights about source code structure, metrics, dependencies and complexity of software projects. After scanning the source code of a project it provides you an interactive web interface to explore and analyze your project by using graph structures.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "enforster-ai": { "name": "Enforster AI", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "go", "java", "javascript", "php", "python", "typescript" ], "other": [ "ci", "security" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://enforster.ai/", "source": null, "pricing": null, "plans": null, "description": "Enforster AI performs Contextual Code Security SAST, leveraging LLMs and artificial intelligence to reduce and enrich the detection of Logic Flaws, Secrets, Data leaks, Supply chain and technical vulnerabilities. ", "discussion": null, "deprecated": null, "resources": [ { "title": "Product homepage", "url": "https://enforster.ai/" }, { "title": "Docs", "url": "https://docs.enforster.ai/" }, { "title": "Platform Access", "url": "https://app.enforster.ai/" } ], "reviews": null, "demos": null, "wrapper": null }, "enlightn": { "name": "Enlightn", "categories": [ "linter" ], "languages": [ "php" ], "other": [ "laravel", "security" ], "licenses": [ "LGPL-3.0 License" ], "types": [ "cli" ], "homepage": "https://www.laravel-enlightn.com/", "source": "https://github.com/enlightn/enlightn", "pricing": null, "plans": null, "description": "A static and dynamic analysis tool for Laravel applications that provides recommendations to improve the performance, security and code reliability of Laravel apps. Contains 120 automated checks.", "discussion": null, "deprecated": true, "resources": [ { "title": "Enlightn: Performance and Security Consultant", "url": "https://www.youtube.com/watch?v=l6gY53fL1zI" } ], "reviews": null, "demos": null, "wrapper": null }, "enre-cpp": { "name": "ENRE-cpp", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "LGPL-2.1 license" ], "types": [ "cli" ], "homepage": "https://github.com/xjtu-enre/ENRE-cpp", "source": "https://github.com/xjtu-enre/ENRE-cpp", "pricing": null, "plans": null, "description": "ENRE (ENtity Relationship Extractor) is a tool for extraction of code entity dependencies or relationships from source code. ENRE-cpp is a ENtity Relationship Extractor for C/C++ based on @eclipse/CDT. (Under development)", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "enre-java": { "name": "ENRE-java", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "LGPL-2.1 license" ], "types": [ "cli" ], "homepage": "https://github.com/xjtu-enre/ENRE-java", "source": "https://github.com/xjtu-enre/ENRE-java", "pricing": null, "plans": null, "description": "ENRE (ENtity Relationship Extractor) is a tool for extraction of code entity dependencies or relationships from source code. ENRE-java is a ENtity Relationship Extractor for Java projects based on @Eclipse JDT/parser.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "enre-py": { "name": "ENRE-py", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "LGPL-2.1 license" ], "types": [ "cli" ], "homepage": "https://github.com/xjtu-enre/ENRE-py", "source": "https://github.com/xjtu-enre/ENRE-py", "pricing": null, "plans": null, "description": "ENRE (ENtity Relationship Extractor) is a tool for extraction of code entity dependencies or relationships from source code. ENRE-py is a ENtity Relationship Extractor for Python based on Python Language Services of The Standard Library.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "enre-ts": { "name": "ENRE-ts", "categories": [ "linter" ], "languages": [ "typescript" ], "other": [], "licenses": [ "LGPL-2.1 license" ], "types": [ "cli" ], "homepage": "https://github.com/xjtu-enre/ENRE-ts", "source": "https://github.com/xjtu-enre/ENRE-ts", "pricing": null, "plans": null, "description": "ENRE (ENtity Relationship Extractor) is a tool for extraction of code entity dependencies or relationships from source code. ENRE-ts is a ENtity Relationship Extractor for ECMAScript and TypeScript based on @babel/parser.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "erb-formatter": { "name": "ERB::Formatter", "categories": [ "formatter" ], "languages": [ "ruby" ], "other": [ "erb", "html", "rails" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/nebulab/erb-formatter", "source": "https://github.com/nebulab/erb-formatter", "pricing": null, "plans": null, "description": "Format ERB files with speed and precision.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "erb-lint": { "name": "ERB Lint", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [ "erb", "html" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/Shopify/erb-lint", "source": "https://github.com/Shopify/erb-lint", "pricing": null, "plans": null, "description": "Lint your ERB or HTML files", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "errcheck": { "name": "errcheck", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/kisielk/errcheck", "source": "https://github.com/kisielk/errcheck", "pricing": null, "plans": null, "description": "Check that error return values are used.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "error-prone": { "name": "Error Prone", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://errorprone.info", "source": "https://github.com/google/error-prone", "pricing": null, "plans": null, "description": "Catch common Java mistakes as compile-time errors.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "errwrap": { "name": "errwrap", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD 3-Clause License" ], "types": [ "cli" ], "homepage": "https://github.com/fatih/errwrap", "source": "https://github.com/fatih/errwrap", "pricing": null, "plans": null, "description": "Wrap and fix Go errors with the new %w verb directive. This tool analyzes fmt.Errorf() calls and reports calls that contain a verb directive that is different than the new %w verb directive introduced in Go v1.13. It's also capable of rewriting calls to use the new %w wrap verb directive.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "es6-plato": { "name": "es6-plato", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/the-simian/es6-plato", "source": "https://github.com/the-simian/es6-plato", "pricing": null, "plans": null, "description": "Visualize JavaScript (ES6) source complexity.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "esbmc": { "name": "ESBMC", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "http://esbmc.org", "source": "https://github.com/esbmc/esbmc", "pricing": null, "plans": null, "description": "ESBMC is an open source, permissively licensed, context-bounded model checker based on satisfiability modulo theories for the verification of single- and multi-threaded C/C++ programs.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "escomplex": { "name": "escomplex", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/jared-stilwell/escomplex", "source": "https://github.com/jared-stilwell/escomplex", "pricing": null, "plans": null, "description": "Software complexity analysis of JavaScript-family abstract syntax trees.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "eslint": { "name": "ESLint", "categories": [ "linter" ], "languages": [ "javascript", "jsx", "typescript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/eslint/eslint", "source": "https://github.com/eslint/eslint", "pricing": null, "plans": null, "description": "An extensible linter for JS, following the ECMAScript standard.", "discussion": null, "deprecated": null, "resources": [ { "title": "ESLint Tutorial with VSCode", "url": "https://www.youtube.com/watch?v=fslNny60HzI" }, { "title": "VSCode ESLint, Prettier & Airbnb Style Guide Setup", "url": "https://www.youtube.com/watch?v=SydnKbGc7W8" } ], "reviews": [ "https://openbase.com/js/eslint/reviews", "https://stackshare.io/eslint" ], "demos": [ "https://eslint.org/play/" ], "wrapper": null }, "esprima": { "name": "Esprima", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "BSD 2-Clause \"Simplified\" License" ], "types": [ "cli" ], "homepage": "https://esprima.org", "source": "https://github.com/jquery/esprima", "pricing": null, "plans": null, "description": "ECMAScript parsing infrastructure for multipurpose analysis.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "exakat": { "name": "exakat", "categories": [ "linter" ], "languages": [ "php" ], "other": [ "ci" ], "licenses": [ "Other" ], "types": [ "service" ], "homepage": "https://www.exakat.io", "source": "https://github.com/exakat/exakat", "pricing": null, "plans": null, "description": "An automated code reviewing engine for PHP.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ezno": { "name": "ezno", "categories": [ "linter" ], "languages": [ "javascript", "typescript" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://kaleidawave.github.io/posts/introducing-ezno/", "source": "https://github.com/kaleidawave/ezno", "pricing": null, "plans": null, "description": "A JavaScript compiler and TypeScript checker written in Rust with a focus on static analysis and runtime performance. Ezno's type checker is built from scratch. The checker is fully compatible with TypeScript type annotations and can work without any type annotations at all.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "fantomas": { "name": "fantomas", "categories": [ "formatter" ], "languages": [ "fsharp" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://fsprojects.github.io/fantomas/", "source": "https://github.com/fsprojects/fantomas", "pricing": null, "plans": null, "description": "F# source code formatter.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "fasterer": { "name": "Fasterer", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/DamirSvrtan/fasterer", "source": "https://github.com/DamirSvrtan/fasterer", "pricing": null, "plans": null, "description": "Common Ruby idioms checker.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "fb-contrib": { "name": "fb-contrib", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "GNU Lesser General Public License v2.1" ], "types": [ "cli" ], "homepage": "http://fb-contrib.sourceforge.net", "source": "https://github.com/mebigfatguy/fb-contrib", "pricing": null, "plans": null, "description": "A plugin for FindBugs with additional bug detectors.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "find-security-bugs": { "name": "Find Security Bugs", "categories": [ "linter" ], "languages": [ "groovy", "java", "kotlin", "scala" ], "other": [], "licenses": [ "LGPL-3.0-only" ], "types": [ "cli" ], "homepage": "https://find-sec-bugs.github.io", "source": "https://github.com/find-sec-bugs/find-sec-bugs", "pricing": null, "plans": null, "description": "The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "fix-insight": { "name": "Fix Insight", "categories": [ "linter" ], "languages": [ "delphi" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.tmssoftware.com/site/fixinsight.asp", "source": "https://www.tmssoftware.com/site/fixinsight.asp", "pricing": "https://tmssoftware.com/site/tmsallaccess.asp#product-buy-online", "plans": null, "description": "A free IDE Plugin for static code analysis. A _Pro_ edition includes a command line tool for automation purposes.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "fixinator": { "name": "Fixinator", "categories": [ "linter" ], "languages": [ "coldfusion" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://fixinator.app", "source": null, "pricing": "https://fixinator.app", "plans": null, "description": "Static security code analysis for ColdFusion or CFML code. Designed to work within a CI pipeline or from the developers terminal.", "discussion": null, "deprecated": null, "resources": [ { "title": "Fixinator Getting Started Guide", "url": "https://github.com/foundeo/fixinator/wiki/Getting-Started" } ], "reviews": null, "demos": null, "wrapper": null }, "fixit": { "name": "fixit", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://pypi.org/project/fixit", "source": "https://github.com/Instagram/Fixit", "pricing": null, "plans": null, "description": "A framework for creating lint rules and corresponding auto-fixes for source code.", "discussion": null, "deprecated": null, "resources": [ { "title": "Enforcing coding conventions using libCST and Fixit", "url": "https://www.digitalernachschub.de/blog/enforcing-coding-conventions-using-libcst-and-fixit/" } ], "reviews": null, "demos": null, "wrapper": null }, "flake8": { "name": "flake8", "categories": [ "meta" ], "languages": [ "python" ], "other": [ "meta" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/PyCQA/flake8", "source": "https://github.com/PyCQA/flake8", "pricing": null, "plans": null, "description": "A wrapper around `pyflakes`, `pycodestyle` and `mccabe`.", "discussion": null, "deprecated": null, "resources": [ { "title": "My Python Code Looks Ugly and Confusing - Help!", "url": "https://www.youtube.com/watch?v=TDUf93vqq3g" }, { "title": "flake8 in Python | Linters | PEP8 Standards", "url": "https://www.youtube.com/watch?v=qUpfUenwUPA" }, { "title": "A flake8 plugin from scratch (intermediate)", "url": "https://www.youtube.com/watch?v=ot5Z4KQPBL8" } ], "reviews": [ "https://www.slant.co/options/12632/~flake8-review" ], "demos": null, "wrapper": null }, "flakeheaven": { "name": "flakeheaven", "categories": [ "meta" ], "languages": [ "python" ], "other": [ "meta" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://pypi.org/project/flakeheaven/", "source": "https://github.com/flakeheaven/flakeheaven", "pricing": null, "plans": null, "description": "flakeheaven is a python linter built around flake8 to enable inheritable and complex toml configuration.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "flawfinder": { "name": "flawfinder", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "GNU General Public License v2.0" ], "types": [ "cli" ], "homepage": "http://dwheeler.com/flawfinder/", "source": "https://github.com/david-a-wheeler/flawfinder", "pricing": null, "plans": null, "description": "Finds possible security weaknesses.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "flay": { "name": "flay", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://ruby.sadi.st/Flay.html", "source": "https://github.com/seattlerb/flay", "pricing": null, "plans": null, "description": "Flay analyzes code for structural similarities.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "flen": { "name": "flen", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/lafolle/flen", "source": "https://github.com/lafolle/flen", "pricing": null, "plans": null, "description": "Get info on length of functions in a Go package.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "flint": { "name": "flint++", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "Boost Software License 1.0" ], "types": [ "cli" ], "homepage": "https://github.com/JossWhittle/FlintPlusPlus", "source": "https://github.com/JossWhittle/FlintPlusPlus", "pricing": null, "plans": null, "description": "Cross-platform, zero-dependency port of flint, a lint program for C++ developed and used at Facebook.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "flog": { "name": "flog", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://ruby.sadi.st/Flog.html", "source": "https://github.com/seattlerb/flog", "pricing": null, "plans": null, "description": "Flog reports the most tortured code in an easy to read pain report. The higher the score, the more pain the code is in.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "flow": { "name": "flow", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://flow.org", "source": "https://github.com/facebook/flow", "pricing": null, "plans": null, "description": "A static type checker for JavaScript.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "flowdroid": { "name": "FlowDroid", "categories": [ "linter" ], "languages": [], "other": [ "mobile" ], "licenses": [ "GNU Lesser General Public License v2.1" ], "types": [ "cli" ], "homepage": "https://github.com/secure-software-engineering/FlowDroid", "source": "https://github.com/secure-software-engineering/FlowDroid", "pricing": null, "plans": null, "description": "Static taint analysis tool for Android applications.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "flowr": { "name": "flowR", "categories": [ "linter" ], "languages": [ "r" ], "other": [], "licenses": [ "GPL-3" ], "types": [ "cli", "ide-plugin" ], "homepage": "https://github.com/flowr-analysis/flowr", "source": "https://github.com/flowr-analysis/flowr", "pricing": null, "plans": null, "description": "A [program slicer](https://github.com/flowr-analysis/flowr/wiki/Terminology#program-slice) and [dataflow analyzer](https://en.wikipedia.org/wiki/Data-flow_analysis) for the [R](https://www.r-project.org/) programming language. Its slicer allows you to reduce a complicated program just to the parts related for a specific task (e.g., the generation of a single or collection of plots, a significance test, ...). The dataflow analysis provides you with a detailed view on the semantics of the R code which can greatly improve other analyses. To use _flowR_, check out the [Visual Studio Code extension](https://marketplace.visualstudio.com/items?itemName=code-inspect.vscode-flowr), the [RStudio Addin](https://github.com/flowr-analysis/rstudio-addin-flowr), the [Docker image](https://hub.docker.com/r/eagleoutice/flowr), or the [R package](https://github.com/flowr-analysis/flowr-r-adapter).", "discussion": null, "deprecated": null, "resources": [ { "title": "Wiki Pages", "url": "https://github.com/flowr-analysis/flowr/wiki" }, { "title": "Overview of the VS Code extension", "url": "https://www.youtube.com/watch?v=Zgq6rnbvvhk" } ], "reviews": null, "demos": null, "wrapper": null }, "foodcritic": { "name": "foodcritic", "categories": [ "linter" ], "languages": [], "other": [ "configmanagement" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "http://www.foodcritic.io", "source": "https://github.com/foodcritic/foodcritic", "pricing": null, "plans": null, "description": "A lint tool that checks Chef cookbooks for common problems.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "forbidden-apis": { "name": "forbidden-apis", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/policeman-tools/forbidden-apis", "source": "https://github.com/policeman-tools/forbidden-apis", "pricing": null, "plans": null, "description": "Detects and forbids invocations of specific method/class/field (like reading from a text stream without a charset). Maven/Gradle/Ant compatible.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "fortify": { "name": "Fortify", "categories": [ "linter" ], "languages": [ "abap", "actionscript", "apex", "aspnet", "c", "csharp", "cpp", "cobol", "coldfusion", "java", "javascript", "jsp", "objectivec", "php", "plsql", "python", "ruby", "scala", "swift", "tsql", "vbscript", "vbasic", "vbnet" ], "other": [ "html", "security", "xml" ], "licenses": [ "proprietary" ], "types": [ "ide-plugin" ], "homepage": "https://www.microfocus.com/en-us/cyberres/application-security/static-code-analyzer", "source": null, "pricing": "https://www.opentext.com/products/fortify-on-demand/trial", "plans": { "free": false, "oss": false }, "description": "A commercial static analysis platform that supports the scanning of C/C++, C#, VB.NET, VB6, ABAP/BSP, ActionScript, Apex, ASP.NET, Classic ASP, VB Script, Cobol, ColdFusion, HTML, Java, JS, JSP, MXML/Flex, Objective-C, PHP, PL/SQL, T-SQL, Python (2.6, 2.7), Ruby (1.9.3), Swift, Scala, VB, and XML.", "discussion": null, "deprecated": null, "resources": [ { "title": "Visual Studio - real-time security with Fortify Security Assistant (2018)", "url": "https://www.youtube.com/watch?v=7CfeUXtDlwQ" } ], "reviews": null, "demos": null, "wrapper": null }, "fortitude": { "name": "Fortitude", "categories": [ "linter" ], "languages": [ "fortran" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://fortitude.readthedocs.io", "source": "https://github.com/PlasmaFAIR/fortitude", "pricing": null, "plans": null, "description": "Fortran linter, inspired by (and built on) Ruff, and based on community best practices. Supports latest Fortran (2023) standard.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "fprettify": { "name": "fprettify", "categories": [ "linter" ], "languages": [ "fortran" ], "other": [], "licenses": [ "NOASSERTION" ], "types": [ "cli" ], "homepage": "https://pypi.python.org/pypi/fprettify", "source": "https://github.com/pseewald/fprettify", "pricing": null, "plans": null, "description": "Auto-formatter for modern fortran source code, written in Python.\nFprettify is a tool that provides consistent whitespace, indentation, and delimiter alignment in code, including the ability to change letter case and handle preprocessor directives, all while preserving revision history and tested for editor integration.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "frama-c": { "name": "Frama-C", "categories": [ "linter" ], "languages": [ "c" ], "other": [], "licenses": [ "GNU Lesser General Public License v2.1" ], "types": [ "cli" ], "homepage": "https://www.frama-c.com", "source": "https://www.frama-c.com/html/get-frama-c.html", "pricing": null, "plans": null, "description": "A sound and extensible static analyzer for C code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "freeplane-code-explorer": { "name": "Freeplane Code Explorer", "categories": [ "meta" ], "languages": [ "java", "kotlin", "scala" ], "other": [], "licenses": [ "GPL-2.0-or-later" ], "types": [ "gui" ], "homepage": "https://docs.freeplane.org/user-documentation/Code_Explorer.html", "source": "https://github.com/freeplane/freeplane", "pricing": null, "plans": null, "description": "The Code Explorer mode in Freeplane is designed for analyzing the structure and dependencies of code compiled to JVM class files. It also allows displaying ArchUnit test results directly in Freeplane, if Freeplane is running and ArchUnit detects rule violations during the tests.\n", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "frink": { "name": "Frink", "categories": [ "formatter" ], "languages": [ "tcl" ], "other": [], "licenses": [ "unknown" ], "types": [ "cli" ], "homepage": "http://catless.ncl.ac.uk/Programs/Frink", "source": "http://catless.ncl.ac.uk/Programs/Frink", "pricing": null, "plans": null, "description": "A Tcl formatting and static check program (can prettify the program, minimise, obfuscate or just sanity check it).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "fsharplint": { "name": "FSharpLint", "categories": [ "linter" ], "languages": [ "fsharp" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/fsprojects/FSharpLint", "source": "https://github.com/fsprojects/FSharpLint", "pricing": null, "plans": null, "description": "Lint tool for F#.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "fta": { "name": "fta", "categories": [ "linter" ], "languages": [ "typescript" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://ftaproject.dev/", "source": "https://github.com/sgb-io/fta", "pricing": null, "plans": null, "description": "Rust-based static analysis for TypeScript projects", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": [ "https://ftaproject.dev/playground" ], "wrapper": null }, "fukuzatsu": { "name": "Fukuzatsu", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/CoralineAda/fukuzatsu", "source": "https://github.com/CoralineAda/fukuzatsu", "pricing": null, "plans": null, "description": "A tool for measuring code complexity in Ruby class files. Its analysis generates scores based on cyclomatic complexity algorithms with no added \"opinions\".", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "gawk-lint": { "name": "gawk --lint", "categories": [ "linter" ], "languages": [ "awk" ], "other": [], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://www.gnu.org/software/gawk/manual/html_node/Options.html", "source": "https://www.gnu.org/software/gawk/manual/html_node/Options.html", "pricing": null, "plans": null, "description": "Warns about constructs that are dubious or nonportable to other awk implementations.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "gcc": { "name": "GCC", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "GPL" ], "types": [ "cli" ], "homepage": "https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html", "source": "https://github.com/gcc-mirror/gcc", "pricing": null, "plans": null, "description": "The GCC compiler has static analysis capabilities since version 10. This option is only available if GCC was configured with analyzer support enabled. It can also output its diagnostics to a JSON file in the SARIF format (from v13).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "gendarme": { "name": "Gendarme", "categories": [ "formatter" ], "languages": [ "csharp" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://www.mono-project.com/docs/tools+libraries/tools/gendarme", "source": "https://github.com/mono/mono-tools", "pricing": null, "plans": null, "description": "Gendarme inspects programs and libraries that contain code in ECMA CIL format (Mono and .NET).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "gherkin-lint": { "name": "gherkin-lint", "categories": [ "linter" ], "languages": [], "other": [ "gherkin" ], "licenses": [ "ISC License" ], "types": [ "cli" ], "homepage": "https://github.com/vsiakka/gherkin-lint", "source": "https://github.com/vsiakka/gherkin-lint", "pricing": null, "plans": null, "description": "A linter for the Gherkin-Syntax written in Javascript.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ghidra": { "name": "Ghidra", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://ghidra-sre.org", "source": "https://github.com/NationalSecurityAgency/ghidra", "pricing": null, "plans": null, "description": "A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission", "discussion": null, "deprecated": null, "resources": [ { "title": "Ghidra Installation Guide", "url": "https://ghidra-sre.org/InstallationGuide.html" } ], "reviews": null, "demos": null, "wrapper": null }, "gitguardian-ggshield": { "name": "GitGuardian ggshield", "categories": [ "linter" ], "languages": [], "other": [ "dotenv", "container", "ci", "git", "security", "terraform" ], "licenses": [ "MIT" ], "types": [ "cli", "service" ], "homepage": "https://www.gitguardian.com/ggshield", "source": "https://github.com/gitguardian/ggshield", "pricing": null, "plans": null, "description": "ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase.", "discussion": null, "deprecated": null, "resources": [ { "title": "Getting started with ggshield", "url": "https://docs.gitguardian.com/ggshield-docs/getting-started" }, { "title": "A Developer's View of GitGuardian ggshield Throughout The Software Development Lifecycle", "url": "https://www.youtube.com/watch?v=diuBTBjx7Qc" } ], "reviews": null, "demos": null, "wrapper": null }, "gitleaks": { "name": "Gitleaks", "categories": [ "linter" ], "languages": [], "other": [ "security" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/zricethezav/gitleaks", "source": "https://github.com/zricethezav/gitleaks", "pricing": null, "plans": null, "description": "A SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "gixy": { "name": "gixy", "categories": [ "linter" ], "languages": [], "other": [ "configfile" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/yandex/gixy", "source": "https://github.com/yandex/gixy", "pricing": null, "plans": null, "description": "A tool to analyze Nginx configuration. The main goal is to prevent misconfiguration and automate flaw detection.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "go-ast": { "name": "go/ast", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD-3-Clause (original text)" ], "types": [ "cli" ], "homepage": "https://golang.org/pkg/go/ast", "source": "https://github.com/golang/go/tree/master/src/go/ast", "pricing": null, "plans": null, "description": "Package ast declares the types used to represent syntax trees for Go packages.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "go-consistent": { "name": "go-consistent", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/Quasilyte/go-consistent", "source": "https://github.com/Quasilyte/go-consistent", "pricing": null, "plans": null, "description": "Analyzer that helps you to make your Go programs more consistent.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "go-critic": { "name": "go-critic", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/go-critic/go-critic", "source": "https://github.com/go-critic/go-critic", "pricing": null, "plans": null, "description": "Go source code linter that maintains checks which are currently not implemented in other linters.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "go-meta-linter": { "name": "Go Meta Linter", "categories": [ "meta" ], "languages": [ "go" ], "other": [ "meta" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/alecthomas/gometalinter", "source": "https://github.com/alecthomas/gometalinter", "pricing": null, "plans": null, "description": "Concurrently run Go lint tools and normalise their output. Use `golangci-lint` for new projects.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "go-tool-vet-shadow": { "name": "go tool vet --shadow", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD-3-Clause (original text)" ], "types": [ "cli" ], "homepage": "https://golang.org/cmd/vet#hdr-Shadowed_variables", "source": "https://github.com/golang/go/tree/master/src/cmd/vet", "pricing": null, "plans": null, "description": "Reports variables that may have been unintentionally shadowed.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "go-vet": { "name": "go vet", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD-3-Clause (original text)" ], "types": [ "cli" ], "homepage": "https://golang.org/cmd/vet", "source": "https://github.com/golang/go/tree/master/src/cmd/vet", "pricing": null, "plans": null, "description": "Examines Go source code and reports suspicious.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "goast": { "name": "goast", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/m-mizutani/goast", "source": "https://github.com/m-mizutani/goast", "pricing": null, "plans": null, "description": "Go AST (Abstract Syntax Tree) based static analysis tool with Rego.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "goblint": { "name": "Goblint", "categories": [ "linter" ], "languages": [ "c" ], "other": [ "ci" ], "licenses": [ "MIT License" ], "types": [ "cli", "ide-plugin" ], "homepage": "https://goblint.in.tum.de", "source": "https://github.com/goblint/analyzer", "pricing": null, "plans": null, "description": "A static analyzer for the analysis of multi-threaded C programs. Its primary focus is the detection of data races, but it also reports other runtime errors, such as buffer overflows and null-pointer dereferences.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "gochecknoglobals": { "name": "gochecknoglobals", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/leighmcculloch/gochecknoglobals", "source": "https://github.com/leighmcculloch/gochecknoglobals", "pricing": null, "plans": null, "description": "Checks that no globals are present.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "goconst": { "name": "goconst", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/jgautheron/goconst", "source": "https://github.com/jgautheron/goconst", "pricing": null, "plans": null, "description": "Finds repeated strings that could be replaced by a constant.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "gocyclo": { "name": "gocyclo", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://github.com/fzipp/gocyclo", "source": "https://github.com/fzipp/gocyclo", "pricing": null, "plans": null, "description": "Calculate cyclomatic complexities of functions in Go source code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "gofmt-s": { "name": "gofmt -s", "categories": [ "linter", "formatter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD-3-Clause (original text)" ], "types": [ "cli" ], "homepage": "https://golang.org/cmd/gofmt", "source": "https://github.com/golang/go/tree/master/src/cmd/gofmt", "pricing": null, "plans": null, "description": "Checks if the code is properly formatted and could not be further simplified.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "gofumpt": { "name": "gofumpt", "categories": [ "formatter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD-3" ], "types": [ "cli", "ide-plugin" ], "homepage": "https://github.com/mvdan/gofumpt", "source": "https://github.com/mvdan/gofumpt", "pricing": null, "plans": null, "description": "Enforce a stricter format than `gofmt`, while being backwards-compatible. That is, `gofumpt` is happy with a subset of the formats that `gofmt` is happy with.\nThe tool is a fork of `gofmt` as of Go 1.19, and requires Go 1.18 or later. It can be used as a drop-in replacement to format your Go code, and running gofmt after gofumpt should produce no changes.\n`gofumpt` will never add rules which disagree with `gofmt` formatting. So we extend `gofmt` rather than compete with it.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "goimports": { "name": "goimports", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD-3-Clause (original text)" ], "types": [ "cli" ], "homepage": "https://pkg.go.dev/golang.org/x/tools/cmd/goimports", "source": "https://github.com/golang/tools/tree/master/cmd/goimports", "pricing": null, "plans": null, "description": "Checks missing or unreferenced package imports.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "gokart": { "name": "gokart", "categories": [ "linter" ], "languages": [ "go" ], "other": [ "security" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/praetorian-inc/gokart", "source": "https://github.com/praetorian-inc/gokart", "pricing": null, "plans": null, "description": "Golang security analysis with a focus on minimizing false positives. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "golangci-lint": { "name": "GolangCI-Lint", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://golangci-lint.run", "source": "https://github.com/golangci/golangci-lint", "pricing": null, "plans": null, "description": "Alternative to `Go Meta Linter`: GolangCI-Lint is a linters aggregator.", "discussion": null, "deprecated": null, "resources": [ { "title": "GopherCon 2019: Denis Isaev (author of golangci-lint) - Go Linters: Myths and Best Practices", "url": "https://www.youtube.com/watch?v=1U-Gzz4TYP0" } ], "reviews": null, "demos": null, "wrapper": null }, "golint": { "name": "golint", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://github.com/golang/lint", "source": "https://github.com/golang/lint", "pricing": null, "plans": null, "description": "Prints out coding style mistakes in Go source code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "goodcheck": { "name": "Goodcheck", "categories": [ "linter" ], "languages": [ "c", "cpp", "java", "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://sider.github.io/goodcheck", "source": null, "pricing": null, "plans": null, "description": "Regexp based customizable linter.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "goodpractice": { "name": "goodpractice", "categories": [ "linter" ], "languages": [ "r" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://docs.ropensci.org/goodpractice/", "source": "https://github.com/mangothecat/goodpractice", "pricing": null, "plans": null, "description": "Analyses the source code for R packages and provides best-practice recommendations.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "google-java-format": { "name": "google-java-format", "categories": [ "formatter" ], "languages": [ "java" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli", "ide-plugin" ], "homepage": "https://github.com/google/google-java-format", "source": "https://github.com/google/google-java-format", "pricing": null, "plans": null, "description": "Reformats Java source code to comply with Google Java Style", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "goone": { "name": "goone", "categories": [ "linter" ], "languages": [ "go", "sql" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/masibw/goone", "source": "https://github.com/masibw/goone", "pricing": null, "plans": null, "description": "Finds N+1 queries (SQL calls in a for loop) in go code", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "goreporter": { "name": "goreporter", "categories": [ "meta" ], "languages": [ "go" ], "other": [ "meta" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/360EntSecGroup-Skylar/goreporter", "source": "https://github.com/360EntSecGroup-Skylar/goreporter", "pricing": null, "plans": null, "description": "Concurrently runs many linters and normalises their output to a report.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "goroutine-inspect": { "name": "goroutine-inspect", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD 2-Clause \"Simplified\" License" ], "types": [ "cli" ], "homepage": "https://github.com/linuxerwang/goroutine-inspect", "source": "https://github.com/linuxerwang/goroutine-inspect", "pricing": null, "plans": null, "description": "An interactive tool to analyze Golang goroutine dump.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "gosec-gas": { "name": "gosec (gas)", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://securego.io", "source": "https://github.com/securego/gosec", "pricing": null, "plans": null, "description": "Inspects source code for security problems by scanning the Go AST.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "gotype": { "name": "gotype", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "3-Clause BSD License + Patent Grant" ], "types": [ "cli" ], "homepage": "https://pkg.go.dev/golang.org/x/tools/cmd/gotype", "source": "https://golang.org/x/tools/cmd/gotype", "pricing": null, "plans": null, "description": "Syntactic and semantic analysis similar to the Go compiler.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "govulncheck": { "name": "govulncheck", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD-3-Clause" ], "types": [ "cli", "service" ], "homepage": "https://go.dev/blog/vuln", "source": "https://pkg.go.dev/golang.org/x/vuln/vulncheck", "pricing": null, "plans": null, "description": "Govulncheck reports known vulnerabilities that affect Go code. It uses static analysis of source code or a binary's symbol table to narrow down reports to only those that could affect the application.\nBy default, govulncheck makes requests to the Go vulnerability database at https://vuln.go.dev. Requests to the vulnerability database contain only module paths, not code or other properties of your program.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "graphmycss-com": { "name": "GraphMyCSS.com", "categories": [ "linter" ], "languages": [], "other": [ "css" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://graphmycss.com", "source": "https://github.com/TheJaredWilcurt/itcss-specificity-graph", "pricing": null, "plans": null, "description": "CSS Specificity Graph Generator.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "graudit": { "name": "graudit", "categories": [ "linter" ], "languages": [ "asp", "c", "csharp", "cpp", "java", "perl", "php", "python", "ruby" ], "other": [], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli" ], "homepage": "http://www.justanotherhacker.com", "source": "https://github.com/wireghoul/graudit", "pricing": null, "plans": null, "description": "Grep rough audit - source code auditing tool.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "griffe": { "name": "Griffe", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "ISC License" ], "types": [ "cli" ], "homepage": "https://mkdocstrings.github.io/griffe/", "source": "https://github.com/mkdocstrings/griffe", "pricing": null, "plans": null, "description": "Signatures for entire Python programs. Extract the structure, the frame, the skeleton of your project, to generate API documentation or find breaking changes in your API.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "grumphp": { "name": "GrumPHP", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/phpro/grumphp", "source": "https://github.com/phpro/grumphp", "pricing": null, "plans": null, "description": "Checks code on every commit.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "grunt-bootlint": { "name": "grunt-bootlint", "categories": [ "linter" ], "languages": [], "other": [ "html" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/twbs/grunt-bootlint", "source": "https://github.com/twbs/grunt-bootlint", "pricing": null, "plans": null, "description": "A Grunt wrapper for [Bootlint](https://github.com/twbs/bootlint), the HTML linter for Bootstrap projects.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "grype": { "name": "Grype", "categories": [ "linter" ], "languages": [], "other": [ "container", "security" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/anchore/grype", "source": "https://github.com/anchore/grype", "pricing": null, "plans": null, "description": "Vulnerability scanner for container images and filesystems. Developed by Anchore, it scans container images, directories, and archives for known vulnerabilities. Supports multiple image formats, SBOM integration, and VEX (Vulnerability Exploitability eXchange) for accurate vulnerability assessment. Works with various vulnerability databases and provides detailed reporting.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "gulp-bootlint": { "name": "gulp-bootlint", "categories": [ "linter" ], "languages": [], "other": [ "html" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/tschortsch/gulp-bootlint", "source": "https://github.com/tschortsch/gulp-bootlint", "pricing": null, "plans": null, "description": "A gulp wrapper for [Bootlint](https://github.com/twbs/bootlint), the HTML linter for Bootstrap projects.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "haml-lint": { "name": "haml-lint", "categories": [ "linter" ], "languages": [], "other": [ "template" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/sds/haml-lint", "source": "https://github.com/sds/haml-lint", "pricing": null, "plans": null, "description": "Tool for writing clean and consistent HAML.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "haskell-dockerfile-linter": { "name": "Haskell Dockerfile Linter", "categories": [ "linter" ], "languages": [], "other": [ "container" ], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://github.com/lukasmartinelli/hadolint", "source": "https://github.com/lukasmartinelli/hadolint", "pricing": null, "plans": null, "description": "A smarter Dockerfile linter that helps you build best practice Docker images.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "hasmysecretleaked": { "name": "HasMySecretLeaked", "categories": [ "linter" ], "languages": [], "other": [ "git", "security" ], "licenses": [ "proprietary" ], "types": [ "cli", "service" ], "homepage": "https://gitguardian.com/hasmysecretleaked", "source": "https://github.com/GitGuardian/ggshield", "pricing": null, "plans": null, "description": "HasMySecretLeaked is a project from GitGuardian that aims to help individual users and organizations search across 20 million exposed secrets to verify if their developer secrets have leaked on public repositories, gists, and issues on GitHub projects.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "haxe-checkstyle": { "name": "Haxe Checkstyle", "categories": [ "linter" ], "languages": [ "haxe" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://haxecheckstyle.github.io/docs/haxe-checkstyle/home.html", "source": "https://github.com/HaxeCheckstyle/haxe-checkstyle", "pricing": null, "plans": null, "description": "A static analysis tool to help developers write Haxe code that adheres to a coding standard.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "hcl-appscan-source": { "name": "HCL AppScan Source", "categories": [ "linter" ], "languages": [ "asp", "aspnet", "c", "csharp", "cpp", "cobol", "coldfusion", "java", "javascript", "jsp", "perl", "php", "plsql", "tsql", "vbscript", "vbasic", "vbnet" ], "other": [ "mobile", "security" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.hcltechsw.com/products/appscan", "source": null, "pricing": "http://www.hcl-software.com/appscan/contact-us", "plans": { "free": false, "oss": false }, "description": "Commercial Static Code Analysis.", "discussion": null, "deprecated": null, "resources": [ { "title": "Introducing HCL AppScan Standard", "url": "https://www.youtube.com/watch?v=TmYY67w18RI" } ], "reviews": null, "demos": null, "wrapper": null }, "hegel": { "name": "hegel", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://hegel.js.org", "source": "https://github.com/JSMonk/hegel", "pricing": null, "plans": null, "description": "A static type checker for JavaScript with a bias on type inference and strong type systems.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "helix-qac": { "name": "Helix QAC", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.perforce.com/products/helix-qac", "source": null, "pricing": "https://www.perforce.com/purchase", "plans": null, "description": "Enterprise-grade static analysis for embedded software. Supports MISRA, CERT, and AUTOSAR coding standards.", "discussion": null, "deprecated": null, "resources": [ { "title": "Code with Confidence - Helix QAC", "url": "https://www.youtube.com/watch?v=HHaBnZx2fGY" }, { "title": "How to Apply AUTOSAR Guidelines With Helix QAC", "url": "https://www.youtube.com/watch?v=XFvZ_hh6LCo" } ], "reviews": null, "demos": null, "wrapper": null }, "herbie": { "name": "herbie", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Mozilla Public License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/mcarton/rust-herbie-lint", "source": "https://github.com/mcarton/rust-herbie-lint", "pricing": null, "plans": null, "description": "Adds warnings or errors to your crate when using a numerically unstable floating point expression.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "hlint": { "name": "HLint", "categories": [ "linter" ], "languages": [ "haskell" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://github.com/ndmitchell/hlint", "source": "https://github.com/ndmitchell/hlint", "pricing": null, "plans": null, "description": "HLint is a tool for suggesting possible improvements to Haskell code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "holistic": { "name": "holistic", "categories": [ "linter" ], "languages": [ "sql" ], "other": [], "licenses": [ "MIT License" ], "types": [ "service" ], "homepage": "https://holistic.dev/", "source": null, "pricing": null, "plans": null, "description": "More than 1,300 rules to analyze SQL queries. Takes an SQL schema definition and the query source code to generate improvement recommendations. Detects code smells, unused indexes, unused tables, views, materialized views, and more.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "hopper": { "name": "Hopper", "categories": [ "linter" ], "languages": [ "groovy", "java", "kotlin", "scala" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/cuplv/hopper", "source": "https://github.com/cuplv/hopper", "pricing": null, "plans": null, "description": "A static analysis tool written in scala for languages that run on JVM.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "hound-ci": { "name": "Hound CI", "categories": [ "linter" ], "languages": [ "coffeescript", "go", "javascript", "ruby", "swift" ], "other": [ "css" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://houndci.com", "source": "https://github.com/houndci/hound", "pricing": null, "plans": null, "description": "Comments on style violations in GitHub pull requests. Supports Coffeescript, Go, HAML, JavaScript, Ruby, SCSS and Swift.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "html-inspector": { "name": "HTML Inspector", "categories": [ "linter" ], "languages": [], "other": [ "html" ], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/philipwalton/html-inspector", "source": "https://github.com/philipwalton/html-inspector", "pricing": null, "plans": null, "description": "HTML Inspector is a code quality tool to help you and your team write better markup.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "html-tidy": { "name": "HTML Tidy", "categories": [ "linter" ], "languages": [], "other": [ "html" ], "licenses": [ "Custom" ], "types": [ "cli" ], "homepage": "http://www.html-tidy.org", "source": "https://github.com/htacg/tidy-html5", "pricing": null, "plans": null, "description": "Corrects and cleans up HTML and XML documents by fixing markup errors and upgrading legacy code to modern standards.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "html-validate": { "name": "HTML-Validate", "categories": [ "linter" ], "languages": [], "other": [ "html", "vue" ], "licenses": [ "MIT License" ], "types": [ "cli", "ide-plugin" ], "homepage": "https://html-validate.org/", "source": "https://gitlab.com/html-validate/html-validate", "pricing": null, "plans": null, "description": "Offline HTML5 validator.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "htmlbeautifier": { "name": "htmlbeautifier", "categories": [ "formatter" ], "languages": [ "ruby" ], "other": [ "erb", "html" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/threedaymonk/htmlbeautifier", "source": "https://github.com/threedaymonk/htmlbeautifier", "pricing": null, "plans": null, "description": "A normaliser/beautifier for HTML that also understands embedded Ruby. Ideal for tidying up Rails templates.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "htmlhint": { "name": "HTMLHint", "categories": [ "linter" ], "languages": [], "other": [ "html" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://htmlhint.com", "source": "https://github.com/yaniswang/HTMLHint", "pricing": null, "plans": null, "description": "A Static Code Analysis Tool for HTML.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "huntbugs": { "name": "HuntBugs", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/amaembo/huntbugs", "source": "https://github.com/amaembo/huntbugs", "pricing": null, "plans": null, "description": "Bytecode static analyzer tool based on Procyon Compiler Tools aimed to supersede FindBugs.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "i-code-cnes-for-fortran": { "name": "i-Code CNES for Fortran", "categories": [ "linter" ], "languages": [ "fortran" ], "other": [], "licenses": [ "Eclipse Public License 1.0" ], "types": [ "cli" ], "homepage": "https://github.com/lequal/i-CodeCNES", "source": "https://github.com/lequal/i-CodeCNES", "pricing": null, "plans": null, "description": "An open source static code analysis tool for Fortran 77, Fortran 90 and Shell.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "i-code-cnes-for-shell": { "name": "i-Code CNES for Shell", "categories": [ "linter" ], "languages": [ "shell" ], "other": [], "licenses": [ "Eclipse Public License 1.0" ], "types": [ "cli" ], "homepage": "https://github.com/lequal/i-CodeCNES", "source": "https://github.com/lequal/i-CodeCNES", "pricing": null, "plans": null, "description": "An open source static code analysis tool for Shell and Fortran (77 and 90).", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "iblessing": { "name": "iblessing", "categories": [ "linter" ], "languages": [], "other": [ "mobile", "security" ], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://www.kitploit.com/2020/08/iblessing-ios-security-exploiting.html", "source": "https://github.com/Soulghost/iblessing", "pricing": null, "plans": null, "description": "iblessing is an iOS security exploiting toolkit. It can be used for reverse engineering, binary analysis and vulnerability mining.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "icarus-verilog": { "name": "Icarus Verilog", "categories": [ "linter" ], "languages": [ "verilog" ], "other": [], "licenses": [ "GNU General Public License v2.0" ], "types": [ "cli" ], "homepage": "https://github.com/steveicarus/iverilog", "source": "http://iverilog.icarus.com/", "pricing": null, "plans": null, "description": "A Verilog simulation and synthesis tool that operates by compiling source code written in IEEE-1364 Verilog into some target format", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ida-free": { "name": "IDA Free", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.hex-rays.com/products/ida/support/download_freeware", "source": null, "pricing": null, "plans": null, "description": "Binary code analysis tool.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ikos": { "name": "IKOS", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/nasa-sw-vnv/ikos", "source": "https://github.com/nasa-sw-vnv/ikos", "pricing": null, "plans": null, "description": "A sound static analyzer for C/C++ code based on LLVM.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "imhotep": { "name": "imhotep", "categories": [ "meta" ], "languages": [ "javascript", "python", "ruby" ], "other": [ "buildtool", "meta" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/justinabrahms/imhotep", "source": "https://github.com/justinabrahms/imhotep", "pricing": null, "plans": null, "description": "Comment on commits coming into your repository and check for syntactic errors and general lint warnings.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "include-gardener": { "name": "include-gardener", "categories": [ "formatter" ], "languages": [ "c", "cpp", "python", "ruby" ], "other": [], "licenses": [ "GNU Public License version 2 or greater" ], "types": [ "cli" ], "homepage": "https://github.com/feddischson/include_gardener", "source": "https://github.com/feddischson/include_gardener", "pricing": null, "plans": null, "description": "A multi-language static analyzer for C/C++/Obj-C/Python/Ruby to create a graph (in dot or graphml format) which shows all `#include` relations of a given set of files.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ineffassign": { "name": "ineffassign", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/gordonklaus/ineffassign", "source": "https://github.com/gordonklaus/ineffassign", "pricing": null, "plans": null, "description": "Detect ineffectual assignments in Go code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "infer": { "name": "Infer", "categories": [ "linter" ], "languages": [ "c", "cpp", "java", "objectivec" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://fbinfer.com", "source": "https://github.com/facebook/infer", "pricing": null, "plans": null, "description": "A static analyzer for Java, C and Objective-C", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "inspectortiger": { "name": "InspectorTiger", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/thg-consulting/it", "source": "https://github.com/thg-consulting/it", "pricing": null, "plans": null, "description": "IT, Inspector Tiger, is a modern python code review tool / framework. It comes with bunch of pre-defined handlers which warns you about improvements and possible bugs. Beside these handlers, you can write your own or use community ones.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "intellij-idea": { "name": "IntelliJ IDEA", "categories": [ "formatter" ], "languages": [ "java" ], "other": [], "licenses": [ "proprietary" ], "types": [ "ide-plugin" ], "homepage": "https://www.jetbrains.com/idea", "source": null, "pricing": "https://www.jetbrains.com/buy", "plans": { "free": false, "oss": true }, "description": "Comes bundled with a lot of inspections for Java and Kotlin and includes tools for refactoring, formatting and more.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "interfacer": { "name": "interfacer", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://github.com/mvdan/interfacer", "source": "https://github.com/mvdan/interfacer", "pricing": null, "plans": null, "description": "Suggest narrower interfaces that can be used.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ionide-analyzers": { "name": "ionide-analyzers", "categories": [ "linter" ], "languages": [ "fsharp" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://ionide.io/ionide-analyzers/", "source": "https://github.com/ionide/ionide-analyzers", "pricing": null, "plans": null, "description": "A collection of F# analyzers, built with the FSharp.Analyzers.SDK.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "jakstab": { "name": "Jakstab", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "GNU General Public License v2.0" ], "types": [ "cli" ], "homepage": "https://github.com/jkinder/jakstab", "source": "https://github.com/jkinder/jakstab", "pricing": null, "plans": null, "description": "Jakstab is an Abstract Interpretation-based, integrated disassembly and static analysis framework for designing analyses on executables and recovering reliable control flow graphs.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "jarchitect": { "name": "JArchitect", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.jarchitect.com", "source": null, "pricing": "https://www.jarchitect.com/purchase", "plans": null, "description": "Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "jbmc": { "name": "JBMC", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "BSD-4-Clause-UC (original text)" ], "types": [ "cli" ], "homepage": "https://www.cprover.org/jbmc", "source": "https://github.com/peterschrammel/cbmc/releases/tag/jbmc-5.8-cav18", "pricing": null, "plans": null, "description": "Bounded model-checker for Java (bytecode), verifies user-defined assertions, standard assertions, several coverage metric analyses.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "jeb-decompiler": { "name": "JEB Decompiler", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.pnfsoftware.com/", "source": null, "pricing": null, "plans": null, "description": "Decompile and debug binary code. Break down and analyze document files. Android Dalvik, MIPS, ARM, Intel x86, Java, WebAssembly & Ethereum Decompilers.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "jedi": { "name": "jedi", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://jedi.readthedocs.io/en/latest", "source": "https://github.com/davidhalter/jedi", "pricing": null, "plans": null, "description": "Autocompletion/static analysis library for Python.", "discussion": null, "deprecated": null, "resources": [ { "title": "Choosing an Autocomplete for Python", "url": "https://www.youtube.com/watch?v=Qa-5mYCqPto" } ], "reviews": null, "demos": null, "wrapper": null }, "jet": { "name": "JET", "categories": [ "linter" ], "languages": [ "julia" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/aviatesk/JET.jl", "source": "https://github.com/aviatesk/JET.jl", "pricing": null, "plans": null, "description": "Static type inference system to detect bugs and type instabilities.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "jlisa": { "name": "JLiSA", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "MIT license" ], "types": [ "cli" ], "homepage": "https://github.com/lisa-analyzer/jlisa", "source": "https://github.com/lisa-analyzer/jlisa", "pricing": null, "plans": null, "description": "An abstract interpretation-based static analyzer for Java build upon the [LiSA](https://github.com/lisa-analyzer/lisa) framekwork.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "joern": { "name": "Joern", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "go", "java", "javascript", "jimple", "kotlin", "php", "python", "ruby", "swift", "typescript" ], "other": [ "ghidra", "security" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://joern.io", "source": "https://github.com/joernio/joern", "pricing": null, "plans": null, "description": "Joern is a platform for analyzing source code, bytecode, and binary executables. It generates code property graphs (CPGs), a graph representation of code for cross-language code analysis. Code property graphs are stored in a custom graph database. This allows code to be mined using search queries formulated in a Scala-based domain-specific query language. Joern is developed with the goal of providing a useful tool for vulnerability discovery and research in static program analysis.", "discussion": null, "deprecated": null, "resources": [ { "title": "Documentation", "url": "https://docs.joern.io" }, { "title": "CPG Specification", "url": "https://cpg.joern.io" } ], "reviews": null, "demos": null, "wrapper": null }, "jqassistant": { "name": "jQAssistant", "categories": [ "linter" ], "languages": [ "java", "kotlin", "typescript" ], "other": [ "git", "json", "nodejs", "spring", "xml", "yaml" ], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://jqassistant.org/", "source": "https://github.com/jqassistant/jqassistant", "pricing": null, "plans": null, "description": "jQAssistant is a plugin based software analytics platform which allows scanning code structures and metadata from repositories into a Neo4j graph database. The gathered data can be used for ad-hoc exploration using queries, visualization or defining rules for continuous architecture validation.", "discussion": null, "deprecated": null, "resources": [ { "title": "Plugins", "url": "https://github.com/jqassistant-plugin" } ], "reviews": null, "demos": null, "wrapper": null }, "jshint": { "name": "jshint", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://jshint.com/about", "source": "https://github.com/jshint/jshint", "pricing": null, "plans": null, "description": "Detect errors and potential problems in JavaScript code and enforce your team's coding conventions.", "discussion": "https://github.com/analysis-tools-dev/static-analysis/issues/223", "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "jslint": { "name": "JSLint", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "Llvm release license" ], "types": [ "cli" ], "homepage": "https://github.com/douglascrockford/JSLint", "source": "https://github.com/douglascrockford/JSLint", "pricing": null, "plans": null, "description": "The JavaScript Code Quality Tool.", "discussion": "https://github.com/analysis-tools-dev/static-analysis/issues/223", "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "jsonlint": { "name": "jsonlint", "categories": [ "linter" ], "languages": [], "other": [ "json" ], "licenses": [ "MIT License" ], "types": [ "cli", "service" ], "homepage": "https://jsonlint.com/", "source": "https://github.com/zaach/jsonlint", "pricing": null, "plans": null, "description": "A JSON parser and validator with a CLI. Standalone version of jsonlint.com", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "jsprime": { "name": "JSPrime", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://dpnishant.github.io/jsprime", "source": "https://github.com/dpnishant/jsprime", "pricing": null, "plans": null, "description": "Static security analysis tool.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "kani": { "name": "kani", "categories": [ "linter" ], "languages": [ "rust" ], "other": [ "security" ], "licenses": [ "MIT & Apache 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/model-checking/kani", "source": "https://github.com/model-checking/kani", "pricing": null, "plans": null, "description": "The Kani Rust Verifier is a bit-precise model checker for Rust. \nKani is particularly useful for verifying unsafe code blocks in Rust, \nwhere the \"unsafe superpowers\" are unchecked by the compiler.\nKani verifies:\n\n* Memory safety (e.g., null pointer dereferences)\n* User-specified assertions (i.e., assert!(...))\n* The absence of panics (e.g., unwrap() on None values)\n* The absence of some types of unexpected behavior (e.g., arithmetic overflows)\n", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "keploy": { "name": "keploy", "categories": [ "linter" ], "languages": [ "csharp", "go", "java", "javascript", "python", "rust" ], "other": [], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://keploy.io/", "source": "https://github.com/keploy/", "pricing": null, "plans": null, "description": "Keploy is an open-source testing platform that helps developers automate and streamline their testing process. It provides API, and integration testing agents, generating tests, mocks/stubs for APIs that actually work. Additionally, Keploy offers an AI-powered Unit Testing Agent that generates stable, useful unit tests directly in your GitHub PRs and in VSCode, helping catch errors and improve code quality.", "discussion": null, "deprecated": null, "resources": [ { "title": "Keploy PR Agent", "url": "https://github.com/apps/keploy" }, { "title": "Keploy Agent VSCode Extension", "url": "https://marketplace.visualstudio.com/items?itemName=Keploy.keployio" }, { "title": "Keploy Low code Integration Testing", "url": "https://github.com/keploy/keploy" } ], "reviews": null, "demos": null, "wrapper": null }, "kics": { "name": "kics", "categories": [ "linter" ], "languages": [], "other": [ "ansible", "configmanagement", "container", "kubernetes", "security", "terraform" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://kics.io/", "source": "https://github.com/Checkmarx/kics", "pricing": null, "plans": null, "description": "Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "kiuwan": { "name": "Kiuwan", "categories": [ "linter" ], "languages": [ "c", "cpp", "go", "java", "javascript", "kotlin", "php", "python", "scala", "swift" ], "other": [], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.kiuwan.com/code-security-sast", "source": null, "pricing": "https://www.kiuwan.com/pricing", "plans": { "free": false, "oss": false }, "description": "Identify and remediate cyber threats in a blazingly fast, collaborative environment, with seamless integration in your SDLC. Python, C\\C++, Java, C#, PHP and more.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "klee": { "name": "KLEE", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "UIUC open source license" ], "types": [ "cli" ], "homepage": "http://klee.github.io/", "source": "https://github.com/klee/klee", "pricing": null, "plans": null, "description": "A dynamic symbolic execution engine built on top of the LLVM compiler infrastructure. It can auto-generate test cases for programs such that the test cases exercise as much of the program as possible.", "discussion": null, "deprecated": null, "resources": [ { "title": "Introduction to symbolic execution with KLEE", "url": "https://www.youtube.com/watch?v=z6bsk-lsk1Q" }, { "title": "KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs [Original Paper]", "url": "https://www.usenix.org/legacy/event/osdi08/tech/full_papers/cadar/cadar.pdf" } ], "reviews": null, "demos": null, "wrapper": null }, "klint": { "name": "klint", "categories": [ "linter" ], "languages": [], "other": [ "kubernetes" ], "licenses": [ "Apache-2.0" ], "types": [ "cli" ], "homepage": "https://github.com/uswitch/klint", "source": "https://github.com/uswitch/klint", "pricing": null, "plans": null, "description": "A tool that listens to changes in Kubernetes resources and runs linting rules against them. Identify and debug erroneous objects and nudge objects in line with the policies as both change over time. Klint helps us encode checks and proactively alert teams when they need to take action.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "klocwork": { "name": "Klocwork", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "java" ], "other": [], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.perforce.com/products/klocwork", "source": null, "pricing": "https://www.perforce.com/purchase", "plans": { "free": false, "oss": false }, "description": "Quality and Security Static analysis for C/C++, Java and C#.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "kmdr": { "name": "kmdr", "categories": [ "linter" ], "languages": [ "shell" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/ediardo/kmdr-cli", "source": "https://github.com/ediardo/kmdr-cli", "pricing": null, "plans": null, "description": "CLI tool for learning commands from your terminal. kmdr delivers a break down of commands with every attribute explained.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "krane": { "name": "krane", "categories": [ "linter" ], "languages": [], "other": [ "container", "kubernetes" ], "licenses": [ "Apache-2.0" ], "types": [ "cli" ], "homepage": "https://github.com/appvia/krane", "source": "https://github.com/appvia/krane", "pricing": null, "plans": null, "description": "Krane is a simple Kubernetes RBAC static analysis tool.\nIt identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ktfmt": { "name": "ktfmt", "categories": [ "formatter" ], "languages": [ "kotlin" ], "other": [], "licenses": [ "Apache-2.0" ], "types": [ "cli", "ide-plugin" ], "homepage": "https://facebook.github.io/ktfmt/", "source": "https://github.com/facebook/ktfmt", "pricing": null, "plans": null, "description": "A program that reformats Kotlin source code to comply with the common community standard for Kotlin code conventions.\nA ktfmt IntelliJ plugin is available from the plugin repository. To install it, go to your IDE's settings and select the Plugins category. Click the Marketplace tab, search for the ktfmt plugin, and click the Install button.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ktlint": { "name": "ktlint", "categories": [ "linter", "formatter" ], "languages": [ "kotlin" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://ktlint.github.io", "source": "https://github.com/shyiko/ktlint", "pricing": null, "plans": null, "description": "An anti-bikeshedding Kotlin linter with built-in formatter.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "kube-hunter": { "name": "kube-hunter", "categories": [ "linter" ], "languages": [], "other": [ "kubernetes", "security" ], "licenses": [ "Apache-2.0" ], "types": [ "cli" ], "homepage": "https://aquasecurity.github.io/kube-hunter/", "source": "https://github.com/aquasecurity/kube-hunter", "pricing": null, "plans": null, "description": "Hunt for security weaknesses in Kubernetes clusters.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "kube-lint": { "name": "kube-lint", "categories": [ "linter" ], "languages": [], "other": [ "kubernetes" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/viglesiasce/kube-lint", "source": "https://github.com/viglesiasce/kube-lint", "pricing": null, "plans": null, "description": "A linter for Kubernetes resources with a customizable rule set. You define a list of rules that you would like to validate against your resources and kube-lint will evaluate those rules against them.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "kube-linter": { "name": "kube-linter", "categories": [ "linter" ], "languages": [], "other": [ "kubernetes" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/stackrox/kube-linter", "source": "https://github.com/stackrox/kube-linter", "pricing": null, "plans": null, "description": "KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "kube-score": { "name": "kube-score", "categories": [ "linter" ], "languages": [], "other": [ "kubernetes" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://kube-score.com", "source": "https://github.com/zegl/kube-score", "pricing": null, "plans": null, "description": "Static code analysis of your Kubernetes object definitions.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "kubeconform": { "name": "kubeconform", "categories": [ "linter" ], "languages": [], "other": [ "kubernetes" ], "licenses": [ "Apache 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/yannh/kubeconform", "source": "https://github.com/yannh/kubeconform", "pricing": null, "plans": null, "description": "A fast Kubernetes manifests validator with support for custom resources.\n\nIt is inspired by, contains code from and is designed to stay close to [Kubeval](https://analysis-tools.dev/tool/kubeval),\nbut with the following improvements:\n* high performance: will validate & download manifests over multiple routines, caching downloaded files in memory\n* configurable list of remote, or local schemas locations, enabling validating Kubernetes custom resources (CRDs) and offline validation capabilities\n* uses by default a self-updating fork of the schemas registry maintained by the kubernetes-json-schema project - which guarantees up-to-date schemas for all recent versions of Kubernetes.\n", "discussion": null, "deprecated": null, "resources": [ { "title": "Ensuring Kubernetes manifests validity & compliance - a tooling overview - Yann Hamon, Contentful", "url": "https://youtu.be/YM7Wy_M7Lvw?t=657" } ], "reviews": null, "demos": null, "wrapper": null }, "kubelinter": { "name": "KubeLinter", "categories": [ "linter" ], "languages": [], "other": [ "kubernetes" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/stackrox/kube-linter", "source": "https://github.com/stackrox/kube-linter", "pricing": null, "plans": null, "description": "KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.", "discussion": null, "deprecated": null, "resources": [ { "title": "KubeLinter: An open source linter for Kubernetes, from StackRox", "url": "https://www.youtube.com/watch?v=KWX0sWojV_0" }, { "title": "Announcement blog post", "url": "https://www.stackrox.com/post/2020/10/introducing-kubelinter-an-open-source-linter-for-kubernetes" } ], "reviews": null, "demos": null, "wrapper": null }, "kubeval": { "name": "kubeval", "categories": [ "linter" ], "languages": [], "other": [ "kubernetes" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://kubeval.instrumenta.dev", "source": "https://github.com/instrumenta/kubeval", "pricing": null, "plans": null, "description": "Validates your Kubernetes configuration files and supports multiple Kubernetes versions.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "lacheck": { "name": "lacheck", "categories": [ "linter" ], "languages": [], "other": [ "latex" ], "licenses": [ "GPL" ], "types": [ "cli" ], "homepage": "https://www.ctan.org/pkg/lacheck", "source": "https://www.ctan.org/tex-archive/support/lacheck", "pricing": null, "plans": null, "description": "A tool for finding common mistakes in LaTeX documents.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "langlint": { "name": "LangLint", "categories": [ "linter" ], "languages": [ "cpp", "go", "java", "javascript", "python", "rust", "typescript" ], "other": [ "json", "markdown", "translation", "yaml" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/HzaCode/Langlint", "source": "https://github.com/HzaCode/Langlint", "pricing": null, "plans": null, "description": "Automated translation platform for code comments and docstrings across 20+ file types. Eliminates language barriers in international software collaboration. Supports 100+ language pairs with syntax protection. Integrates into CI/CD pipelines like Ruff. 10-20x faster with concurrent processing.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "languagetool": { "name": "languagetool", "categories": [ "linter" ], "languages": [], "other": [ "writing" ], "licenses": [ "GNU Lesser General Public License v2.1" ], "types": [ "cli" ], "homepage": "https://languagetool.org", "source": "https://github.com/languagetool-org/languagetool", "pricing": null, "plans": null, "description": "Style and grammar checker for 25+ languages. It finds many errors that a simple spell checker cannot detect.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "larastan": { "name": "larastan", "categories": [ "linter" ], "languages": [ "php" ], "other": [ "laravel" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/larastan/larastan", "source": "https://github.com/larastan/larastan", "pricing": null, "plans": null, "description": "Adds static analysis to Laravel improving developer productivity and code quality. It is a wrapper around PHPStan.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "laser": { "name": "laser", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "GNU Affero General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://github.com/michaeledgar/laser", "source": "https://github.com/michaeledgar/laser", "pricing": null, "plans": null, "description": "Static analysis and style linter for Ruby code.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ldra": { "name": "LDRA", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://ldra.com", "source": null, "pricing": "https://ldra.com/register/", "plans": { "free": false, "oss": false }, "description": "A tool suite including static analysis (TBVISION) to various standards including MISRA C & C++, JSF++ AV, CWE, CERT C, CERT C++ & Custom Rules.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "lgtm": { "name": "LGTM", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "go", "java", "javascript", "python", "typescript" ], "other": [ "ci", "security" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://lgtm.com/", "source": null, "pricing": null, "plans": null, "description": "Find security vulnerabilities, variants, and critical code quality issues using CodeQL queries over source code. Automatic PR code review; free for open source. Formerly semmle. It supports public Git repositories hosted on Bitbucket Cloud, GitHub.com, GitLab.com.", "discussion": null, "deprecated": null, "resources": [ { "title": "Welcoming Semmle to GitHub", "url": "https://github.blog/2019-09-18-github-welcomes-semmle/" } ], "reviews": null, "demos": null, "wrapper": null }, "libvcs4j": { "name": "LibVCS4j", "categories": [ "linter" ], "languages": [], "other": [ "support" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/uni-bremen-agst/libvcs4j", "source": "https://github.com/uni-bremen-agst/libvcs4j", "pricing": null, "plans": null, "description": "A Java library that allows existing tools to analyse the evolution of software systems by providing a common API for different version control systems and issue trackers.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "lint": { "name": "lint", "categories": [ "linter" ], "languages": [ "dart" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/passsy/dart-lint", "source": "https://github.com/passsy/dart-lint", "pricing": null, "plans": null, "description": "An opinionated, community-driven set of lint rules for Dart and Flutter projects. Like pedantic but stricter", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "linter": { "name": "linter", "categories": [ "linter" ], "languages": [ "scala" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/HairyFotr/linter", "source": "https://github.com/HairyFotr/linter", "pricing": null, "plans": null, "description": "Linter is a Scala static analysis compiler plugin which adds compile-time checks for various possible bugs, inefficiencies, and style problems.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "linter-for-dart": { "name": "Linter for dart", "categories": [ "linter" ], "languages": [ "dart" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://github.com/dart-lang/linter", "source": "https://github.com/dart-lang/linter", "pricing": null, "plans": null, "description": "Style linter for Dart.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "linter-rust": { "name": "linter-rust", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/AtomLinter/linter-rust", "source": "https://github.com/AtomLinter/linter-rust", "pricing": null, "plans": null, "description": "Linting your Rust-files in Atom, using rustc and cargo.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "lintian": { "name": "lintian", "categories": [ "linter" ], "languages": [], "other": [ "package" ], "licenses": [ "GNU General Public License v2.0" ], "types": [ "cli" ], "homepage": "https://wiki.debian.org/Lintian", "source": "https://salsa.debian.org/lintian/lintian", "pricing": null, "plans": null, "description": "Static analysis tool for Debian packages.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "lintr": { "name": "lintr", "categories": [ "linter" ], "languages": [ "r" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/jimhester/lintr", "source": "https://github.com/jimhester/lintr", "pricing": null, "plans": null, "description": "Static Code Analysis for R.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "linty-fresh": { "name": "linty fresh", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/lyft/linty_fresh", "source": "https://github.com/lyft/linty_fresh", "pricing": null, "plans": null, "description": "Parse lint errors and report them to Github as comments on a pull request.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "liquid-haskell": { "name": "Liquid Haskell", "categories": [ "linter" ], "languages": [ "haskell" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://ucsd-progsys.github.io/liquidhaskell-blog/", "source": "https://github.com/ucsd-progsys/liquidhaskell", "pricing": null, "plans": null, "description": "Liquid Haskell is a refinement type checker for Haskell programs.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "lizard": { "name": "lizard", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "go", "java", "javascript", "lua", "objectivec", "php", "python", "ruby", "rust", "scala", "swift", "typescript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/terryyin/lizard", "source": "https://github.com/terryyin/lizard", "pricing": null, "plans": null, "description": "Lizard is an extensible Cyclomatic Complexity Analyzer for many programming languages including C/C++ (doesn't require all the header files or Java imports). It also does copy-paste detection (code clone detection/code duplicate detection) and many other forms of static code analysis. Counts lines of code without comments, CCN (cyclomatic complexity number), token count of functions, parameter count of functions.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "lll": { "name": "lll", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/walle/lll", "source": "https://github.com/walle/lll", "pricing": null, "plans": null, "description": "Report long lines.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "lockbud": { "name": "lockbud", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "BSD-3-Clause" ], "types": [ "cli" ], "homepage": "https://github.com/BurtonQin/lockbud", "source": "https://github.com/BurtonQin/lockbud", "pricing": null, "plans": null, "description": "Statically detects Rust deadlocks bugs. It currently detects two common kinds of deadlock bugs: doublelock and locks in conflicting order. It will print bugs in JSON format together with the source code location and an explanation of each bug.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "lockfile-lint": { "name": "lockfile-lint", "categories": [ "linter" ], "languages": [], "other": [ "nodejs", "security" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/lirantal/lockfile-lint", "source": "https://github.com/lirantal/lockfile-lint", "pricing": null, "plans": null, "description": "Lint an npm or yarn lockfile to analyze and detect security issues", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "luacheck": { "name": "luacheck", "categories": [ "linter" ], "languages": [ "lua" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/lunarmodules/luacheck", "source": "https://github.com/lunarmodules/luacheck", "pricing": null, "plans": null, "description": "A tool for linting and static analysis of Lua code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "lualint": { "name": "lualint", "categories": [ "linter" ], "languages": [ "lua" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/philips/lualint", "source": "https://github.com/philips/lualint", "pricing": null, "plans": null, "description": "lualint performs luac-based static analysis of global variable usage in Lua source code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "luanalysis": { "name": "Luanalysis", "categories": [ "linter" ], "languages": [ "lua" ], "other": [], "licenses": [ "Apache-2.0 License" ], "types": [ "ide-plugin" ], "homepage": "https://plugins.jetbrains.com/plugin/14698-luanalysis", "source": "https://github.com/Benjamin-Dobell/IntelliJ-Luanalysis", "pricing": null, "plans": null, "description": "An IDE for statically typed Lua development.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "lunasec": { "name": "LunaSec", "categories": [ "linter" ], "languages": [], "other": [ "security" ], "licenses": [ "Apache License Version 2.0" ], "types": [ "service" ], "homepage": "https://github.com/marketplace/lunatrace-by-lunasec/", "source": "https://github.com/lunasec-io/lunasec", "pricing": null, "plans": null, "description": "Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mago": { "name": "mago", "categories": [ "linter", "formatter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://mago.carthage.software", "source": "https://github.com/carthage-software/mago", "pricing": null, "plans": null, "description": "Mago is a complete toolchain for PHP, written in Rust, designed from the ground up for maximum performance.\n- ✨ A blazing-fast formatter that automatically formats your code according to PER-CS, ending style debates forever. - 🔎 An intelligent linter that catches stylistic issues, inconsistencies, and code smells before they become problems. - 🔬 A powerful static analyzer that finds type errors and logical bugs in your code without you ever having to run it. - 🛡️ A robust architectural guard that enforces dependency rules and structural conventions.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "malcat": { "name": "Malcat", "categories": [ "linter" ], "languages": [], "other": [ "binary", "security" ], "licenses": [ "proprietary" ], "types": [ "gui" ], "homepage": "https://malcat.fr/", "source": null, "pricing": null, "plans": { "free": true }, "description": "Hexadecimal editor and disassembler for malware analysis and binary file inspection. Supports over 50 file formats and multiple CPU architectures (x86/x64, MIPS, .NET, Python, VB p-code). Features rapid analysis, embedded file extraction, Yara signature scanning, anomaly detection, and Python scripting. Designed for malware analysts, SOC operators, incident responders, and CTF players.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "maligned": { "name": "maligned", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://github.com/mdempsky/maligned", "source": "https://github.com/mdempsky/maligned", "pricing": null, "plans": null, "description": "Detect structs that would take less memory if their fields were sorted.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "manalyze": { "name": "Manalyze", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://github.com/JusticeRage/Manalyze", "source": "https://github.com/JusticeRage/Manalyze", "pricing": null, "plans": null, "description": "A static analyzer, which checks portable executables for malicious content.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mariana-trench": { "name": "Mariana Trench", "categories": [ "linter" ], "languages": [ "java" ], "other": [ "mobile" ], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://mariana-tren.ch/", "source": "https://github.com/facebook/mariana-trench", "pricing": null, "plans": null, "description": "Our security focused static analysis tool for Android and Java applications. Mariana Trench analyzes Dalvik bytecode and is built to run fast on large codebases (10s of millions of lines of code). It can find vulnerabilities as code changes, before it ever lands in your repository.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "markdownlint": { "name": "markdownlint", "categories": [ "linter" ], "languages": [], "other": [ "markdown" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/DavidAnson/markdownlint", "source": "https://github.com/DavidAnson/markdownlint", "pricing": null, "plans": null, "description": "Node.js -based style checker and lint tool for Markdown/CommonMark files.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mate": { "name": "MATE", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "BSD-3-Clause" ], "types": [ "cli" ], "homepage": "https://galoisinc.github.io/MATE/", "source": "https://github.com/GaloisInc/MATE", "pricing": null, "plans": null, "description": "A suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++ code. MATE unifies application-specific and low-level vulnerability analysis using code property graphs (CPGs), enabling the discovery of highly application-specific vulnerabilities that depend on both implementation details and the high-level semantics of target C/C++ programs.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mbake": { "name": "mbake", "categories": [ "linter", "formatter" ], "languages": [ "python" ], "other": [ "make" ], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://pypi.org/project/mbake/", "source": "https://github.com/EbodShojaei/bake", "pricing": null, "plans": null, "description": "mbake is a Makefile formatter and linter. It only took 50 years!", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mccabe": { "name": "mccabe", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://pypi.org/project/mccabe", "source": "https://github.com/PyCQA/mccabe", "pricing": null, "plans": null, "description": "Check McCabe complexity.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mcsema": { "name": "mcsema", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "AGPL-3.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/lifting-bits/mcsema", "source": "https://github.com/lifting-bits/mcsema", "pricing": null, "plans": null, "description": "Framework for lifting x86, amd64, aarch64, sparc32, and sparc64 program binaries to LLVM bitcode. It translates (\"lifts\") executable binaries from native machine code to LLVM bitcode, which is very useful for performing program analysis methods.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mdformat": { "name": "mdformat", "categories": [ "formatter" ], "languages": [], "other": [ "markdown" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://mdformat.rtfd.io", "source": "https://github.com/executablebooks/mdformat", "pricing": null, "plans": null, "description": "CommonMark compliant Markdown formatter", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mdl": { "name": "mdl", "categories": [ "linter" ], "languages": [], "other": [ "markdown" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/mivok/markdownlint", "source": "https://github.com/mivok/markdownlint", "pricing": null, "plans": null, "description": "A tool to check Markdown files and flag style issues.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mdsf": { "name": "mdsf", "categories": [ "formatter" ], "languages": [], "other": [ "markdown" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/hougesen/mdsf", "source": "https://github.com/hougesen/mdsf", "pricing": null, "plans": null, "description": "Format markdown code blocks using your favorite code formatters.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mega-linter": { "name": "Mega-Linter", "categories": [ "linter" ], "languages": [ "dotnet", "apex", "c", "csharp", "cpp", "clojure", "coffeescript", "dart", "go", "groovy", "java", "javascript", "jsx", "kotlin", "lwc", "lua", "perl", "php", "powershell", "python", "r", "raku", "ruby", "rust", "scala", "shell", "sql", "typescript", "vbnet" ], "other": [ "dotenv", "ansible", "arm", "cloudformation", "configfile", "configmanagement", "container", "ci", "css", "dockerfile", "gherkin", "html", "json", "kubernetes", "latex", "markdown", "nodejs", "protobuf", "puppet", "terraform", "vue", "writing", "xml", "yaml" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://megalinter.io/", "source": "https://github.com/nvuillam/mega-linter", "pricing": null, "plans": null, "description": "Mega-Linter can handle any type of project thanks to its 70+ embedded Linters,\n its advanced reporting, runnable on any CI system or locally,\n with assisted installation and configuration, able to apply formatting and fixes", "discussion": null, "deprecated": null, "resources": [ { "title": "Hands on - Improving code standards with mega linter", "url": "https://www.youtube.com/watch?v=3xgTU1GhRvs" } ], "reviews": null, "demos": null, "wrapper": null }, "metadata-json-lint": { "name": "metadata-json-lint", "categories": [ "linter" ], "languages": [], "other": [ "configmanagement", "puppet" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/voxpupuli/metadata-json-lint", "source": "https://github.com/voxpupuli/metadata-json-lint", "pricing": null, "plans": null, "description": "Tool to check the validity of Puppet metadata.json files.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "metricfu": { "name": "MetricFu", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/metricfu/metric_fu", "source": "https://github.com/metricfu/metric_fu", "pricing": null, "plans": null, "description": "MetricFu is a set of tools to provide reports that show which parts of your code might need extra work.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "meziantou-analyzer": { "name": "Meziantou.Analyzer", "categories": [ "linter" ], "languages": [ "csharp" ], "other": [], "licenses": [ "MIT license" ], "types": [ "cli" ], "homepage": "https://github.com/meziantou/Meziantou.Analyzer", "source": "https://github.com/meziantou/Meziantou.Analyzer", "pricing": null, "plans": null, "description": "A Roslyn analyzer to enforce some good practices in C# in terms of design, usage, security, performance, and style.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mirai": { "name": "MIRAI", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/facebookexperimental/MIRAI", "source": "https://github.com/facebookexperimental/MIRAI", "pricing": null, "plans": null, "description": "And abstract interpreter operating on Rust's mid-level intermediate language, and providing warnings based on taint analysis.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "miss-hit": { "name": "MISS_HIT", "categories": [ "linter", "formatter" ], "languages": [ "matlab" ], "other": [], "licenses": [ "GPL-3.0" ], "types": [ "cli" ], "homepage": "https://misshit.org/", "source": "https://github.com/florianschanda/miss_hit", "pricing": null, "plans": null, "description": "MISS_HIT is a free, open-source code quality toolset for MATLAB, Simulink, and Octave. It includes MH Style (style checker and formatter), MH Metrics (complexity metrics), MH Lint (static analysis), MH Trace (requirements traceability), and MH Copyright (copyright management). Designed to work standalone without requiring MATLAB/Octave installation.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "misspell": { "name": "misspell", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/client9/misspell", "source": "https://github.com/client9/misspell", "pricing": null, "plans": null, "description": "Finds commonly misspelled English words.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "misspell-fixer": { "name": "misspell-fixer", "categories": [ "linter" ], "languages": [], "other": [ "writing" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/vlajos/misspell-fixer", "source": "https://github.com/vlajos/misspell-fixer", "pricing": null, "plans": null, "description": "Quick tool for fixing common misspellings, typos in source code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "misspelled-words-in-context": { "name": "Misspelled Words In Context", "categories": [ "linter" ], "languages": [], "other": [ "writing" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://jwilk.net/software/mwic", "source": "https://github.com/jwilk/mwic", "pricing": null, "plans": null, "description": "A spell-checker that groups possible misspellings and shows them in their contexts.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mlint": { "name": "mlint", "categories": [ "linter" ], "languages": [ "matlab" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.mathworks.com/help/matlab/ref/mlint.html", "source": null, "pricing": null, "plans": null, "description": "Check MATLAB code files for possible problems.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mobb": { "name": "Mobb", "categories": [ "linter", "formatter" ], "languages": [ "csharp", "java", "javascript", "typescript" ], "other": [ "ci" ], "licenses": [ "proprietary" ], "types": [ "cli", "service" ], "homepage": "https://mobb.ai", "source": null, "pricing": null, "plans": null, "description": "Mobb is a trusted, automatic vulnerability fixer that secures applications, reduces security backlogs, and frees developers to focus on innovation. Mobb is free for open-source projects.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mondrian": { "name": "Mondrian", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "CC-BY-SA-3.0" ], "types": [ "cli" ], "homepage": "https://trismegiste.github.io/Mondrian", "source": "https://github.com/Trismegiste/Mondrian", "pricing": null, "plans": null, "description": "A set of static analysis and refactoring tools which use graph theory.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mopsa": { "name": "MOPSA", "categories": [ "linter" ], "languages": [ "c", "python" ], "other": [], "licenses": [ "GNU Lesser General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://mopsa.lip6.fr", "source": "https://gitlab.com/mopsa/mopsa-analyzer", "pricing": null, "plans": null, "description": "A static analyzer designed to easily reuse abstract domains across widely different languages (such as C and Python).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "multilint": { "name": "multilint", "categories": [ "meta" ], "languages": [ "python" ], "other": [ "meta" ], "licenses": [ "ISC License" ], "types": [ "cli" ], "homepage": "https://github.com/adamchainz/multilint", "source": "https://github.com/adamchainz/multilint", "pricing": null, "plans": null, "description": "A wrapper around `flake8`, `isort` and `modernize`.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "mypy": { "name": "mypy", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "http://www.mypy-lang.org", "source": "https://github.com/python/mypy", "pricing": null, "plans": null, "description": "A static type checker that aims to combine the benefits of duck typing and static typing, frequently used with [MonkeyType](https://github.com/Instagram/MonkeyType).", "discussion": null, "deprecated": null, "resources": [ { "title": "Static type checking with mypy", "url": "https://www.youtube.com/watch?v=9gNnhNxra3E" }, { "title": "Introduction to python typing + mypy (beginner - intermediate)", "url": "https://www.youtube.com/watch?v=H5CnZQDKfhU" } ], "reviews": null, "demos": [ "https://mypy-lang.org/examples.html" ], "wrapper": null }, "mythril": { "name": "mythril", "categories": [ "linter" ], "languages": [], "other": [ "smart-contracts" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/ConsenSys/mythril", "source": "https://github.com/ConsenSys/mythril", "pricing": null, "plans": null, "description": "A symbolic execution framework with batteries included, can be used to find and exploit vulnerabilities in smart contracts automatically.", "discussion": null, "deprecated": null, "resources": [ { "title": "The Ether Wars: Exploits, counter exploits and honeypots - Bernhard Mueller, DEF CON 27 Conference", "url": "https://www.youtube.com/watch?v=Qd9ubry-c_M" }, { "title": "Smashing Ethereum Smart Contracts for Fun and ACTUAL Profit - Bernhard Mueller", "url": "https://www.youtube.com/watch?v=iqf6epACgds" } ], "reviews": null, "demos": null, "wrapper": null }, "mythx": { "name": "MythX", "categories": [ "linter" ], "languages": [], "other": [ "smart-contracts" ], "licenses": [ "proprietary" ], "types": [ "cli", "service", "ide-plugin" ], "homepage": "https://mythx.io", "source": null, "pricing": "https://mythx.io/plans/", "plans": { "free": false, "oss": false }, "description": "MythX is an easy to use analysis platform which integrates several analysis methods like fuzzing, symbolic execution and static analysis to find vulnerabilities with high precision. It can be integrated with toolchains like Remix or VSCode or called from the command-line.", "discussion": null, "deprecated": null, "resources": [ { "title": "What is MythX?", "url": "https://www.youtube.com/watch?v=N-dAuqNztjA" } ], "reviews": null, "demos": null, "wrapper": null }, "nagelfar": { "name": "Nagelfar", "categories": [ "linter" ], "languages": [ "tcl" ], "other": [], "licenses": [ "GPL v2" ], "types": [ "cli" ], "homepage": "https://sourceforge.net/projects/nagelfar", "source": "https://sourceforge.net/p/nagelfar/code/ci/master/tree", "pricing": null, "plans": null, "description": "A static syntax checker for Tcl.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "nakedret": { "name": "nakedret", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/alexkohler/nakedret", "source": "https://github.com/alexkohler/nakedret", "pricing": null, "plans": null, "description": "Finds naked returns.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "nargs": { "name": "nargs", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/alexkohler/nargs", "source": "https://github.com/alexkohler/nargs", "pricing": null, "plans": null, "description": "Finds unused arguments in function declarations.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "nauz-file-detector": { "name": "Nauz File Detector", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/horsicq/Nauz-File-Detector", "source": "https://github.com/horsicq/Nauz-File-Detector", "pricing": null, "plans": null, "description": "Static Linker/Compiler/Tool detector for Windows, Linux and MacOS.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ndepend": { "name": "NDepend", "categories": [ "linter" ], "languages": [ "csharp" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "http://www.ndepend.com", "source": null, "pricing": "https://www.ndepend.com/purchase", "plans": { "free": false, "oss": false }, "description": "Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "net-analyzers": { "name": ".NET Analyzers", "categories": [ "linter" ], "languages": [ "csharp" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/DotNetAnalyzers", "source": "https://github.com/DotNetAnalyzers", "pricing": null, "plans": null, "description": "An organization for the development of analyzers (diagnostics and code fixes) using the .NET Compiler Platform.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "neurolint-cli": { "name": "Neurolint-CLI", "categories": [ "linter" ], "languages": [ "javascript", "typescript" ], "other": [], "licenses": [ "Apache-2.0" ], "types": [ "cli" ], "homepage": "https://neurolint.dev", "source": "https://github.com/Alcatecablee/Neurolint-CLI", "pricing": null, "plans": null, "description": "Deterministic code transformation tool using AST parsing and rule-based transformations. \nAutomatically fixes 50+ issues including accessibility violations, hydration errors, \nReact 19/Next.js 16 migrations, and configuration updates. Features 5-step fail-safe \norchestration to ensure zero breaking changes. Specialized for React, Next.js, and TypeScript projects.\n", "discussion": null, "deprecated": null, "resources": [ { "title": "CLI Documentation", "url": "https://neurolint.dev" }, { "title": "GitHub Marketplace Action", "url": "https://github.com/marketplace/actions/neurolint-deterministic-code-fixer" } ], "reviews": null, "demos": null, "wrapper": null }, "nimfmt": { "name": "nimfmt", "categories": [ "linter" ], "languages": [ "nim" ], "other": [], "licenses": [ "GPL-3.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/FedericoCeratto/nimfmt", "source": "https://github.com/FedericoCeratto/nimfmt", "pricing": null, "plans": null, "description": "Nim code formatter / linter / style checker", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "njsscan": { "name": "njsscan", "categories": [ "linter" ], "languages": [], "other": [ "nodejs", "security" ], "licenses": [ "LGPL-2.1 License" ], "types": [ "cli" ], "homepage": "https://opensecurity.in", "source": "https://github.com/ajinabraham/njsscan", "pricing": null, "plans": null, "description": "A static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "nodejsscan": { "name": "NodeJSScan", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [ "nodejs", "security" ], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli", "service" ], "homepage": "https://opensecurity.in", "source": "https://github.com/ajinabraham/NodeJsScan", "pricing": null, "plans": null, "description": "A static security code scanner for Node.js applications powered by libsast and semgrep that builds on the njsscan cli tool. It features a UI with various dashboards about an application's security status.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "nu-html-checker": { "name": "Nu Html Checker", "categories": [ "linter" ], "languages": [], "other": [ "css", "html" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://validator.github.io/validator/", "source": "https://github.com/validator/validator", "pricing": null, "plans": null, "description": "Helps you catch problems in your HTML/CSS/SVG", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "nullaway": { "name": "NullAway", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/uber/NullAway", "source": "https://github.com/uber/NullAway", "pricing": null, "plans": null, "description": "Type-based null-pointer checker with low build-time overhead; an [Error Prone](http://errorprone.info/) plugin.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "oclint": { "name": "oclint", "categories": [ "linter" ], "languages": [ "c", "cpp", "objectivec" ], "other": [], "licenses": [ "BSD-3-Clause (original text)" ], "types": [ "cli" ], "homepage": "http://oclint.org", "source": "https://github.com/oclint/oclint", "pricing": null, "plans": null, "description": "A static source code analysis tool to improve quality and reduce defects for C, C++ and Objective-C.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "oelint-adv": { "name": "oelint-adv", "categories": [ "linter" ], "languages": [], "other": [ "embedded" ], "licenses": [ "BSD 2-Clause \"Simplified\" License" ], "types": [ "cli" ], "homepage": "https://github.com/priv-kweihmann/oelint-adv", "source": "https://github.com/priv-kweihmann/oelint-adv", "pricing": null, "plans": null, "description": "Linter for bitbake recipes used in open-embedded and YOCTO", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "offensive-360": { "name": "Offensive 360", "categories": [ "linter" ], "languages": [ "dotnet", "asp", "csharp", "java", "javascript", "jsx", "php", "typescript", "vbscript", "vbasic", "vbnet" ], "other": [ "container", "html", "mobile", "nodejs", "phonegap", "security", "xml" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://offensive360.com/", "source": null, "pricing": null, "plans": null, "description": "Commercial Static Code Analysis system doesn't require building the source code or pre-compilation.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "openrewrite": { "name": "OpenRewrite", "categories": [ "linter", "formatter" ], "languages": [ "groovy", "java", "kotlin", "python", "sql" ], "other": [ "git", "json", "xml", "yaml" ], "licenses": [ "Apache-2.0" ], "types": [ "cli" ], "homepage": "https://docs.openrewrite.org/", "source": "https://github.com/openrewrite/rewrite", "pricing": null, "plans": null, "description": "OpenRewrite [fixes common static analysis issues](https://docs.openrewrite.org/running-recipes/popular-recipe-guides/common-static-analysis-issue-remediation) reported through Sonar and other tools using a Maven and Gradle plugin or the Moderne CLI.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "openscap": { "name": "OpenSCAP", "categories": [ "linter" ], "languages": [], "other": [ "container" ], "licenses": [ "LGPL-2.1 License" ], "types": [ "cli" ], "homepage": "https://www.open-scap.org/", "source": "https://github.com/OpenSCAP/openscap", "pricing": null, "plans": null, "description": "Suite of automated audit tools to examine the configuration and known vulnerabilities following the NIST-certified Security Content Automation Protocol (SCAP).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "openstaticanalyzer": { "name": "OpenStaticAnalyzer", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "java", "javascript", "python" ], "other": [], "licenses": [ "European Union Public Licence (EUPL) v1.2" ], "types": [ "cli" ], "homepage": "https://github.com/sed-inf-u-szeged/OpenStaticAnalyzer", "source": null, "pricing": null, "plans": { "free": true, "oss": true }, "description": "OpenStaticAnalyzer is a source code analyzer tool, which can perform deep static analysis of the source code of complex systems.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "osv-scanner": { "name": "OSV-Scanner", "categories": [ "linter" ], "languages": [ "go" ], "other": [ "security" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://osv.dev/", "source": "https://github.com/google/osv-scanner", "pricing": null, "plans": null, "description": "Vulnerability scanner written in Go which uses the data provided by OSV.dev. Developed by Google to scan dependencies across multiple languages and package managers for known vulnerabilities. Supports container scanning, license scanning, and guided remediation. Works with lockfiles, SBOMs, and container images to identify security issues.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "oversecured": { "name": "Oversecured", "categories": [ "linter" ], "languages": [], "other": [ "mobile", "security" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://oversecured.com", "source": null, "pricing": null, "plans": null, "description": "Enterprise vulnerability scanner for Android and iOS apps. It allows app owners and developers to secure each new version of a mobile app by integrating Oversecured into the development process.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "owasp-dependency-check": { "name": "OWASP Dependency Check", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://owasp.org/www-project-dependency-check", "source": "https://github.com/jeremylong/DependencyCheck", "pricing": null, "plans": null, "description": "Checks dependencies for known, publicly disclosed, vulnerabilities.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "owasp-noir": { "name": "OWASP Noir", "categories": [ "linter" ], "languages": [], "other": [ "security" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://owasp-noir.github.io/noir/", "source": "https://github.com/owasp-noir/noir", "pricing": null, "plans": null, "description": "Attack surface detector that identifies endpoints by static analysis.", "discussion": null, "deprecated": null, "resources": [ { "title": "OWASP Project Noir", "url": "https://owasp.org/www-project-noir/" } ], "reviews": null, "demos": null, "wrapper": null }, "oxc": { "name": "oxc", "categories": [ "linter", "formatter" ], "languages": [ "javascript", "typescript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/web-infra-dev/oxc", "source": "https://github.com/web-infra-dev/oxc", "pricing": null, "plans": null, "description": "The Oxidation Compiler is creating a suite of high-performance tools for the JavaScript / TypeScript language re-written in Rust.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": [ "https://web-infra-dev.github.io/oxc/playground" ], "wrapper": null }, "pa11y": { "name": "Pa11y", "categories": [ "linter" ], "languages": [], "other": [ "html" ], "licenses": [ "LGPL-3.0" ], "types": [ "cli" ], "homepage": "https://pa11y.org/", "source": "https://github.com/pa11y/pa11y", "pricing": null, "plans": null, "description": "Automated accessibility testing tool that runs HTML CodeSniffer or axe-core from the command line. Supports CI/CD integration, multiple reporters, and testing against WCAG 2.1 AA standards.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "packj": { "name": "packj", "categories": [ "linter" ], "languages": [], "other": [ "archive" ], "licenses": [ "AGPL-3.0" ], "types": [ "cli" ], "homepage": "https://github.com/ossillate-inc/packj", "source": "https://github.com/ossillate-inc/packj", "pricing": null, "plans": null, "description": "Packj (pronounced package) is a command line (CLI) tool to vet open-source software packages for \"risky\" attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "paprika": { "name": "paprika", "categories": [ "linter" ], "languages": [], "other": [ "mobile" ], "licenses": [ "GNU Affero General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://github.com/GeoffreyHecht/paprika", "source": "https://github.com/GeoffreyHecht/paprika", "pricing": null, "plans": null, "description": "A toolkit to detect some code smells in analyzed Android applications.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "parallel-lint": { "name": "parallel-lint", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/php-parallel-lint/PHP-Parallel-Lint", "source": "https://github.com/php-parallel-lint/PHP-Parallel-Lint", "pricing": null, "plans": null, "description": "This tool checks syntax of PHP files faster than serial check with a fancier output.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "parasoft": { "name": "parasoft", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "javascript" ], "other": [], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.parasoft.com/", "source": null, "pricing": "https://www.parasoft.com/contact/", "plans": { "free": false, "oss": false }, "description": "Automated Software Testing Solutions for unit-, API-, and web UI testing. Complies with MISRA, OWASP, and others.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "parker": { "name": "Parker", "categories": [ "linter" ], "languages": [], "other": [ "css" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/katiefenn/parker", "source": "https://github.com/katiefenn/parker", "pricing": null, "plans": null, "description": "Stylesheet analysis tool.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "parse": { "name": "Parse", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/psecio/parse", "source": "https://github.com/psecio/parse", "pricing": null, "plans": null, "description": "A Static Security Scanner.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pascal-analyzer": { "name": "Pascal Analyzer", "categories": [ "linter" ], "languages": [ "delphi" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://peganza.com/products_pal.html", "source": null, "pricing": "https://peganza.com/orders.html", "plans": null, "description": "A static code analysis tool with numerous reports. A free _Lite_ version is available with limited reporting.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pascal-expert": { "name": "Pascal Expert", "categories": [ "linter" ], "languages": [ "delphi" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://peganza.com/products_pex.html", "source": null, "pricing": null, "plans": null, "description": "IDE plugin for code analysis. Includes a subset of Pascal Analyzer reporting capabilities and is available for Delphi versions 2007 and later.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pc-lint": { "name": "PC-lint", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://pclintplus.com/", "source": null, "pricing": "https://pclintplus.com/pricing/", "plans": null, "description": "Static analysis for C/C++. Runs natively under Windows/Linux/MacOS. Analyzes code for virtually any platform, supporting C11/C18 and C++17.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pdepend": { "name": "pdepend", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://pdepend.org", "source": "https://github.com/pdepend/pdepend", "pricing": null, "plans": null, "description": "Calculates software metrics like cyclomatic complexity for PHP code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pelusa": { "name": "pelusa", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/codegram/pelusa", "source": "https://github.com/codegram/pelusa", "pricing": null, "plans": null, "description": "Static analysis Lint-type tool to improve your OO Ruby code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "perl-analyzer": { "name": "Perl::Analyzer", "categories": [ "linter" ], "languages": [ "perl" ], "other": [], "licenses": [ "Artistic License (2.0)" ], "types": [ "cli", "service", "ide-plugin" ], "homepage": "https://technix.github.io/Perl-Analyzer/", "source": "https://github.com/technix/Perl-Analyzer", "pricing": null, "plans": null, "description": "Perl-Analyzer is a set of programs and modules that allow users to analyze and visualize Perl codebases by providing information about namespaces and their relations, dependencies, inheritance, and methods implemented, inherited, and redefined in packages, as well as calls to methods from parent packages via SUPER. ", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "perl-critic": { "name": "Perl::Critic", "categories": [ "linter" ], "languages": [ "perl" ], "other": [], "licenses": [ "GPL v2" ], "types": [ "cli" ], "homepage": "https://metacpan.org/pod/Perl::Critic", "source": "https://metacpan.org/release/Perl-Critic/source/lib/Perl/Critic.pm", "pricing": null, "plans": null, "description": "Critique Perl source code for best-practices.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "perltidy": { "name": "perltidy", "categories": [ "formatter" ], "languages": [ "perl" ], "other": [], "licenses": [ "GPL-2.0 license" ], "types": [ "cli" ], "homepage": "https://perltidy.sourceforge.net/", "source": "https://github.com/perltidy/perltidy", "pricing": null, "plans": null, "description": "Perltidy is a Perl script which indents and reformats Perl scripts to make them easier to read. \nThe formatting can be controlled with command line parameters. The default parameter settings approximately follow the suggestions in the Perl Style Guide. \nBesides reformatting scripts, Perltidy can be a great help in tracking down errors with missing or extra braces, parentheses, and square brackets because it is very good at localizing errors.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pfff": { "name": "pfff", "categories": [ "formatter" ], "languages": [ "c", "csharp", "cpp", "erlang", "haskell", "java", "javascript", "php", "python", "rust" ], "other": [ "css", "html" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/facebookarchive/pfff/wiki/Main", "source": "https://github.com/returntocorp/pfff", "pricing": null, "plans": null, "description": "Facebook's tools for code analysis, visualizations, or style-preserving source transformation for many languages.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pgspot": { "name": "pgspot", "categories": [ "linter" ], "languages": [ "sql" ], "other": [], "licenses": [ "PostgreSQL License" ], "types": [ "cli" ], "homepage": "https://github.com/timescale/pgspot", "source": "https://github.com/timescale/pgspot", "pricing": null, "plans": null, "description": "Spot vulnerabilities in postgres extension scripts. Finds unsafe search_path usage and unsafe object creation in PostgreSQL extension scripts or any other PostgreSQL SQL code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phan": { "name": "phan", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/phan/phan/wiki", "source": "https://github.com/etsy/phan", "pricing": null, "plans": null, "description": "A modern static analyzer from etsy.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phasar": { "name": "Phasar", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://phasar.org", "source": "https://github.com/secure-software-engineering/phasar", "pricing": null, "plans": null, "description": "A LLVM-based static analysis framework which comes with a taint and type state analysis.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "php-architecture-tester": { "name": "PHP Architecture Tester", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/carlosas/phpat", "source": "https://github.com/carlosas/phpat", "pricing": null, "plans": null, "description": "Easy to use architecture testing tool for PHP.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "php-assumptions": { "name": "PHP Assumptions", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/rskuipers/php-assumptions", "source": "https://github.com/rskuipers/php-assumptions", "pricing": null, "plans": null, "description": "Checks for weak assumptions.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "php-codesniffer": { "name": "PHP_CodeSniffer", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://pear.php.net/package/PHP_CodeSniffer", "source": "https://github.com/squizlabs/PHP_CodeSniffer", "pricing": null, "plans": null, "description": "Detects violations of a defined set of coding standards.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "php-coding-standards-fixer": { "name": "PHP Coding Standards Fixer", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://cs.symfony.com", "source": "https://github.com/FriendsOfPHP/PHP-CS-Fixer", "pricing": null, "plans": null, "description": "Fixes your code according to standards like PSR-1, PSR-2, and the Symfony standard.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "php-insights": { "name": "PHP Insights", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/nunomaduro/phpinsights", "source": "https://github.com/nunomaduro/phpinsights", "pricing": null, "plans": null, "description": "Instant PHP quality checks from your console. Analysis of code quality and coding style as well as overview of code architecture and its complexity.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "php-inspections-ea-extended": { "name": "Php Inspections (EA Extended)", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://plugins.jetbrains.com/plugin/7622-php-inspections-ea-extended-", "source": "https://github.com/kalessil/phpinspectionsea", "pricing": null, "plans": null, "description": "A Static Code Analyzer for PHP.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "php-parser": { "name": "PHP-Parser", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://github.com/nikic/PHP-Parser", "source": "https://github.com/nikic/PHP-Parser", "pricing": null, "plans": null, "description": "A PHP parser written in PHP.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "php-refactoring-browser": { "name": "PHP Refactoring Browser", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://qafoolabs.github.io/php-refactoring-browser", "source": "https://github.com/QafooLabs/php-refactoring-browser", "pricing": null, "plans": null, "description": "Refactoring helper.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "php-semantic-versioning-checker": { "name": "PHP Semantic Versioning Checker", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/tomzx/php-semver-checker", "source": "https://github.com/tomzx/php-semver-checker", "pricing": null, "plans": null, "description": "Suggests a next version according to semantic versioning.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "php-speller": { "name": "php-speller", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/mekras/php-speller", "source": "https://github.com/mekras/php-speller", "pricing": null, "plans": null, "description": "PHP spell check library.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "php-token-reflection": { "name": "PHP-Token-Reflection", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/Andrewsville/PHP-Token-Reflection", "source": "https://github.com/Andrewsville/PHP-Token-Reflection", "pricing": null, "plans": null, "description": "Library emulating the PHP internal reflection.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "php7cc": { "name": "php7cc", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/sstalle/php7cc", "source": "https://github.com/sstalle/php7cc", "pricing": null, "plans": null, "description": "PHP 7 Compatibility Checker.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "php7mar": { "name": "php7mar", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://github.com/Alexia/php7mar", "source": "https://github.com/Alexia/php7mar", "pricing": null, "plans": null, "description": "Assist developers in porting their code quickly to PHP 7.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phparkitect": { "name": "PHPArkitect", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/phparkitect/arkitect", "source": "https://github.com/phparkitect/arkitect", "pricing": null, "plans": null, "description": "PHPArkitect helps you to keep your PHP codebase coherent and solid, by permitting to add some architectural constraint check to your workflow. You can express the constraint that you want to enforce, in simple and readable PHP code.", "discussion": null, "deprecated": null, "resources": [ { "title": "PUG Romagna - Testing Architectural Decisions with PHPArkitect (Italian)", "url": "https://www.youtube.com/watch?v=fhRDZs82AbE" } ], "reviews": null, "demos": null, "wrapper": null }, "phpca": { "name": "phpca", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://github.com/wapmorgan/PhpCodeAnalyzer", "source": "https://github.com/wapmorgan/PhpCodeAnalyzer", "pricing": null, "plans": null, "description": "Finds usage of non-built-in extensions.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phpcpd": { "name": "phpcpd", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/sebastianbergmann/phpcpd", "source": "https://github.com/sebastianbergmann/phpcpd", "pricing": null, "plans": null, "description": "Copy/Paste Detector for PHP code.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phpdcd": { "name": "phpdcd", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/sebastianbergmann/phpdcd", "source": "https://github.com/sebastianbergmann/phpdcd", "pricing": null, "plans": null, "description": "Dead Code Detector (DCD) for PHP code.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phpdependencyanalysis": { "name": "PhpDependencyAnalysis", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://mamuz.github.io/PhpDependencyAnalysis", "source": "https://github.com/mamuz/PhpDependencyAnalysis", "pricing": null, "plans": null, "description": "Builds a dependency graph for a project.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phpdeprecationdetector": { "name": "PhpDeprecationDetector", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "BSD-3-Clause" ], "types": [ "cli" ], "homepage": "https://github.com/wapmorgan/PhpDeprecationDetector", "source": "https://github.com/wapmorgan/PhpDeprecationDetector", "pricing": null, "plans": null, "description": "Analyzer of PHP code to search issues with deprecated functionality in newer interpreter versions. It finds removed objects (functions, variables, constants and ini-directives), deprecated functions functionality, and usage of forbidden names or tricks (e.g. reserved identifiers in newer versions).", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phpdoc-to-typehint": { "name": "phpdoc-to-typehint", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/dunglas/phpdoc-to-typehint", "source": "https://github.com/dunglas/phpdoc-to-typehint", "pricing": null, "plans": null, "description": "Add scalar type hints and return types to existing PHP projects using PHPDoc annotations.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phpdocumentor": { "name": "phpDocumentor", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://www.phpdoc.org", "source": "https://github.com/phpDocumentor/phpDocumentor", "pricing": null, "plans": null, "description": "Analyzes PHP source code to generate documentation.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phploc": { "name": "phploc", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/sebastianbergmann/phploc", "source": "https://github.com/sebastianbergmann/phploc", "pricing": null, "plans": null, "description": "A tool for quickly measuring the size and analyzing the structure of a PHP project.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phpmd": { "name": "PHPMD", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://phpmd.org", "source": "https://github.com/phpmd/phpmd", "pricing": null, "plans": null, "description": "Finds possible bugs in your code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phpmetrics": { "name": "PhpMetrics", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "http://www.phpmetrics.org", "source": "https://github.com/phpmetrics/PhpMetrics", "pricing": null, "plans": null, "description": "Calculates and visualizes various code quality metrics.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phpmnd": { "name": "phpmnd", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/povils/phpmnd", "source": "https://github.com/povils/phpmnd", "pricing": null, "plans": null, "description": "Helps to detect magic numbers.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phpqa": { "name": "PHPQA", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://edgedesigncz.github.io/phpqa", "source": "https://github.com/EdgedesignCZ/phpqa", "pricing": null, "plans": null, "description": "A tool for running QA tools (phploc, phpcpd, phpcs, pdepend, phpmd, phpmetrics).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phpqa-jakzal": { "name": "phpqa - jakzal", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/jakzal/phpqa", "source": "https://github.com/jakzal/phpqa", "pricing": null, "plans": null, "description": "Many tools for PHP static analysis in one container.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phpqa-jmolivas": { "name": "phpqa - jmolivas", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/jmolivas/phpqa", "source": "https://github.com/jmolivas/phpqa", "pricing": null, "plans": null, "description": "PHPQA all-in-one Analyzer CLI tool.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phpsa": { "name": "phpsa", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/ovr/phpsa", "source": "https://github.com/ovr/phpsa", "pricing": null, "plans": null, "description": "Static analysis tool for PHP.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "phpstan": { "name": "PHPStan", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://phpstan.org", "source": "https://github.com/phpstan/phpstan", "pricing": null, "plans": null, "description": "PHP Static Analysis Tool - discover bugs in your code without running it!", "discussion": null, "deprecated": null, "resources": [ { "title": "Measure PHP Code Quality With Static Analysis Using PHPStan", "url": "https://www.youtube.com/watch?v=OiS2xGVWEa0" } ], "reviews": null, "demos": [ "https://phpstan.org/try" ], "wrapper": null }, "pip-audit": { "name": "pip-audit", "categories": [ "linter" ], "languages": [ "python" ], "other": [ "security" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/pypa/pip-audit", "source": "https://github.com/pypa/pip-audit", "pricing": null, "plans": null, "description": "Tool for scanning Python packages for known vulnerabilities. Developed by the Python Packaging Authority (PyPA) and supported by Trail of Bits and Google. Scans Python environments and requirements files to identify vulnerable packages and suggests remediation. Supports GitHub Actions, pre-commit hooks, and multiple vulnerability service integrations.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pixee": { "name": "Pixee", "categories": [], "languages": [ "java", "python" ], "other": [], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://pixee.ai", "source": null, "pricing": "https://www.pixee.ai/pricing", "plans": { "free": true, "oss": false }, "description": "Pixeebot finds security and code quality issues in your code and creates merge-ready pull requests with recommended fixes.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "plato": { "name": "plato", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/es-analysis/plato", "source": "https://github.com/es-analysis/plato", "pricing": null, "plans": null, "description": "Visualize JavaScript source complexity.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pmd": { "name": "PMD", "categories": [ "linter" ], "languages": [ "apex", "java", "javascript", "plsql", "scala", "visualforce" ], "other": [ "xml" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://pmd.github.io", "source": "https://github.com/pmd/pmd", "pricing": null, "plans": null, "description": "A source code analyzer for Java, Salesforce Apex, Javascript, PLSQL, XML, XSL and others.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "polymer-analyzer": { "name": "Polymer-analyzer", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [ "html" ], "licenses": [ "BSD-3-Clause (original text)" ], "types": [ "cli" ], "homepage": "https://github.com/Polymer/tools/tree/master/packages/analyzer", "source": "https://github.com/Polymer/tools/tree/master/packages/analyzer", "pricing": null, "plans": null, "description": "A static analysis framework for Web Components.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "polyspace-bug-finder": { "name": "Polyspace Bug Finder", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.mathworks.com/products/polyspace-bug-finder.html", "source": null, "pricing": "https://www.mathworks.com/company/aboutus/contact_us/req_quote.html", "plans": null, "description": "Identifies run-time errors, concurrency issues, security vulnerabilities, and other defects in C and C++ embedded software.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "polyspace-code-prover": { "name": "Polyspace Code Prover", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.mathworks.com/products/polyspace-code-prover.html", "source": null, "pricing": null, "plans": null, "description": "Provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in C and C++ source code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "polyspace-for-ada": { "name": "Polyspace for Ada", "categories": [ "linter" ], "languages": [ "ada" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.mathworks.com/products/polyspace-ada.html", "source": null, "pricing": null, "plans": null, "description": "Provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in source code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "portlint": { "name": "portlint", "categories": [ "linter" ], "languages": [], "other": [ "buildtool", "make" ], "licenses": [ "BSD License" ], "types": [ "cli" ], "homepage": "https://www.freebsd.org/cgi/man.cgi?query=portlint&sektion=1&manpath=FreeBSD+8.1-RELEASE+and+Ports", "source": "https://www.freebsd.org/cgi/man.cgi?query=portlint&sektion=1&manpath=FreeBSD+8.1-RELEASE+and+Ports", "pricing": null, "plans": null, "description": "A verifier for FreeBSD and DragonFlyBSD port directories.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "postcss": { "name": "PostCSS", "categories": [ "linter" ], "languages": [], "other": [ "css" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://postcss.org", "source": "https://github.com/postcss/postcss", "pricing": null, "plans": null, "description": "A tool for transforming styles with JS plugins. These plugins can lint your CSS, support variables and mixins, transpile future CSS syntax, inline images, and more.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "prae": { "name": "prae", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/teenjuna/prae", "source": "https://github.com/teenjuna/prae", "pricing": null, "plans": null, "description": "Provides a convenient macro that allows you to generate type wrappers that promise to always uphold arbitrary invariants that you specified. ", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pre-commit": { "name": "pre-commit", "categories": [ "linter" ], "languages": [ "c", "cpp", "java", "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://pre-commit.com", "source": "https://github.com/pre-commit/pre-commit", "pricing": null, "plans": null, "description": "A framework for managing and maintaining multi-language pre-commit hooks.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "prealloc": { "name": "prealloc", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/alexkohler/prealloc", "source": "https://github.com/alexkohler/prealloc", "pricing": null, "plans": null, "description": "Finds slice declarations that could potentially be preallocated.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "precaution": { "name": "Precaution", "categories": [ "linter" ], "languages": [ "go", "java", "python" ], "other": [ "ci", "security" ], "licenses": [ "Business Source License 1.1" ], "types": [ "cli", "service" ], "homepage": "https://www.securesauce.dev/", "source": "https://github.com/securesauce/precli", "pricing": "https://www.securesauce.dev/", "plans": { "free": true, "oss": true }, "description": "Precaution is a static analysis security tool (SAST) designed to find potentially critical vulnerabilities in source code prior to production. It is available as a CLI, GitHub Action, and GitHub App.", "discussion": null, "deprecated": null, "resources": [ { "title": "Introducing Precaution", "url": "https://blog.securesauce.dev/introducing-precaution" } ], "reviews": null, "demos": null, "wrapper": null }, "prettier": { "name": "Prettier", "categories": [ "formatter" ], "languages": [ "javascript", "typescript" ], "other": [ "html" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://prettier.io", "source": "https://github.com/prettier/prettier", "pricing": null, "plans": null, "description": "An opinionated code formatter.", "discussion": null, "deprecated": null, "resources": [ { "title": "Code Formatting with Prettier in Visual Studio Code", "url": "https://www.youtube.com/watch?v=h3PJjP0nE98" }, { "title": "VSCode ESLint, Prettier & Airbnb Style Guide Setup", "url": "https://www.youtube.com/watch?v=SydnKbGc7W8" } ], "reviews": [ "https://plugins.jetbrains.com/plugin/10456-prettier/reviews", "https://stackshare.io/prettier", "https://www.producthunt.com/products/prettier/reviews" ], "demos": [ "https://prettier.io/playground" ], "wrapper": null }, "primitive-erlang-security-tool-pest": { "name": "Primitive Erlang Security Tool (PEST)", "categories": [ "linter" ], "languages": [ "erlang" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/okeuday/pest", "source": "https://github.com/okeuday/pest", "pricing": null, "plans": null, "description": "A tool to do a basic scan of Erlang source code and report any function calls that may cause Erlang source code to be insecure.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "progpilot": { "name": "Progpilot", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/designsecurity/progpilot", "source": "https://github.com/designsecurity/progpilot", "pricing": null, "plans": null, "description": "A static analysis tool for security purposes.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "project-wallace-css-analyzer": { "name": "Project Wallace CSS Analyzer", "categories": [ "linter" ], "languages": [], "other": [ "css" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://www.projectwallace.com", "source": "https://github.com/projectwallace/css-analyzer", "pricing": null, "plans": null, "description": "Analytics for CSS, part of [Project Wallace](https://www.projectwallace.com).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "promformat": { "name": "promformat", "categories": [ "formatter" ], "languages": [], "other": [ "prometheus" ], "licenses": [ "GPL-3.0" ], "types": [ "cli" ], "homepage": "https://github.com/facetoe/promformat", "source": "https://github.com/facetoe/promformat", "pricing": null, "plans": null, "description": "Promformat is a PromQL formatter written in Python.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "promval": { "name": "promval", "categories": [ "linter" ], "languages": [], "other": [ "prometheus" ], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/facetoe/promval", "source": "https://github.com/facetoe/promval", "pricing": null, "plans": null, "description": "PromQL validator written in Python. It can be used to validate that PromQL expressions are written as expected.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pronto": { "name": "Pronto", "categories": [ "linter" ], "languages": [ "c", "cpp", "elixir", "java", "javascript", "php", "ruby" ], "other": [ "ci" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/prontolabs/pronto", "source": "https://github.com/prontolabs/pronto", "pricing": null, "plans": null, "description": "Quick automated code review of your changes. Supports more than 40 runners for various languages, including Clang, Elixir, JavaScript, PHP, Ruby and more.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "proselint": { "name": "proselint", "categories": [ "linter" ], "languages": [], "other": [ "writing" ], "licenses": [ "BSD-3-Clause" ], "types": [ "cli" ], "homepage": "https://github.com/amperser/proselint", "source": "https://github.com/amperser/proselint", "pricing": null, "plans": null, "description": "A linter for English prose with a focus on writing style instead of grammar.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "prospector": { "name": "prospector", "categories": [ "meta" ], "languages": [ "python" ], "other": [ "meta" ], "licenses": [ "GNU General Public License v2.0" ], "types": [ "cli" ], "homepage": "https://github.com/PyCQA/prospector", "source": "https://github.com/PyCQA/prospector", "pricing": null, "plans": null, "description": "A wrapper around `pylint`, `pep8`, `mccabe` and others.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "protolint": { "name": "protolint", "categories": [ "linter" ], "languages": [], "other": [ "protobuf" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/yoheimuta/protolint", "source": "https://github.com/yoheimuta/protolint", "pricing": null, "plans": null, "description": "Pluggable linter and fixer to enforce Protocol Buffer style and conventions.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "prusti": { "name": "Prusti", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://www.pm.inf.ethz.ch/research/prusti.html", "source": "https://github.com/viperproject/prusti-dev", "pricing": null, "plans": null, "description": "A static verifier for Rust, based on the Viper verification infrastructure. By default Prusti verifies absence of panics by proving that statements such as unreachable!() and panic!() are unreachable.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "psalm": { "name": "Psalm", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://psalm.dev", "source": "https://github.com/vimeo/psalm", "pricing": null, "plans": null, "description": "Static analysis tool for finding type errors in PHP applications.", "discussion": null, "deprecated": null, "resources": [ { "title": "Try it Tuesday - PHP Static Analysis Tool Psalm", "url": "https://www.youtube.com/watch?v=ZxXw5Fkp9R8" } ], "reviews": null, "demos": [ "https://psalm.dev/r/dcb13e702f" ], "wrapper": null }, "pt-application-inspector": { "name": "PT Application Inspector", "categories": [ "linter" ], "languages": [], "other": [ "security" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.ptsecurity.com", "source": null, "pricing": null, "plans": null, "description": "Identifies code flaws and detects vulnerabilities to prevent web attacks. Demonstrates remote code execution by presenting possible exploits.", "discussion": null, "deprecated": null, "resources": [ { "title": "Introduction video", "url": "https://www.youtube.com/watch?v=gtFH6tV2dlM" } ], "reviews": null, "demos": null, "wrapper": null }, "pt-pm": { "name": "PT.PM", "categories": [ "linter" ], "languages": [ "csharp", "java", "javascript", "php", "plsql", "tsql" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/PositiveTechnologies/PT.PM", "source": "https://github.com/PositiveTechnologies/PT.PM", "pricing": null, "plans": null, "description": "An engine for searching patterns in the source code, based on Unified AST or UST. At present time C#, Java, PHP, PL/SQL, T-SQL, and JavaScript are supported. Patterns can be described within the code or using a DSL.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pullrequest": { "name": "PullRequest", "categories": [ "linter" ], "languages": [], "other": [ "ci" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.hackerone.com/product/code", "source": null, "pricing": null, "plans": null, "description": "Code review as a service with built-in static analysis. Increase velocity and reduce technical debt through quality code review by expert engineers backed by best-in-class automation.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "puma-scan": { "name": "Puma Scan", "categories": [ "linter" ], "languages": [ "csharp" ], "other": [], "licenses": [ "Mozilla Public License 2.0" ], "types": [ "ide-plugin" ], "homepage": "https://pumasecurity.io", "source": "https://github.com/pumasecurity/puma-scan", "pricing": null, "plans": null, "description": "Puma Scan provides real time secure code analysis for common vulnerabilities (XSS, SQLi, CSRF, LDAPi, crypto, deserialization, etc.) as development teams write code in Visual Studio.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "puppet-lint": { "name": "Puppet Lint", "categories": [ "linter" ], "languages": [], "other": [ "configmanagement" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/rodjek/puppet-lint", "source": "https://github.com/rodjek/puppet-lint", "pricing": null, "plans": null, "description": "Check that your Puppet manifests conform to the style guide.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pure": { "name": "pure", "categories": [ "linter" ], "languages": [], "other": [ "archive" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/ronomon/pure", "source": "https://github.com/ronomon/pure", "pricing": null, "plans": null, "description": "Pure is a static analysis file format checker that checks ZIP files for dangerous compression ratios, spec deviations, malicious archive signatures, mismatching local and central directory headers, ambiguous UTF-8 filenames, directory and symlink traversals, invalid MS-DOS dates, overlapping headers, overflow, underflow, sparseness, accidental buffer bleeds etc.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "putout": { "name": "Putout", "categories": [ "linter" ], "languages": [ "javascript", "jsx", "typescript" ], "other": [ "css", "json", "markdown", "yaml" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/coderaiser/putout", "source": "https://github.com/coderaiser/putout", "pricing": null, "plans": null, "description": "Pluggable and configurable code transformer with built-in eslint, babel plugins support for js, jsx typescript, flow, markdown, yaml and json.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pvs-studio": { "name": "PVS-Studio", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "java" ], "other": [], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://pvs-studio.com", "source": null, "pricing": "https://pvs-studio.com/en/order/license/", "plans": null, "description": "A ([conditionally free](https://pvs-studio.com/en/order/open-source-license) for FOSS and individual developers) static analysis of C, C++, C# and Java code. For advertising purposes [you can propose a large FOSS project for analysis by PVS employees](https://github.com/viva64/pvs-studio-check-list). Supports CWE mapping, OWASP ASVS, MISRA, AUTOSAR and SEI CERT coding standards.", "discussion": null, "deprecated": null, "resources": [ { "title": "PVS-Studio is now in Compiler Explorer!", "url": "https://www.youtube.com/watch?v=hw5npZqB3b8" }, { "title": "PVS-Studio in 2019", "url": "https://www.youtube.com/watch?v=FkfMGqxIR-I" }, { "title": "Static Analysis in C++ (mostly about PVS-Studio)", "url": "https://www.youtube.com/watch?v=vYW6TOwFK2M" } ], "reviews": [ "https://www.g2.com/products/pvs-studio/reviews", "https://www.gartner.com/reviews/market/application-security-testing/vendor/pvs-studio/product/pvs-studio" ], "demos": null, "wrapper": null }, "py-find-injection": { "name": "py-find-injection", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/uber/py-find-injection", "source": "https://github.com/uber/py-find-injection", "pricing": null, "plans": null, "description": "Find SQL injection vulnerabilities in Python code.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pyanalyze": { "name": "pyanalyze", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://pyanalyze.readthedocs.io/en/latest/", "source": "https://github.com/quora/pyanalyze", "pricing": null, "plans": null, "description": "A tool for programmatically detecting common mistakes in Python code, such as references to undefined variables and type errors. It can be extended to add additional rules and perform checks specific to particular functions.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pycodestyle": { "name": "pycodestyle", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://pycodestyle.pycqa.org/en/latest", "source": "https://github.com/PyCQA/pycodestyle", "pricing": null, "plans": null, "description": "(Formerly `pep8`) Check Python code against some of the style conventions in PEP 8.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pydocstyle": { "name": "pydocstyle", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "http://www.pydocstyle.org", "source": "https://github.com/PyCQA/pydocstyle", "pricing": null, "plans": null, "description": "Check compliance with Python docstring conventions.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pyflakes": { "name": "pyflakes", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://pypi.org/project/pyflakes", "source": "https://github.com/pyflakes/pyflakes", "pricing": null, "plans": null, "description": "Check Python source files for errors.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pylama": { "name": "pylama", "categories": [ "linter" ], "languages": [ "javascript", "python" ], "other": [ "meta" ], "licenses": [ "LGPL-3.0 License" ], "types": [ "cli" ], "homepage": "https://klen.github.io/pylama/", "source": "https://github.com/klen/pylama", "pricing": null, "plans": null, "description": "Code audit tool for Python and JavaScript. Wraps pycodestyle, pydocstyle, PyFlakes, Mccabe, Pylint, and more", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pylint": { "name": "pylint", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "GNU General Public License v2.0" ], "types": [ "cli" ], "homepage": "http://pylint.pycqa.org/en/latest", "source": "https://github.com/PyCQA/pylint", "pricing": null, "plans": null, "description": "Looks for programming errors, helps enforcing a coding standard and sniffs for some code smells. It additionally includes `pyreverse` (an UML diagram generator) and `symilar` (a similarities checker).", "discussion": null, "deprecated": null, "resources": [ { "title": "Pylint Tutorial – How to Write Clean Python", "url": "https://www.youtube.com/watch?v=fFY5103p5-c" } ], "reviews": null, "demos": null, "wrapper": null }, "pylyzers": { "name": "pylyzers", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://mtshiba.github.io/pylyzer/", "source": "https://github.com/mtshiba/pylyzer", "pricing": null, "plans": null, "description": "A static code analyzer / language server for Python, written in Rust, focused on type checking and readable output.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pyra": { "name": "Pyra", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MPL-2.0 license" ], "types": [ "cli" ], "homepage": "https://github.com/spangea/Pyra", "source": "https://github.com/spangea/Pyra", "pricing": null, "plans": null, "description": "Pyra is a high-level linter static analyzer for data science applications written in Python, that helps developers identify potential issues in their data science code written in Python, as an extension of [Lyra](https://github.com/caterinaurban/Lyra).", "discussion": null, "deprecated": null, "resources": [ { "title": "Demo", "url": "https://www.youtube.com/watch?v=D-AsyuhsTyo" } ], "reviews": null, "demos": null, "wrapper": null }, "pyre-check": { "name": "pyre-check", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://pyre-check.org", "source": "https://github.com/facebook/pyre-check", "pricing": null, "plans": null, "description": "A fast, scalable type checker for large Python codebases. Pyre-check has been superseded by Pyrefly, its next iteration.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pyrefly": { "name": "pyrefly", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://pyrefly.org/", "source": "https://github.com/facebook/pyrefly", "pricing": null, "plans": null, "description": "A fast, incremental type checker and language server for Python, providing IDE features like code navigation, semantic highlighting, and code completion.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pyright": { "name": "pyright", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/Microsoft/pyright", "source": "https://github.com/Microsoft/pyright", "pricing": null, "plans": null, "description": "Static type checker for Python, created to address gaps in existing tools like mypy.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pyroma": { "name": "pyroma", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/regebro/pyroma", "source": "https://github.com/regebro/pyroma", "pricing": null, "plans": null, "description": "Rate how well a Python project complies with the best practices of the Python packaging ecosystem, and list issues that could be improved.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pysa": { "name": "Pysa", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://pyre-check.org/docs/pysa-basics.html", "source": "https://github.com/facebook/pyre-check", "pricing": null, "plans": null, "description": "A tool based on Facebook's pyre-check to identify potential security issues in Python code identified with taint analysis.", "discussion": null, "deprecated": null, "resources": [ { "title": "Workshop: Graham Bleaney - Pysa to Identify Python Vulnerabilities - DEF CON 28SM AppSec Village", "url": "https://www.youtube.com/watch?v=8I3zlvtpOww" } ], "reviews": null, "demos": null, "wrapper": null }, "pyt-python-taint": { "name": "PyT - Python Taint", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "GNU General Public License v2.0" ], "types": [ "cli" ], "homepage": "https://github.com/python-security/pyt", "source": "https://github.com/python-security/pyt", "pricing": null, "plans": null, "description": "A static analysis tool for detecting security vulnerabilities in Python web applications.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pytype": { "name": "pytype", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://google.github.io/pytype", "source": "https://github.com/google/pytype", "pricing": null, "plans": null, "description": "A static type analyzer for Python code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pyupgrade": { "name": "pyupgrade", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://pypi.org/project/pyupgrade-docs/", "source": "https://github.com/asottile/pyupgrade", "pricing": null, "plans": null, "description": "A tool (and pre-commit hook) to automatically upgrade syntax for newer versions of the language.", "discussion": null, "deprecated": null, "resources": [ { "title": "Python linter comparison 2022.", "url": "https://inventwithpython.com/blog/2022/11/19/python-linter-comparison-2022-pylint-vs-pyflakes-vs-flake8-vs-autopep8-vs-bandit-vs-prospector-vs-pylama-vs-pyroma-vs-black-vs-mypy-vs-radon-vs-mccabe/" } ], "reviews": null, "demos": null, "wrapper": null }, "qafoo-quality-analyzer": { "name": "Qafoo Quality Analyzer", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "GNU Affero General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://github.com/Qafoo/QualityAnalyzer", "source": "https://github.com/Qafoo/QualityAnalyzer", "pricing": null, "plans": null, "description": "Visualizes metrics and source code.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "qark": { "name": "qark", "categories": [ "linter" ], "languages": [], "other": [ "mobile" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/linkedin/qark", "source": "https://github.com/linkedin/qark", "pricing": null, "plans": null, "description": "Tool to look for several security related Android application vulnerabilities.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "quality": { "name": "quality", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [ "ci" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/apiology/quality", "source": "https://github.com/apiology/quality", "pricing": null, "plans": null, "description": "Runs quality checks on your code using community tools, and makes sure your numbers don't get any worse over time.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "qualys-container-security": { "name": "Qualys Container Security", "categories": [ "linter" ], "languages": [], "other": [ "container", "security" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.qualys.com/apps/container-security", "source": null, "pricing": "https://www.qualys.com/free-trial/", "plans": null, "description": "Container native application protection to provide visibility and control of containerized applications.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "quantifiedcode": { "name": "QuantifiedCode", "categories": [ "linter" ], "languages": [ "python" ], "other": [ "ci", "security" ], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "service" ], "homepage": "https://github.com/quantifiedcode/quantifiedcode", "source": "https://github.com/quantifiedcode/quantifiedcode", "pricing": null, "plans": null, "description": "Automated code review & repair. It helps you to keep track of issues and metrics in your software projects, and can be easily extended to support new types of analyses.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "querly": { "name": "Querly", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/soutaro/querly", "source": "https://github.com/soutaro/querly", "pricing": null, "plans": null, "description": "Pattern Based Checking Tool for Ruby.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "qulice": { "name": "qulice", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://www.qulice.com", "source": "https://github.com/teamed/qulice", "pricing": null, "plans": null, "description": "Combines a few (pre-configured) static analysis tools (checkstyle, PMD, Findbugs, ...).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "qwiet-ai": { "name": "Qwiet AI", "categories": [ "linter" ], "languages": [ "csharp", "go", "java", "javascript", "jsp", "python", "scala" ], "other": [ "configmanagement", "security" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://qwiet.ai/", "source": null, "pricing": "https://www.shiftleft.io/pricing", "plans": null, "description": "Identify vulnerabilities that are unique to your code base before they reach production. Leverages the Code Property Graph (CPG) to run its analyses concurrently in a single graph of graphs. Automatically finds business logic flaws in dev like hardcoded secrets and logic bombs", "discussion": null, "deprecated": null, "resources": [ { "title": "Securing Every Pull Request with ShiftLeft", "url": "https://vimeo.com/383381584" }, { "title": "ShiftLeft Intro", "url": "https://vimeo.com/233423863" } ], "reviews": null, "demos": null, "wrapper": null }, "r-language-server": { "name": "R Language Server", "categories": [ "linter" ], "languages": [ "r" ], "other": [], "licenses": [ "MIT + file LICENSE" ], "types": [ "ide-plugin" ], "homepage": "https://github.com/REditorSupport/languageserver/", "source": "https://github.com/REditorSupport/languageserver/", "pricing": null, "plans": null, "description": "Provides code completion, refactoring, folding, diagnostics (with lintr), and more for R.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "radon": { "name": "radon", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://radon.readthedocs.io/en/latest", "source": "https://github.com/rubik/radon", "pricing": null, "plans": null, "description": "A Python tool that computes various metrics from the source code.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "railroader": { "name": "Railroader", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://railroader.org", "source": "https://github.com/david-a-wheeler/railroader", "pricing": null, "plans": null, "description": "An open source static analysis security vulnerability scanner for Ruby on Rails applications.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rails-best-practices": { "name": "rails_best_practices", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://rails-bestpractices.com", "source": "https://github.com/flyerhzm/rails_best_practices", "pricing": null, "plans": null, "description": "A code metric tool for Rails projects", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rco": { "name": "rco", "categories": [ "performance" ], "languages": [ "r" ], "other": [], "licenses": [ "GPL-3" ], "types": [ "cli" ], "homepage": "https://jcrodriguez1989.github.io/rco/", "source": "https://github.com/jcrodriguez1989/rco", "pricing": null, "plans": null, "description": "Performance optimizer for R code (with GUI).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rector": { "name": "rector", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://getrector.org", "source": "https://github.com/rectorphp/rector", "pricing": null, "plans": null, "description": "Instant Upgrades and Automated Refactoring of any PHP 5.3+ code. It upgrades your code for PHP 7.4, 8.0 and beyond. Rector promises a low false-positive rate because it looks for narrowly defined AST (abstract syntax tree) patterns. The main use-case are tackling technical debt in your legacy code and removing dead code. Rector provides a set of special rules for Symfony, Doctrine, PHPUnit, and many more.", "discussion": null, "deprecated": null, "resources": [ { "title": "Rector: Install & Setup ", "url": "https://www.youtube.com/watch?v=_Uk95vG3ezQ" } ], "reviews": null, "demos": [ "https://getrector.com/demo" ], "wrapper": null }, "redex": { "name": "redex", "categories": [ "linter" ], "languages": [], "other": [ "mobile" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://fbredex.com", "source": "https://github.com/facebook/redex", "pricing": null, "plans": null, "description": "Redex provides a framework for reading, writing, and analyzing .dex files, and a set of optimization passes that use this framework to improve the bytecode. An APK optimized by Redex should be smaller and faster.", "discussion": null, "deprecated": null, "resources": [ { "title": "droidcon SF 2017 - Redex, Your Build, And You", "url": "https://www.youtube.com/watch?v=vtxJvJj6gSE" }, { "title": "Optimizing Android bytecode with ReDex", "url": "https://engineering.fb.com/android/optimizing-android-bytecode-with-redex/" }, { "title": "", "url": "https://www.youtube.com/watch?v=h_Gkl5eAdc4" } ], "reviews": null, "demos": null, "wrapper": null }, "reek": { "name": "reek", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/troessner/reek", "source": "https://github.com/troessner/reek", "pricing": null, "plans": null, "description": "Code smell detector for Ruby.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "refactorfirst": { "name": "RefactorFirst", "categories": [ "linter" ], "languages": [ "java" ], "other": [ "ci", "support" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/jimbethancourt/RefactorFirst", "source": "https://github.com/jimbethancourt/RefactorFirst", "pricing": null, "plans": null, "description": "Identifies and prioritizes God Classes and Highly Coupled classes in Java codebases you should refactor first.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "refactoring-essentials": { "name": "Refactoring Essentials", "categories": [ "linter" ], "languages": [ "csharp", "vbnet" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://marketplace.visualstudio.com/items?itemName=SharpDevelopTeam.RefactoringEssentialsforVisualStudio", "source": "https://github.com/icsharpcode/RefactoringEssentials", "pricing": null, "plans": null, "description": "The free Visual Studio 2015 extension for C# and VB.NET refactorings, including code best practice analyzers.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "reflection": { "name": "Reflection", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/phpDocumentor/Reflection", "source": "https://github.com/phpDocumentor/Reflection", "pricing": null, "plans": null, "description": "Reflection library to do Static Analysis for PHP Projects", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "refurb": { "name": "refurb", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "GPL-3.0" ], "types": [ "cli" ], "homepage": "https://github.com/dosisod/refurb", "source": "https://github.com/dosisod/refurb", "pricing": null, "plans": null, "description": "A tool for refurbishing and modernizing Python codebases. Refurb is heavily inspired by clippy, the built-in linter for Rust.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "regal": { "name": "Regal", "categories": [ "linter" ], "languages": [ "rego" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/styrainc/regal", "source": "https://github.com/styrainc/regal", "pricing": null, "plans": null, "description": "Regal is a linter for the policy language Rego. Regal aims to catch bugs and mistakes in policy code, while at the same time helping people learn the language, best practices and idiomatic constructs.", "discussion": null, "deprecated": null, "resources": [ { "title": "Guarding the Guardrails — Introducing Regal, the Rego Linter", "url": "https://www.styra.com/blog/guarding-the-guardrails-introducing-regal-the-rego-linter" }, { "title": "Regal the Rego Linter, CNCF London meetup, June 2023 (video)", "url": "https://www.youtube.com/watch?v=Xx8npd2TQJ0&t=2567s" } ], "reviews": null, "demos": null, "wrapper": null }, "relint": { "name": "relint", "categories": [ "linter" ], "languages": [ "dotnet", "c", "cpp", "java", "javascript", "jsx", "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/codingjoe/relint", "source": "https://github.com/codingjoe/relint", "pricing": null, "plans": null, "description": "A static file linter that allows you to write custom rules using regular expressions (RegEx).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "remark-lint": { "name": "remark-lint", "categories": [ "linter" ], "languages": [], "other": [ "markdown" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://remark.js.org", "source": "https://github.com/remarkjs/remark-lint", "pricing": null, "plans": null, "description": "Pluggable Markdown code style linter written in JavaScript.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "resharper": { "name": "ReSharper", "categories": [ "linter" ], "languages": [ "asp", "csharp", "javascript", "typescript", "vbnet" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.jetbrains.com/resharper", "source": null, "pricing": "https://www.jetbrains.com/buy", "plans": null, "description": "Extends Visual Studio with on-the-fly code inspections for C#, VB.NET, ASP.NET, JavaScript, TypeScript and other technologies.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "retire-js": { "name": "retire.js", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://retirejs.github.io/retire.js", "source": "https://github.com/RetireJS/retire.js", "pricing": null, "plans": null, "description": "Scanner detecting the use of JavaScript libraries with known vulnerabilities.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rev-dep": { "name": "Rev-dep", "categories": [ "linter" ], "languages": [ "javascript", "jsx", "typescript" ], "other": [ "ci" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/jayu/rev-dep", "source": "https://github.com/jayu/rev-dep", "pricing": null, "plans": null, "description": "Dependency analysis and optimization toolkit for modern JavaScript and TypeScript projects. Trace imports, identify circular dependencies, find unused code, clean node modules.", "discussion": null, "deprecated": null, "resources": [ { "title": "Install via NPM", "url": "https://www.npmjs.com/package/rev-dep" } ], "reviews": null, "demos": null, "wrapper": null }, "reviewdog": { "name": "Reviewdog", "categories": [ "linter" ], "languages": [ "go" ], "other": [ "ci" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/haya14busa/reviewdog", "source": "https://github.com/haya14busa/reviewdog", "pricing": null, "plans": null, "description": "A tool for posting review comments from any linter in any code hosting service.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "revive": { "name": "revive", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://revive.run", "source": "https://github.com/mgechev/revive", "pricing": null, "plans": null, "description": "Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rhabdomancer": { "name": "rhabdomancer", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://crates.io/crates/rhabdomancer", "source": "https://github.com/0xdea/rhabdomancer", "pricing": null, "plans": null, "description": "IDA Pro headless plugin that locates calls to potentially insecure API functions in a binary file.", "discussion": null, "deprecated": null, "resources": [ { "title": "Streamlining Vulnerability Research with the idalib Rust Bindings for IDA 9.2", "url": "https://hex-rays.com/blog/streamlining-vulnerability-research-idalib-rust-bindings" }, { "title": "Streamlining vulnerability research with IDA Pro and Rust", "url": "https://hnsecurity.it/blog/streamlining-vulnerability-research-with-ida-pro-and-rust" } ], "reviews": null, "demos": null, "wrapper": null }, "rips": { "name": "RIPS", "categories": [ "linter" ], "languages": [ "java", "php" ], "other": [ "nodejs" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.ripstech.com", "source": null, "pricing": "https://sonarsource.com/plans-and-pricing/", "plans": null, "description": "A static source code analyser for vulnerabilities in PHP scripts.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "roodi": { "name": "Roodi", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/roodi/roodi", "source": "https://github.com/roodi/roodi", "pricing": null, "plans": null, "description": "Roodi stands for Ruby Object Oriented Design Inferometer. It parses your Ruby code and warns you about design issues you have based on the checks that it has configured.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "roslyn-analyzers": { "name": "Roslyn Analyzers", "categories": [ "linter" ], "languages": [ "dotnet", "csharp" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/dotnet/roslyn-analyzers", "source": "https://github.com/dotnet/roslyn-analyzers", "pricing": null, "plans": null, "description": "Roslyn-based implementation of FxCop analyzers.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "roslyn-security-guard": { "name": "Roslyn Security Guard", "categories": [ "linter" ], "languages": [ "csharp", "vbnet" ], "other": [], "licenses": [ "GNU Lesser General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://security-code-scan.github.io", "source": "https://github.com/security-code-scan/security-code-scan", "pricing": null, "plans": null, "description": "Project that focuses on the identification of potential vulnerabilities such as SQL injection, cross-site scripting (XSS), CSRF, cryptography weaknesses, hardcoded passwords and many more.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "roslynator": { "name": "Roslynator", "categories": [ "linter" ], "languages": [ "csharp" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/JosefPihrt/Roslynator", "source": "https://github.com/JosefPihrt/Roslynator", "pricing": null, "plans": null, "description": "A collection of 190+ analyzers and 190+ refactorings for C#, powered by Roslyn.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rpmlint": { "name": "rpmlint", "categories": [ "linter" ], "languages": [], "other": [ "package" ], "licenses": [ "GNU General Public License v2.0" ], "types": [ "cli" ], "homepage": "https://github.com/rpm-software-management/rpmlint", "source": "https://github.com/rpm-software-management/rpmlint", "pricing": null, "plans": null, "description": "Tool for checking common errors in rpm packages.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rslint": { "name": "RSLint", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "http://rslint.org/", "source": "https://github.com/RDambrosio016/RSLint", "pricing": null, "plans": null, "description": "A (WIP) JavaScript linter written in Rust designed to be as fast as possible, customizable, and easy to use.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rubocop": { "name": "RuboCop", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://docs.rubocop.org/rubocop", "source": "https://github.com/rubocop-hq/rubocop", "pricing": null, "plans": null, "description": "A Ruby static code analyzer, based on the community Ruby style guide.", "discussion": null, "deprecated": null, "resources": [ { "title": "Ruby Code Linting with RuboCop", "url": "https://www.youtube.com/watch?v=sfOGjcMVQ9U" } ], "reviews": [ "https://stackshare.io/rubocop" ], "demos": null, "wrapper": null }, "rubrowser": { "name": "Rubrowser", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/blazeeboy/rubrowser", "source": "https://github.com/blazeeboy/rubrowser", "pricing": null, "plans": null, "description": "Ruby classes interactive dependency graph generator.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ruby-lint": { "name": "ruby-lint", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "Mozilla Public License, version 2.0" ], "types": [ "cli" ], "homepage": "https://gitlab.com/yorickpeterse/ruby-lint", "source": "https://gitlab.com/yorickpeterse/ruby-lint", "pricing": null, "plans": null, "description": "Static code analysis for Ruby.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rubycritic": { "name": "rubycritic", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/whitesmith/rubycritic", "source": "https://github.com/whitesmith/rubycritic", "pricing": null, "plans": null, "description": "A Ruby code quality reporter.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rudra": { "name": "Rudra", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Apache" ], "types": [ "cli" ], "homepage": "https://github.com/sslab-gatech/Rudra", "source": "https://github.com/sslab-gatech/Rudra", "pricing": null, "plans": null, "description": "Rust Memory Safety & Undefined Behavior Detection. It is capable of analyzing single Rust packages as well as all the packages on crates.io.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ruff": { "name": "ruff", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://astral.sh/ruff", "source": "https://github.com/charliermarsh/ruff", "pricing": null, "plans": null, "description": "Fast Python linter, written in Rust. 10-100x faster than existing linters. Compatible with Python 3.10. Supports file watcher.", "discussion": null, "deprecated": null, "resources": [ { "title": "Python tooling could be much, much faster (announcement)", "url": "https://notes.crmarsh.com/python-tooling-could-be-much-much-faster" } ], "reviews": null, "demos": null, "wrapper": null }, "rufo": { "name": "rufo", "categories": [ "formatter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/ruby-formatter/rufo", "source": "https://github.com/ruby-formatter/rufo", "pricing": null, "plans": null, "description": "An opinionated ruby formatter, intended to be used via the command line as a text-editor plugin, to autoformat files on save or on demand.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rust-analyzer": { "name": "rust-analyzer", "categories": [ "formatter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Other" ], "types": [ "ide-plugin" ], "homepage": "https://rust-analyzer.github.io", "source": "https://github.com/rust-analyzer/rust-analyzer", "pricing": null, "plans": null, "description": "Supports functionality such as 'goto definition', type inference, symbol search, reformatting, and code completion, and enables renaming and refactorings.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rust-audit": { "name": "rust-audit", "categories": [ "linter" ], "languages": [ "rust" ], "other": [ "binary" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/Shnatsel/rust-audit", "source": "https://github.com/Shnatsel/rust-audit", "pricing": null, "plans": null, "description": "Audit Rust binaries for known bugs or security vulnerabilities. This works by embedding data about the dependency tree (Cargo.lock) in JSON format into a dedicated linker section of the compiled executable.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rust-language-server": { "name": "Rust Language Server", "categories": [ "formatter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Other" ], "types": [ "ide-plugin" ], "homepage": "https://github.com/rust-lang-nursery/rls", "source": "https://github.com/rust-lang-nursery/rls", "pricing": null, "plans": null, "description": "Supports functionality such as 'goto definition', symbol search, reformatting, and code completion, and enables renaming and refactorings.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rustfix": { "name": "rustfix", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/rust-lang/rustfix", "source": "https://github.com/rust-lang/rustfix", "pricing": null, "plans": null, "description": "Read and apply the suggestions made by rustc (and third-party lints, like those offered by clippy).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rustfmt": { "name": "rustfmt", "categories": [ "formatter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Apache License" ], "types": [ "cli" ], "homepage": "https://github.com/rust-lang/rustfmt", "source": "https://github.com/rust-lang/rustfmt", "pricing": null, "plans": null, "description": "A tool for formatting Rust code according to style guidelines.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rustviz": { "name": "RustViz", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/rustviz/rustviz", "source": "https://github.com/rustviz/rustviz", "pricing": null, "plans": null, "description": "RustViz is a tool that generates visualizations from simple Rust programs to assist users in better understanding the Rust Lifetime and Borrowing mechanism. It generates SVG files with graphical indicators that integrate with mdbook to render visualizations of data-flow in Rust programs.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "safeql": { "name": "SafeQL", "categories": [ "linter" ], "languages": [ "javascript", "sql", "typescript" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://safeql.dev", "source": "https://github.com/ts-safeql/safeql", "pricing": null, "plans": null, "description": "Validate and auto-generate TypeScript types from raw SQL queries in PostgreSQL. SafeQL is an ESLint plugin for writing SQL queries in a type-safe way.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "safesql": { "name": "safesql", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/stripe/safesql", "source": "https://github.com/stripe/safesql", "pricing": null, "plans": null, "description": "Static analysis tool for Golang that protects against SQL injections.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "safety": { "name": "Safety", "categories": [ "linter" ], "languages": [ "python" ], "other": [ "security" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://safetycli.com/", "source": "https://github.com/pyupio/safety", "pricing": null, "plans": null, "description": "Python dependency vulnerability scanner designed to enhance software supply chain security by detecting packages with known vulnerabilities. Checks Python dependencies against a database of known security vulnerabilities and provides detailed reports. Supports CI/CD integration and multiple output formats.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "saikuro": { "name": "Saikuro", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "BSD License" ], "types": [ "cli" ], "homepage": "https://metricfu.github.io/Saikuro", "source": "https://github.com/metricfu/Saikuro", "pricing": null, "plans": null, "description": "A Ruby cyclomatic complexity analyzer.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sandimeter": { "name": "SandiMeter", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://rubygems.org/gems/sandi_meter", "source": "https://github.com/makaroni4/sandi_meter", "pricing": null, "plans": null, "description": "Static analysis tool for checking Ruby code for Sandi Metz' rules.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sass-lint": { "name": "sass-lint", "categories": [ "linter" ], "languages": [], "other": [ "css" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/sasstools/sass-lint", "source": "https://github.com/sasstools/sass-lint", "pricing": null, "plans": null, "description": "A Node-only Sass linter for both sass and scss syntax.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sast-online": { "name": "SAST Online", "categories": [ "linter" ], "languages": [ "dart", "java", "kotlin" ], "other": [ "mobile", "security" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://sast.online/", "source": "https://sast.online/", "pricing": "https://sast.online/pricing", "plans": { "free": true }, "description": "Check the Android Source code thoroughly to uncover and address potential security concerns and vulnerabilities. Static application security testing (Static Code Analysis) tool Online", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "scalastyle": { "name": "Scalastyle", "categories": [ "linter" ], "languages": [ "scala" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "http://www.scalastyle.org", "source": "https://github.com/scalastyle/scalastyle", "pricing": null, "plans": null, "description": "Scalastyle examines your Scala code and indicates potential problems with it.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "scan-build": { "name": "scan-build", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "Apache License v2.0 with LLVM Exceptions" ], "types": [ "cli" ], "homepage": "https://clang-analyzer.llvm.org/scan-build.html", "source": "https://clang-analyzer.llvm.org/scan-build.html", "pricing": null, "plans": null, "description": "Frontend to drive the Clang Static Analyzer built into Clang via a regular build.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "scapegoat": { "name": "scapegoat", "categories": [ "linter" ], "languages": [ "scala" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/sksamuel/scapegoat", "source": "https://github.com/sksamuel/scapegoat", "pricing": null, "plans": null, "description": "Scala compiler plugin for static code analysis.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "scorecard": { "name": "scorecard", "categories": [ "linter" ], "languages": [], "other": [ "security" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/ossf/scorecard", "source": "https://github.com/ossf/scorecard", "pricing": null, "plans": null, "description": "Security Scorecards - Security health metrics for Open Source", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "scrutinizer": { "name": "Scrutinizer", "categories": [ "linter" ], "languages": [ "go", "java", "javascript", "php", "python", "ruby", "typescript" ], "other": [ "ci" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://scrutinizer-ci.com", "source": null, "pricing": "https://scrutinizer-ci.com/pricing", "plans": { "free": false, "oss": true }, "description": "A proprietary code quality checker that can be integrated with GitHub.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "scsslint": { "name": "scsslint", "categories": [ "linter" ], "languages": [], "other": [ "css" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/brigade/scss-lint", "source": "https://github.com/brigade/scss-lint", "pricing": null, "plans": null, "description": "Linter for SCSS files.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "security-code-scan": { "name": "Security Code Scan", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "java", "php", "vbnet" ], "other": [], "licenses": [ "GNU Lesser General Public License v3.0" ], "types": [ "ide-plugin" ], "homepage": "https://security-code-scan.github.io", "source": "https://github.com/security-code-scan/security-code-scan", "pricing": null, "plans": null, "description": "Security code analyzer for C# and VB.NET. Detects various security vulnerability patterns: SQLi, XSS, CSRF, XXE, Open Redirect, etc. Integrates into Visual Studio 2015 and newer. Detects various security vulnerability patterns: SQLi, XSS, CSRF, XXE, Open Redirect, etc.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "semgrep": { "name": "Semgrep", "categories": [ "linter" ], "languages": [ "c", "csharp", "go", "java", "javascript", "jsx", "ocaml", "php", "python", "ruby", "typescript" ], "other": [ "configmanagement", "ci", "dockerfile", "json", "kubernetes", "nodejs", "rails", "security", "terraform", "yaml" ], "licenses": [ "GNU Lesser General Public License v2.1" ], "types": [ "cli", "service" ], "homepage": "https://semgrep.dev", "source": "https://github.com/returntocorp/semgrep", "pricing": null, "plans": null, "description": "A fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. Its rules look like the code you already write; no abstract syntax trees or regex wrestling. Supports 17+ languages.", "discussion": null, "deprecated": null, "resources": [ { "title": "Semgrep Quick Start Tutorial", "url": "https://www.youtube.com/watch?v=8jyp8DkhmYo" }, { "title": "Semgrep presentation by r2c at Bay Area OWASP Meetup", "url": "https://www.youtube.com/watch?v=pul1bRIOYc8" } ], "reviews": [ "https://stackshare.io/semgrep" ], "demos": [ "https://semgrep.dev/playground" ], "wrapper": null }, "semgrep-supply-chain": { "name": "Semgrep Supply Chain", "categories": [ "linter" ], "languages": [ "go", "java", "javascript", "python", "ruby", "typescript" ], "other": [ "security" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://semgrep.dev/products/semgrep-supply-chain", "source": null, "pricing": null, "plans": null, "description": "Quickly find and remediate high-priority security issues. Semgrep Supply Chain prioritizes the 2% of vulnerabilities that are reachable from your code.", "discussion": null, "deprecated": null, "resources": [ { "title": "Reachability analysis in Semgrep Supply Chain", "url": "https://www.youtube.com/watch?v=dzmiQXhVMAw" }, { "title": "It's time to ignore 98% of dependency alerts", "url": "https://r2c.dev/blog/2022/introducing-semgrep-supply-chain/" } ], "reviews": null, "demos": null, "wrapper": null }, "seqra": { "name": "Seqra", "categories": [ "linter" ], "languages": [ "java", "kotlin" ], "other": [ "ci", "security", "spring", "yaml" ], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://seqra.dev", "source": "https://github.com/seqra/seqra", "pricing": null, "plans": null, "description": "Security-focused static analyzer for Java and Kotlin web applications. Analyzes bytecode with Semgrep-style YAML rules and CodeQL-grade dataflow (with first-class Spring support) to find vulnerabilities that source-only scanners miss.", "discussion": null, "deprecated": null, "resources": [ { "title": "Static Analysis Showdown: How Semgrep, CodeQL, and Seqra Handle XSS Detection", "url": "https://seqra.dev/blog/semgrep-vs-codeql-vs-seqra" } ], "reviews": null, "demos": null, "wrapper": null }, "sh": { "name": "sh", "categories": [ "linter" ], "languages": [ "shell" ], "other": [], "licenses": [ "BSD-3-Clause License" ], "types": [ "cli" ], "homepage": "https://pkg.go.dev/mvdan.cc/sh/v3", "source": "https://github.com/mvdan/sh", "pricing": null, "plans": null, "description": "A shell parser, formatter, and interpreter with bash support; includes shfmt", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "shellcheck": { "name": "shellcheck", "categories": [ "linter" ], "languages": [ "shell" ], "other": [], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://www.shellcheck.net", "source": "https://github.com/koalaman/shellcheck", "pricing": null, "plans": null, "description": "ShellCheck, a static analysis tool that gives warnings and suggestions for bash/sh shell scripts.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "shellharden": { "name": "shellharden", "categories": [ "linter" ], "languages": [ "shell" ], "other": [], "licenses": [ "MPL-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/anordal/shellharden", "source": "https://github.com/anordal/shellharden", "pricing": null, "plans": null, "description": "A syntax highlighter and a tool to semi-automate the rewriting of scripts to ShellCheck conformance, mainly focused on quoting.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "shiftleft-scan": { "name": "ShiftLeft Scan", "categories": [ "linter" ], "languages": [ "apex", "go", "groovy", "java", "jsp", "kotlin", "php", "plsql", "python", "ruby", "rust", "scala", "shell", "vbasic" ], "other": [ "configmanagement", "container", "json", "nodejs", "yaml" ], "licenses": [ "Other" ], "types": [ "cli", "service" ], "homepage": "https://github.com/ShiftLeftSecurity/sast-scan", "source": "https://github.com/ShiftLeftSecurity/sast-scan", "pricing": null, "plans": null, "description": "Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines. Note: ShiftLeft rebranded to Qwiet AI in 2023, which was subsequently acquired by Harness in September 2025. This open-source project is no longer maintained.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "shipshape": { "name": "shipshape", "categories": [ "linter" ], "languages": [ "c", "cpp", "java", "php" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/google/shipshape", "source": "https://github.com/google/shipshape", "pricing": null, "plans": null, "description": "Static program analysis platform that allows custom analyzers to plug in through a common interface.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "shisho": { "name": "shisho", "categories": [ "linter" ], "languages": [ "go" ], "other": [ "terraform" ], "licenses": [ "AGPL-3.0" ], "types": [ "cli", "service" ], "homepage": "https://github.com/flatt-security/shisho", "source": "https://github.com/flatt-security/shisho", "pricing": null, "plans": null, "description": "A lightweight static code analyzer designed for developers and security teams. It allows you to analyze and transform source code with an intuitive DSL similar to sed, but for code.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sigrid": { "name": "Sigrid", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "delphi", "go", "groovy", "java", "javascript", "kotlin", "lua", "objectivec", "perl", "php", "plsql", "powershell", "python", "r", "ruby", "rust", "scala", "shell", "sql", "swift", "typescript", "vbnet" ], "other": [ "nodejs", "vue" ], "licenses": [ "proprietary" ], "types": [ "cli", "service" ], "homepage": "https://www.softwareimprovementgroup.com/solutions/sigrid-software-assurance-platform/", "source": null, "pricing": "https://www.softwareimprovementgroup.com/contact/", "plans": { "free": false, "oss": false }, "description": "Sigrid helps you to improve your software by measuring your system's code quality, and then compares the results against a benchmark of thousands of industry systems to give you concrete advice on areas where you can improve.", "discussion": null, "deprecated": null, "resources": [ { "title": "Sigrid Security | Security without headache", "url": "https://www.youtube.com/watch?v=mpQxzdv4oc8" }, { "title": "Sigrid Open Source Health module", "url": "https://www.youtube.com/watch?v=UvhV9dyXWIU" } ], "reviews": [ "https://www.capterra.com/p/219140/Sigrid/" ], "demos": null, "wrapper": null }, "similarity-tester": { "name": "Similarity Tester", "categories": [ "linter" ], "languages": [ "asm", "c", "cpp", "java", "lisp", "pascal" ], "other": [], "licenses": [ "BSD 3-Clause Revised License" ], "types": [ "service" ], "homepage": "https://dickgrune.com/Programs/similarity_tester/", "source": null, "pricing": null, "plans": null, "description": "A tool that finds similarities between or within files to support you encountering DRY principle violations.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "skunk": { "name": "Skunk", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [ "rails" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/fastruby/skunk", "source": "https://github.com/fastruby/skunk", "pricing": null, "plans": null, "description": "A SkunkScore Calculator for Ruby Code -- Find the most complicated code without test coverage!", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "skylos": { "name": "Skylos", "categories": [ "linter" ], "languages": [ "go", "python", "typescript" ], "other": [ "security" ], "licenses": [ "Apache 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/duriantaco/skylos", "source": "https://github.com/duriantaco/skylos", "pricing": null, "plans": null, "description": "Dead code detection, security scanning, secrets detection, and code quality analysis for Python, TypeScript, and Go. Framework-aware analysis with 98% recall. Includes CI/CD GitHub Action, VS Code extension, and MCP server for AI agent integration.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sleek": { "name": "sleek", "categories": [ "formatter" ], "languages": [ "sql" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/nrempel/sleek", "source": "https://github.com/nrempel/sleek", "pricing": null, "plans": null, "description": "Sleek is a CLI tool for formatting SQL. It helps you maintain a consistent style across your SQL code, enhancing readability and productivity. The heavy lifting is done by the sqlformat crate.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "slim-lint": { "name": "slim-lint", "categories": [ "linter" ], "languages": [], "other": [ "template" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/sds/slim-lint", "source": "https://github.com/sds/slim-lint", "pricing": null, "plans": null, "description": "Configurable tool for analyzing Slim templates.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "slither": { "name": "slither", "categories": [ "formatter" ], "languages": [], "other": [ "smart-contracts" ], "licenses": [ "GNU Affero General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://github.com/trailofbits/slither", "source": "https://github.com/trailofbits/slither", "pricing": null, "plans": null, "description": "Static analysis framework that runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "snyk-code": { "name": "Snyk Code", "categories": [ "linter" ], "languages": [ "csharp", "go", "java", "javascript", "php", "python", "ruby", "typescript" ], "other": [ "container", "ci", "security" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://snyk.io", "source": null, "pricing": "https://snyk.io/plans/", "plans": { "free": true, "oss": true }, "description": "Snyk Code finds security vulnerabilities based on AI. Its speed of analysis allow us to analyse your code in real time and deliver results when you hit the save button in your IDE. Supported languages are Java, JavaScript, Python, PHP, C#, Go and TypeScript. Integrations with GitHub, BitBucket and Gitlab. It is free to try and part of the Snyk platform also covering SCA, containers and IaC.", "discussion": null, "deprecated": null, "resources": [ { "title": "Product homepage", "url": "https://snyk.io/product/snyk-code/" }, { "title": "Intro to Snyk Code Video", "url": "https://www.youtube.com/watch?v=fNYf0fgWOFQ" } ], "reviews": null, "demos": null, "wrapper": null }, "sobelow": { "name": "sobelow", "categories": [ "linter" ], "languages": [ "elixir" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/nccgroup/sobelow", "source": "https://github.com/nccgroup/sobelow", "pricing": null, "plans": null, "description": "Security-focused static analysis for the Phoenix Framework.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "solhint": { "name": "solhint", "categories": [ "linter" ], "languages": [], "other": [ "smart-contracts" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://protofire.github.io/solhint", "source": "https://github.com/protofire/solhint", "pricing": null, "plans": null, "description": "Solhint is an open source project created by https://protofire.io. Its goal is to provide a linting utility for Solidity code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "solium": { "name": "solium", "categories": [ "linter" ], "languages": [], "other": [ "smart-contracts" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://ethlint.readthedocs.io/en/latest", "source": "https://github.com/duaraghav8/Solium", "pricing": null, "plans": null, "description": "Solium is a linter to identify and fix style and security issues in Solidity smart contracts.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sonaranalyzer-csharp": { "name": "SonarAnalyzer.CSharp", "categories": [ "linter" ], "languages": [ "csharp" ], "other": [], "licenses": [ "LGPL-3.0-only license" ], "types": [ "cli" ], "homepage": "https://github.com/SonarSource/sonar-dotnet", "source": "https://github.com/SonarSource/sonar-dotnet", "pricing": null, "plans": null, "description": "These Roslyn analyzers allow you to produce Clean Code that is safe, reliable, and maintainable by helping you find and correct bugs, vulnerabilities, and code smells in your codebase.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sonardelphi": { "name": "SonarDelphi", "categories": [ "linter" ], "languages": [ "delphi" ], "other": [], "licenses": [ "LGPL-3.0-only license" ], "types": [ "cli" ], "homepage": "https://github.com/integrated-application-development/sonar-delphi", "source": "https://github.com/integrated-application-development/sonar-delphi", "pricing": null, "plans": null, "description": "Delphi static analyzer for the SonarQube code quality platform.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sonarqube-cloud": { "name": "SonarQube Cloud", "categories": [ "linter" ], "languages": [ "abap", "apex", "c", "csharp", "cpp", "cobol", "go", "java", "javascript", "kotlin", "objectivec", "php", "plsql", "python", "ruby", "scala", "swift", "tsql", "typescript", "vbnet" ], "other": [ "arm", "cloudformation", "ci", "css", "dockerfile", "html", "kubernetes", "security", "terraform", "xml" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://sonarcloud.io", "source": null, "pricing": "https://sonarcloud.io/pricing", "plans": { "free": false, "oss": true }, "description": "SonarQube Cloud enables your team to deliver clean code consistently and efficiently with a code review tool that easily integrates into the cloud DevOps platforms and extend your CI/CD workflow. SonarQube Cloud provides a free plan.", "discussion": null, "deprecated": null, "resources": null, "reviews": [ "https://www.g2.com/products/sonarcloud/reviews", "https://www.gartner.com/reviews/market/application-security-testing/vendor/sonarsource/product/sonarcloud", "https://www.peerspot.com/products/sonarcloud-reviews" ], "demos": null, "wrapper": null }, "sonarqube-for-ide": { "name": "SonarQube for IDE", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "cobol", "go", "java", "javascript", "kotlin", "php", "plsql", "python", "ruby", "scala", "swift", "tsql", "typescript", "vbnet" ], "other": [ "cloudformation", "css", "dockerfile", "html", "kubernetes", "security", "terraform", "xml" ], "licenses": [ "GNU Lesser General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://sonarlint.org", "source": "https://github.com/SonarSource/sonarlint-intellij", "pricing": null, "plans": null, "description": "SonarQube for IDE (formerly SonarLint) is a free IDE extension available for IntelliJ, VS Code, Visual Studio, and Eclipse, to find and fix coding issues in real-time, flagging issues as you code, just like a spell-checker. More than a linter, it also delivers rich contextual guidance to help developers understand why there is an issue, assess the risk, and educate them on how to fix it.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sonarqube-server": { "name": "SonarQube Server", "categories": [ "linter" ], "languages": [ "abap", "apex", "c", "csharp", "cpp", "cobol", "go", "java", "javascript", "kotlin", "objectivec", "php", "plsql", "python", "ruby", "scala", "swift", "tsql", "typescript", "vbnet" ], "other": [ "arm", "cloudformation", "ci", "css", "dockerfile", "html", "kubernetes", "security", "terraform", "xml" ], "licenses": [ "GNU Lesser General Public License v3.0" ], "types": [ "service" ], "homepage": "https://sonarqube.org", "source": "https://github.com/SonarSource/sonarqube", "pricing": "https://www.sonarsource.com/plans-and-pricing/", "plans": null, "description": "SonarQube empowers development teams with a code quality and security solution that deeply integrates into your enterprise environment; enabling you to deploy clean code consistently and reliably. SonarQube provides a free and open source Community Build.", "discussion": null, "deprecated": null, "resources": [ { "title": "Write Cleaner, Safer, Modern C++ Code with SonarQube", "url": "https://www.youtube.com/watch?v=WPHVPbxCAwE" }, { "title": "Write cleaner, safer Python code with SonarQube", "url": "https://www.youtube.com/watch?v=ow-yuIlCuHk" } ], "reviews": [ "https://www.capterra.com/p/210481/SonarQube/", "https://www.gartner.com/reviews/market/application-security-testing/vendor/sonarsource/product/sonarqube", "https://www.peerspot.com/products/sonarqube-reviews" ], "demos": [ "https://next.sonarqube.com/sonarqube/projects" ], "wrapper": null }, "sonatype": { "name": "Sonatype", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "clojure", "coffeescript", "fsharp", "go", "groovy", "java", "javascript", "kotlin", "objectivec", "php", "python", "r", "ruby", "rust", "scala", "swift", "vbasic" ], "other": [ "ci", "security" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.sonatype.com", "source": "https://www.sonatype.com", "pricing": "https://www.sonatype.com/products/pricing", "plans": null, "description": "Reports known vulnerabilities in common dependencies and recommends updated packages to minimize breaking changes", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "soot": { "name": "Soot", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "GNU Lesser General Public License v2.1" ], "types": [ "cli" ], "homepage": "https://soot-oss.github.io/soot", "source": "https://github.com/soot-oss/soot", "pricing": null, "plans": null, "description": "A framework for analyzing and transforming Java and Android applications.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sorbet": { "name": "Sorbet", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://sorbet.org", "source": "https://github.com/sorbet/sorbet", "pricing": null, "plans": null, "description": "A fast, powerful type checker designed for Ruby.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "soto-platform": { "name": "Soto Platform", "categories": [ "linter" ], "languages": [ "abap", "c", "csharp", "cpp", "java", "php", "typescript" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.hello2morrow.com/products/sotograph", "source": null, "pricing": null, "plans": null, "description": "Suite of static analysis tools consisting of the three components Sotoarc (Architecture Analysis), Sotograph (Quality Analysis), and Sotoreport (Quality report). Helps find differences between architecture and implementation, interface violations (e.g. external access of private parts of subsystems, detection of all classes, files, packages and subsystems which are strongly coupled by cyclical relationships and more. The Sotograph product family runs on Windows and Linux. ", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sourcemeter": { "name": "SourceMeter", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "java", "python" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.sourcemeter.com/", "source": null, "pricing": "https://www.sourcemeter.com/download", "plans": { "free": true, "oss": false }, "description": "Static Code Analysis for C/C++, Java, C#, Python, and RPG III and RPG IV versions (including free-form).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "spark": { "name": "SPARK", "categories": [ "linter" ], "languages": [ "ada" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.adacore.com/about-spark", "source": null, "pricing": "https://www.adacore.com/pricing", "plans": null, "description": "Static analysis and formal verification toolset for Ada.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "specificity-graph": { "name": "Specificity Graph", "categories": [ "linter" ], "languages": [], "other": [ "css" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/pocketjoso/specificity-graph", "source": "https://github.com/pocketjoso/specificity-graph", "pricing": null, "plans": null, "description": "CSS Specificity Graph Generator.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "spectral": { "name": "Spectral", "categories": [ "linter" ], "languages": [], "other": [ "json", "yaml" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://stoplight.io/open-source/spectral", "source": "https://github.com/stoplightio/spectral", "pricing": null, "plans": null, "description": "A flexible JSON/YAML linter, with out-of-the-box support for OpenAPI v2/v3 and AsyncAPI v2.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "splint": { "name": "splint", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "http://splint.org", "source": "https://github.com/ravenexp/splint", "pricing": null, "plans": null, "description": "Annotation-assisted static program checker.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "spoon": { "name": "Spoon", "categories": [ "formatter" ], "languages": [ "java" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://spoon.gforge.inria.fr", "source": "https://github.com/INRIA/spoon", "pricing": null, "plans": null, "description": "Spoon is a metaprogramming library to analyze and transform Java source code (incl Java 9, 10, 11, 12, 13, 14). It parses source files to build a well-designed AST with powerful analysis and transformation API. Can be integrated in Maven and Gradle.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "spotbugs": { "name": "SpotBugs", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "GNU Lesser General Public License v2.1" ], "types": [ "cli" ], "homepage": "https://spotbugs.github.io", "source": "https://github.com/spotbugs/spotbugs", "pricing": null, "plans": null, "description": "SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sqlcheck": { "name": "sqlcheck", "categories": [ "linter" ], "languages": [ "sql" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/jarulraj/sqlcheck", "source": "https://github.com/jarulraj/sqlcheck", "pricing": null, "plans": null, "description": "Automatically identify anti-patterns in SQL queries.", "discussion": null, "deprecated": true, "resources": [ { "title": "SQLCheck: Automated Detection and Diagnosis of SQL Anti-Patterns", "url": "https://www.youtube.com/watch?v=5vHhuuPy3FI" } ], "reviews": null, "demos": null, "wrapper": null }, "sqlfluff": { "name": "SQLFluff", "categories": [ "linter", "formatter" ], "languages": [ "sql" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://www.sqlfluff.com/", "source": "https://github.com/sqlfluff/sqlfluff", "pricing": null, "plans": null, "description": "Multiple dialect SQL linter and formatter.", "discussion": null, "deprecated": null, "resources": [ { "title": "Official SQLFluff documentation", "url": "https://docs.sqlfluff.com/en/stable/" } ], "reviews": null, "demos": null, "wrapper": null }, "sqlint": { "name": "sqlint", "categories": [ "linter" ], "languages": [ "sql" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/purcell/sqlint", "source": "https://github.com/purcell/sqlint", "pricing": null, "plans": null, "description": "Simple SQL linter.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sqlvet": { "name": "sqlvet", "categories": [ "linter" ], "languages": [ "go", "sql" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/houqp/sqlvet", "source": "https://github.com/houqp/sqlvet", "pricing": null, "plans": null, "description": "Performs static analysis on raw SQL queries in your Go code base to surface potential runtime errors. It checks for SQL syntax error, identifies unsafe queries that could potentially lead to SQL injections makes sure column count matches value count in INSERT statements and validates table- and column names.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "squawk": { "name": "squawk", "categories": [ "linter" ], "languages": [ "sql" ], "other": [], "licenses": [ "GPL-3.0 License" ], "types": [ "cli" ], "homepage": "https://squawkhq.com", "source": "https://github.com/sbdchd/squawk", "pricing": null, "plans": null, "description": "Linter for PostgreSQL, focused on migrations. Prevents unexpected downtime caused by database migrations and encourages best practices around Postgres schemas and SQL.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "stan": { "name": "Stan", "categories": [ "linter" ], "languages": [ "haskell" ], "other": [], "licenses": [ "Mozilla Public License 2.0" ], "types": [ "cli" ], "homepage": "https://kowainik.github.io/projects/stan", "source": "https://github.com/kowainik/stan", "pricing": null, "plans": null, "description": "Stan is a command-line tool for analysing Haskell projects and outputting discovered vulnerabilities in a helpful way with possible solutions for detected problems.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "standard": { "name": "standard", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [ "nodejs" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "http://standardjs.com", "source": "https://github.com/standard/standard", "pricing": null, "plans": null, "description": "An npm module that checks for Javascript Styleguide issues.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "standard-ruby": { "name": "Standard Ruby", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/testdouble/standard", "source": "https://github.com/testdouble/standard", "pricing": null, "plans": null, "description": "Ruby Style Guide, with linter & automatic code fixer", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "staticcheck": { "name": "staticcheck", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://staticcheck.io", "source": "https://github.com/dominikh/go-tools", "pricing": null, "plans": null, "description": "Go static analysis that specialises in finding bugs, simplifying code and improving performance.", "discussion": null, "deprecated": null, "resources": [ { "title": "GopherCon 2019: Denis Isaev - Go Linters: Myths and Best Practices", "url": "https://www.youtube.com/watch?v=1U-Gzz4TYP0" } ], "reviews": null, "demos": null, "wrapper": null }, "staticlint": { "name": "StaticLint", "categories": [ "linter" ], "languages": [ "julia" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/julia-vscode/StaticLint.jl", "source": "https://github.com/julia-vscode/StaticLint.jl", "pricing": null, "plans": null, "description": "Static Code Analysis for Julia", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "staticreviewer": { "name": "StaticReviewer", "categories": [ "linter" ], "languages": [ "abap", "actionscript", "asp", "apex", "aspnet", "c", "csharp", "cpp", "clojure", "cobol", "go", "groovy", "java", "javascript", "jsp", "kotlin", "lua", "objectivec", "php", "plsql", "powershell", "python", "r", "rust", "scala", "shell", "sql", "swift", "tsql", "typescript", "vbnet", "vba" ], "other": [ "json", "xml" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://securityreviewer.atlassian.net/wiki/spaces/KC/pages/196633/Static+Reviewer", "source": null, "pricing": null, "plans": null, "description": "Static Reviewer executes code checks according to the most relevant Secure Coding Standards, OWASP, CWE, CVE, CVSS, MISRA, CERT, for 40+ programming languages, using 1000+ built-in validation rules for Security, Deadcode & Best Practices Available a module for Software Composition Analysis (SCA) to find vulnerabilities in open source and third party libraries.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "statix": { "name": "statix", "categories": [ "linter" ], "languages": [], "other": [ "nix" ], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/nerdypepper/statix", "source": "https://github.com/nerdypepper/statix", "pricing": null, "plans": null, "description": "Lints and suggestions for the Nix programming language. \"statix check\" highlights antipatterns in Nix code. \"statix fix\" can fix several such occurrences.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "stc": { "name": "stc", "categories": [ "linter" ], "languages": [ "typescript" ], "other": [], "licenses": [ "Apache-2.0" ], "types": [ "cli" ], "homepage": "https://stc.dudy.dev", "source": "https://github.com/dudykr/stc", "pricing": null, "plans": null, "description": "Speedy TypeScript type checker written in Rust", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "steady": { "name": "steady", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "Apache-2.0" ], "types": [ "cli" ], "homepage": "https://eclipse.github.io/steady/", "source": "https://github.com/eclipse/steady", "pricing": null, "plans": null, "description": "Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "steampunk-spotter": { "name": "Steampunk Spotter", "categories": [ "linter", "formatter" ], "languages": [], "other": [ "ansible", "configmanagement", "security" ], "licenses": [ "proprietary" ], "types": [ "cli", "gui", "service", "ide-plugin" ], "homepage": "https://steampunk.si/spotter/", "source": "https://gitlab.com/xlab-steampunk/steampunk-spotter-client/spotter-cli", "pricing": "https://steampunk.si/spotter/pricing", "plans": { "free": true, "oss": false }, "description": "Ansible Playbook Scanning Tool that analyzes and offers recommendations for your playbooks.", "discussion": null, "deprecated": null, "resources": [ { "title": "Steampunk Spotter: Simplify and Speed up Ansible Upgrades", "url": "https://www.youtube.com/watch?v=JIzph_gqf08" }, { "title": "Steampunk Spotter: Demo", "url": "https://www.youtube.com/watch?v=yeggNPmtv04" } ], "reviews": null, "demos": null, "wrapper": null }, "steep": { "name": "Steep", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/soutaro/steep", "source": "https://github.com/soutaro/steep", "pricing": null, "plans": null, "description": "Gradual Typing for Ruby.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "stoke": { "name": "STOKE", "categories": [ "formatter" ], "languages": [ "asm" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/StanfordPL/stoke", "source": "https://github.com/StanfordPL/stoke", "pricing": null, "plans": null, "description": "A programming-language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "structcheck": { "name": "structcheck", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "GPL-3.0-only (original text)" ], "types": [ "cli" ], "homepage": "https://gitlab.com/opennota/check", "source": "https://gitlab.com/opennota/check", "pricing": null, "plans": null, "description": "Find unused struct fields.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "structslop": { "name": "structslop", "categories": [ "linter", "formatter" ], "languages": [ "go" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/orijtech/structslop", "source": "https://github.com/orijtech/structslop", "pricing": null, "plans": null, "description": "Static analyzer for Go that recommends struct field rearrangements to provide for maximum space/allocation efficiency", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "stylelint": { "name": "Stylelint", "categories": [ "linter" ], "languages": [], "other": [ "css" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "http://stylelint.io", "source": "https://github.com/stylelint/stylelint", "pricing": null, "plans": null, "description": "Linter for SCSS/CSS files.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "styler": { "name": "styler", "categories": [ "formatter" ], "languages": [ "r" ], "other": [], "licenses": [ "GPL-3" ], "types": [ "cli" ], "homepage": "https://styler.r-lib.org", "source": "https://github.com/r-lib/styler", "pricing": null, "plans": null, "description": "Formatting of R source code files and pretty-printing of R code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "super-linter": { "name": "Super-Linter", "categories": [ "linter" ], "languages": [ "coffeescript", "go", "javascript", "perl", "python", "ruby", "shell", "typescript" ], "other": [ "configmanagement", "container", "json", "markdown", "xml", "yaml" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/github/super-linter", "source": "https://github.com/github/super-linter", "pricing": null, "plans": null, "description": "Combination of multiple linters to install as a GitHub Action.", "discussion": null, "deprecated": true, "resources": [ { "title": "The Easiest Way to Lint Your Code: GitHub Super Linter Deep Dive", "url": "https://www.youtube.com/watch?v=BCrtoZ04L1Y" } ], "reviews": null, "demos": null, "wrapper": null }, "svace": { "name": "Svace", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "go", "java" ], "other": [ "security" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.ispras.ru/en/technologies/svace/", "source": null, "pricing": null, "plans": null, "description": "Static code analysis tool for Java,C,C++,C#,Go.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "svf": { "name": "SVF", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://svf-tools.github.io/SVF", "source": "https://github.com/SVF-tools/SVF", "pricing": null, "plans": null, "description": "A static tool that enables scalable and precise interprocedural dependence analysis for C and C++ programs.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "svls": { "name": "svls", "categories": [ "linter" ], "languages": [ "verilog" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/dalance/svls", "source": "https://github.com/dalance/svls", "pricing": null, "plans": null, "description": "A Language Server Protocol implementation for Verilog and SystemVerilog, including lint capabilities.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "swiftformat": { "name": "SwiftFormat", "categories": [ "formatter" ], "languages": [ "swift" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/nicklockwood/SwiftFormat", "source": "https://github.com/nicklockwood/SwiftFormat", "pricing": null, "plans": null, "description": "A library and command-line formatting tool for reformatting Swift code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "swiftlint": { "name": "SwiftLint", "categories": [ "linter" ], "languages": [ "swift" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli", "ide-plugin" ], "homepage": "https://realm.github.io/SwiftLint", "source": "https://github.com/realm/SwiftLint", "pricing": null, "plans": null, "description": "A tool to enforce Swift style and conventions.", "discussion": null, "deprecated": null, "resources": [ { "title": "Mastering SwiftLint for Code Readability", "url": "https://www.youtube.com/watch?v=4YQ6DJ-xovY" }, { "title": "The Road to Cleaner Code w/ SwiftLint", "url": "https://academy.realm.io/posts/slug-jp-simard-swiftlint/" } ], "reviews": [ "https://plugins.jetbrains.com/plugin/9175-swiftlint" ], "demos": null, "wrapper": null }, "symfony-insight": { "name": "Symfony Insight", "categories": [ "linter" ], "languages": [ "php" ], "other": [ "ci", "security" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://insight.symfony.com/", "source": null, "pricing": "https://insight.symfony.com/pricing", "plans": null, "description": "Detect security risks, find bugs and provide actionable metrics for PHP projects.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "synopsys": { "name": "Synopsys", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "fortran", "java", "javascript", "php", "python", "ruby", "swift" ], "other": [ "ci", "mobile", "nodejs" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html", "source": null, "pricing": "https://www.blackduck.com/static-analysis-tools-sast/coverity/get-pricing.html", "plans": { "free": false, "oss": true }, "description": "A commercial static analysis platform that allows for scanning of multiple languages (C/C++, Android, C#, Java, JS, PHP, Python, Node.JS, Ruby, Fortran, and Swift).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sys": { "name": "Sys", "categories": [ "linter" ], "languages": [ "ocaml" ], "other": [], "licenses": [ "GPL-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/PLSysSec/sys", "source": "https://github.com/PLSysSec/sys", "pricing": null, "plans": null, "description": "A static/symbolic Tool for finding bugs in (browser) code. It uses the LLVM AST to find bugs like uninitialized memory access.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sysdig": { "name": "sysdig", "categories": [ "linter" ], "languages": [], "other": [ "container" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://sysdig.com/", "source": null, "pricing": null, "plans": null, "description": "A secure DevOps platform for cloud and container forensics. Built on an open source stack, Sysdig provides Docker image scanning and created Falco, the open standard for runtime threat detection for containers, Kubernetes and cloud. ", "discussion": null, "deprecated": null, "resources": [ { "title": "Run confidently with secure DevOps", "url": "https://www.youtube.com/watch?v=KXfZWprVr0w" } ], "reviews": null, "demos": null, "wrapper": null }, "tailor": { "name": "Tailor", "categories": [ "linter" ], "languages": [ "swift" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://sleekbyte.github.io/tailor", "source": "https://github.com/sleekbyte/tailor", "pricing": null, "plans": null, "description": "A static analysis and lint tool for source code written in Apple's Swift programming language.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "tangleguard": { "name": "TangleGuard", "categories": [ "linter", "meta" ], "languages": [ "rust" ], "other": [ "ci" ], "licenses": [ "proprietary" ], "types": [ "cli", "service" ], "homepage": "https://tangleguard.com/", "source": "https://github.com/TangleGuard", "pricing": null, "plans": { "free": false, "oss": true }, "description": "Helps you understand and maintain a scalable software architecture. To do so, it generates a interactive, nested dependency graph out of the source code. You can choose the level of details and get the portion of your codebase that matters to you.", "discussion": null, "deprecated": null, "resources": [ { "title": "TangleGuard Cloud", "url": "https://app.tangleguard.com/" }, { "title": "TangleGuard Preview", "url": "https://youtu.be/whzbP1Hnsqs" }, { "title": "TangleGuard Documentation", "url": "https://docs.tangleguard.com/" } ], "reviews": null, "demos": null, "wrapper": false }, "tclchecker": { "name": "tclchecker", "categories": [ "linter" ], "languages": [ "tcl" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://github.com/ActiveState/tdk/blob/master/docs/3.0/TDK_3.0_Checker.txt", "source": "https://github.com/ActiveState/tdk/blob/master/docs/3.0/TDK_3.0_Checker.txt", "pricing": null, "plans": null, "description": "A static syntax analysis module (as part of [TDK](https://github.com/ActiveState/tdk)).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "teamscale": { "name": "Teamscale", "categories": [ "linter" ], "languages": [ "abap", "c", "csharp", "cpp", "java" ], "other": [ "ci" ], "licenses": [ "proprietary" ], "types": [ "service", "ide-plugin" ], "homepage": "https://teamscale.com", "source": null, "pricing": "https://teamscale.com/pricing", "plans": { "free": false, "oss": false }, "description": "Static and dynamic analysis tool supporting more than 25 languages and direct IDE integration. Free hosting for Open Source projects available on request. Free academic licenses available.", "discussion": null, "deprecated": null, "resources": [ { "title": "CQSE Webinar: Architekturanalyse mit Teamscale (German)", "url": "https://www.youtube.com/watch?v=fJVjv0153-U" }, { "title": "Teamscale Integration for Visual Studio", "url": "https://marketplace.visualstudio.com/items?itemName=CQSEGmbH.Teamscale" } ], "reviews": null, "demos": null, "wrapper": null }, "tencentcodeanalysis": { "name": "TencentCodeAnalysis", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "go", "java", "javascript", "kotlin", "php", "python", "scala", "typescript" ], "other": [ "ci", "css", "html", "xml" ], "licenses": [ "MIT License" ], "types": [ "cli", "service" ], "homepage": "https://tca.tencent.com/", "source": "https://github.com/Tencent/CodeAnalysis", "pricing": null, "plans": null, "description": "Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It integrates of a number of self-developed tools, and also supports dynamic integration of code analysis tools in various programming languages.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "tern": { "name": "tern", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://ternjs.net", "source": "https://github.com/ternjs/tern", "pricing": null, "plans": null, "description": "A JavaScript code analyzer for deep, cross-editor language support.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "terraform-compliance": { "name": "terraform-compliance", "categories": [ "linter" ], "languages": [], "other": [ "configmanagement" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://terraform-compliance.com", "source": "https://github.com/eerkunt/terraform-compliance", "pricing": null, "plans": null, "description": "A lightweight, compliance- and security focused, BDD test framework against Terraform.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "terrascan": { "name": "terrascan", "categories": [ "linter" ], "languages": [], "other": [ "configmanagement" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/cesar-rodriguez/terrascan", "source": "https://github.com/cesar-rodriguez/terrascan", "pricing": null, "plans": null, "description": "Collection of security and best practice tests for static code analysis of Terraform templates.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "test": { "name": "test", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD-3-Clause (original text)" ], "types": [ "cli" ], "homepage": "https://pkg.go.dev/testing", "source": "https://pkg.go.dev/testing", "pricing": null, "plans": null, "description": "Show location of test failures from the stdlib testing module.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "texlab": { "name": "TeXLab", "categories": [ "linter" ], "languages": [], "other": [ "latex" ], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://texlab.netlify.app", "source": "https://github.com/latex-lsp/texlab", "pricing": null, "plans": null, "description": "A Language Server Protocol implementation for TeX/LaTeX, including lint capabilities.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "textlint": { "name": "textlint", "categories": [ "linter" ], "languages": [], "other": [ "markdown" ], "licenses": [ "MIT Licence" ], "types": [ "cli" ], "homepage": "https://textlint.github.io/", "source": "https://github.com/textlint/textlint", "pricing": null, "plans": null, "description": "textlint is an open source text linting utility written in JavaScript.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "tflint": { "name": "tflint", "categories": [ "linter" ], "languages": [], "other": [ "configmanagement" ], "licenses": [ "Mozilla Public License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/wata727/tflint", "source": "https://github.com/wata727/tflint", "pricing": null, "plans": null, "description": "A Terraform linter for detecting errors that can not be detected by `terraform plan`.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "tfsec": { "name": "tfsec", "categories": [ "linter" ], "languages": [], "other": [ "configmanagement", "security" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/tfsec/tfsec", "source": "https://github.com/tfsec/tfsec", "pricing": null, "plans": null, "description": "Terraform static analysis tool that prevents potential security issues by checking cloud misconfigurations at build time and directly integrates with the HCL parser for better results. Checks for violations of AWS, Azure and GCP security best practice recommendations.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "threatmapper": { "name": "ThreatMapper", "categories": [ "linter" ], "languages": [ "dotnet", "go", "java", "javascript", "php", "python", "ruby", "rust" ], "other": [ "container", "ci", "nodejs", "security" ], "licenses": [ "Apache-2.0 License" ], "types": [ "service" ], "homepage": "https://github.com/deepfence/ThreatMapper", "source": "https://github.com/deepfence/ThreatMapper", "pricing": null, "plans": null, "description": "Vulnerability Scanner and Risk Evaluation for containers, serverless and hosts at runtime. ThreatMapper generates runtime BOMs from dependencies and operating system packages, matches against multiple threat feeds, scans for unprotected secrets, and scores issues based on severity and risk-of-exploit.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "todocheck": { "name": "todocheck", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "go", "groovy", "java", "javascript", "php", "python", "r", "rust", "scala", "shell", "swift", "typescript" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/preslavmihaylov/todocheck", "source": "https://github.com/preslavmihaylov/todocheck", "pricing": null, "plans": null, "description": "Linter for integrating annotated TODOs with your issue trackers", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "traceroute": { "name": "Traceroute", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [ "rails" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/amatsuda/traceroute", "source": "https://github.com/amatsuda/traceroute", "pricing": null, "plans": null, "description": "A Rake task gem that helps you find the unused routes and controller actions for your Rails 3+ app.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "trivy": { "name": "trivy", "categories": [ "linter" ], "languages": [ "javascript", "php", "ruby", "rust" ], "other": [ "container", "nodejs" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/aquasecurity/trivy", "source": "https://github.com/aquasecurity/trivy", "pricing": null, "plans": null, "description": "A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Checks containers and filesystems.\n", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "trufflehog": { "name": "trufflehog", "categories": [ "linter" ], "languages": [], "other": [ "security" ], "licenses": [ "AGPL-3.0" ], "types": [ "cli" ], "homepage": "https://trufflesecurity.com", "source": "https://github.com/trufflesecurity/trufflehog", "pricing": null, "plans": null, "description": "Find credentials all over the place\nTruffleHog is an open source secret-scanning engine that resolves exposed secrets across your company’s entire tech stack. ", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "trunk": { "name": "trunk", "categories": [ "linter", "formatter" ], "languages": [ "c", "cpp", "go", "java", "javascript", "python", "ruby", "rust", "typescript" ], "other": [ "ansible", "cloudformation", "dockerfile", "markdown", "protobuf", "terraform" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://trunk.io", "source": "https://github.com/trunk-io/", "pricing": "https://trunk.io/pricing", "plans": { "free": true, "oss": true }, "description": "Modern repositories include many technologies, each with its own set of linters. With 30+ linters and counting, Trunk makes it dead-simple to identify, install, configure, and run the right linters, static analyzers, and formatters for all your repos.", "discussion": null, "deprecated": null, "resources": [ { "title": "Trunk GitHub Action", "url": "https://github.com/trunk-io/trunk-action" }, { "title": "Community Slack Channel", "url": "https://slack.trunk.io" } ], "reviews": null, "demos": null, "wrapper": null }, "trustinsoft-analyzer": { "name": "TrustInSoft Analyzer", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://trust-in-soft.com", "source": null, "pricing": null, "plans": null, "description": "Exhaustive detection of coding errors and their associated security vulnerabilities. This encompasses a sound undefined behavior detection (buffer overflows, out-of-bounds array accesses, null-pointer dereferences, use-after-free, divide-by-zeros, uninitialized memory accesses, signed overflows, invalid pointer arithmetic, etc.), data flow and control flow verification as well as full functional verification of formal specifications. All versions of C up to C18 and C++ up to C++20 are supported. TrustInSoft Analyzer will acquire ISO 26262 qualification in Q2'2023 (TCL3). A MISRA C checker is also bundled.", "discussion": null, "deprecated": null, "resources": [ { "title": "TrustInSoft blog", "url": "https://trust-in-soft.com/resources/news/" }, { "title": "TrustInSoft white papers", "url": "https://trust-in-soft.com/resources/news/?_types=white-papers" } ], "reviews": [ "https://www.gartner.com/reviews/market/application-security-testing/vendor/trustinsoft/reviews" ], "demos": [ "https://github.com/TrustInSoft/demos", "https://github.com/TrustInSoft/jenkins-demos" ], "wrapper": null }, "tscancode": { "name": "TscanCode", "categories": [ "linter" ], "languages": [ "c", "csharp", "cpp", "lua" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/Tencent/TscanCode", "source": "https://github.com/Tencent/TscanCode", "pricing": null, "plans": null, "description": "A fast and accurate static analysis solution for C/C++, C#, Lua codes provided by Tencent. Using GPLv3 license.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "tslint": { "name": "tslint", "categories": [ "linter" ], "languages": [ "typescript" ], "other": [], "licenses": [ "Apache-2.0 license" ], "types": [ "cli" ], "homepage": "https://palantir.github.io/tslint/", "source": "https://github.com/palantir/tslint", "pricing": null, "plans": null, "description": "TSLint has been deprecated as of 2019. Please see [this issue](https://github.com/palantir/tslint/issues/4534) for more details. `typescript-eslint` is now your best option for linting TypeScript.\nTSLint is an extensible static analysis tool that checks TypeScript code for readability, maintainability, and functionality errors. It is widely supported across modern editors & build systems and can be customized with your own lint rules, configurations, and formatters.", "discussion": null, "deprecated": true, "resources": [ { "title": "Nextjs: tslint to eslint", "url": "https://www.youtube.com/watch?v=qXzIW4CfpxA" } ], "reviews": null, "demos": null, "wrapper": null }, "tslint-clean-code": { "name": "tslint-clean-code", "categories": [ "linter" ], "languages": [ "typescript" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://www.npmjs.com/package/tslint-clean-code", "source": "https://github.com/Glavin001/tslint-clean-code", "pricing": null, "plans": null, "description": "A set of TSLint rules inspired by the Clean Code handbook.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "tslint-microsoft-contrib": { "name": "tslint-microsoft-contrib", "categories": [ "linter" ], "languages": [ "typescript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/Microsoft/tslint-microsoft-contrib", "source": "https://github.com/Microsoft/tslint-microsoft-contrib", "pricing": null, "plans": null, "description": "A set of tslint rules for static code analysis of TypeScript projects maintained by Microsoft.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "tsqllint": { "name": "tsqllint", "categories": [ "linter" ], "languages": [ "sql" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/tsqllint/tsqllint", "source": "https://github.com/tsqllint/tsqllint", "pricing": null, "plans": null, "description": "T-SQL-specific linter.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "tsqlrules": { "name": "TSqlRules", "categories": [ "linter" ], "languages": [ "sql" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/ashleyglee/TSqlRules", "source": "https://github.com/ashleyglee/TSqlRules", "pricing": null, "plans": null, "description": "TSQL Static Code Analysis Rules for SQL Server.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "tsunami-security-scanner": { "name": "Tsunami Security Scanner", "categories": [ "linter" ], "languages": [], "other": [ "security" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/google/tsunami-security-scanner", "source": "https://github.com/google/tsunami-security-scanner", "pricing": null, "plans": null, "description": "A general purpose network security scanner with an extensible plugin system for detecting high severity RCE-like vulnerabilities with high confidence. Custom detectors for finding vulnerabilities (e.g. open APIs) can be added.", "discussion": null, "deprecated": null, "resources": [ { "title": "Tsunami Security Scanner from Google: Identify Critical vulnerabilities with high confidence - LAB", "url": "https://www.youtube.com/watch?v=SMlWes1XnWw" } ], "reviews": null, "demos": null, "wrapper": null }, "tuli": { "name": "Tuli", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/ircmaxell/Tuli", "source": "https://github.com/ircmaxell/Tuli", "pricing": null, "plans": null, "description": "A static analysis engine.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "twig-lint": { "name": "twig-lint", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/asm89/twig-lint", "source": "https://github.com/asm89/twig-lint", "pricing": null, "plans": null, "description": "twig-lint is a lint tool for your twig files.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "twiggy": { "name": "Twiggy", "categories": [ "linter" ], "languages": [ "wasm" ], "other": [ "binary" ], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/rustwasm/twiggy", "source": "https://github.com/rustwasm/twiggy", "pricing": null, "plans": null, "description": "Analyzes a binary's call graph to profile code size. The goal is to slim down wasm binary size.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ty": { "name": "ty", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://docs.astral.sh/ty/", "source": "https://github.com/astral-sh/ty", "pricing": null, "plans": null, "description": "An extremely fast Python type checker written in Rust.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "typescript-call-graph": { "name": "TypeScript Call Graph", "categories": [ "linter" ], "languages": [ "typescript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/whyboris/TypeScript-Call-Graph", "source": "https://github.com/whyboris/TypeScript-Call-Graph", "pricing": null, "plans": null, "description": "CLI to generate an interactive graph of functions and calls from your TypeScript files", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "typescript-eslint": { "name": "TypeScript ESLint", "categories": [ "linter" ], "languages": [ "typescript" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/typescript-eslint/typescript-eslint", "source": "https://github.com/typescript-eslint/typescript-eslint", "pricing": null, "plans": null, "description": "TypeScript language extension for eslint.", "discussion": null, "deprecated": null, "resources": [ { "title": "VSCode ESLint, Prettier & Airbnb Style Guide Setup", "url": "https://www.youtube.com/watch?v=SydnKbGc7W8" } ], "reviews": null, "demos": null, "wrapper": null }, "typl": { "name": "TypL", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://typl.dev", "source": "https://github.com/getify/TypL", "pricing": null, "plans": null, "description": "With TypL, you just write completely standard JS, and the tool figures out your types via powerful inferencing.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "unconvert": { "name": "unconvert", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://github.com/mdempsky/unconvert", "source": "https://github.com/mdempsky/unconvert", "pricing": null, "plans": null, "description": "Detect redundant type conversions.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "undebt": { "name": "Undebt", "categories": [ "linter" ], "languages": [ "c", "cpp", "java", "php" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/Yelp/undebt", "source": "https://github.com/Yelp/undebt", "pricing": null, "plans": null, "description": "Language-independent tool for massive, automatic, programmable refactoring based on simple pattern definitions.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "understand": { "name": "Understand", "categories": [ "linter" ], "languages": [ "ada", "asm", "c", "csharp", "cpp", "cobol", "delphi", "fortran", "java", "javascript", "php", "python", "vbnet" ], "other": [ "css", "html", "xml" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.scitools.com", "source": null, "pricing": "https://www.scitools.com/pricing", "plans": null, "description": "Code visualization tool that provides code analysis, standards testing, metrics, graphing, dependency analysis and more for Ada, VHDL, and others.", "discussion": null, "deprecated": null, "resources": [ { "title": "What is Understand?", "url": "https://www.youtube.com/watch?v=QXxciTA1R4k" }, { "title": "Basic Navigation in Understand", "url": "https://www.youtube.com/watch?v=YDd9J2Fs5Ug" }, { "title": "Tell a story about your code in just one image using Graphs", "url": "https://www.youtube.com/watch?v=mZRWN6ukUig" } ], "reviews": null, "demos": null, "wrapper": null }, "unibeautify": { "name": "Unibeautify", "categories": [ "formatter" ], "languages": [ "c", "cpp", "go", "java", "javascript", "jsx", "objectivec", "php", "python", "typescript" ], "other": [ "css", "html", "markdown", "vue" ], "licenses": [ "MIT License" ], "types": [ "cli", "service" ], "homepage": "https://unibeautify.com", "source": "https://github.com/unibeautify/unibeautify", "pricing": null, "plans": null, "description": "Universal code beautifier with a GitHub app. Supports HTML, CSS, JavaScript, TypeScript, JSX, Vue, C++, Go, Objective-C, Java, Python, PHP, GraphQL, Markdown, and more.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "unimport": { "name": "unimport", "categories": [ "linter", "formatter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://unimport.hakancelik.dev", "source": "https://github.com/hakancelikdev/unimport", "pricing": null, "plans": null, "description": "A linter, formatter for finding and removing unused import statements.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "unparam": { "name": "unparam", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://github.com/mvdan/unparam", "source": "https://github.com/mvdan/unparam", "pricing": null, "plans": null, "description": "Find unused function parameters.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "upsource": { "name": "Upsource", "categories": [ "linter" ], "languages": [ "java", "javascript", "kotlin", "php" ], "other": [ "ci" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.jetbrains.com/upsource", "source": null, "pricing": "https://www.jetbrains.com/buy", "plans": null, "description": "Code review tool with static code analysis and code-aware navigation for Java, PHP, JavaScript and Kotlin.", "discussion": null, "deprecated": null, "resources": [ { "title": "Upsource - Code Review Best Practices", "url": "https://www.youtube.com/watch?v=EjwD7Pi7J_0" } ], "reviews": null, "demos": null, "wrapper": null }, "vale": { "name": "vale", "categories": [ "linter" ], "languages": [], "other": [ "writing" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://vale.sh", "source": "https://github.com/errata-ai/vale", "pricing": null, "plans": null, "description": "A syntax-aware linter for prose built with speed and extensibility in mind.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "varcheck": { "name": "varcheck", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "GPL-3.0-only (original text)" ], "types": [ "cli" ], "homepage": "https://gitlab.com/opennota/check", "source": "https://gitlab.com/opennota/check", "pricing": null, "plans": null, "description": "Find unused global variables and constants.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "vera": { "name": "vera++", "categories": [ "formatter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "BSL-1.0 (original text)" ], "types": [ "cli" ], "homepage": "https://bitbucket.org/verateam/vera/wiki/Introduction", "source": "https://bitbucket.org/verateam/vera/src/master", "pricing": null, "plans": null, "description": "Vera++ is a programmable tool for verification, analysis and transformation of C++ source code.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "veracode": { "name": "Veracode", "categories": [ "linter" ], "languages": [ "dotnet", "c", "cpp", "java", "javascript", "objectivec", "php", "swift" ], "other": [ "security" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.veracode.com/security/static-code-analysis", "source": null, "pricing": "https://info.veracode.com/request-quote.html", "plans": { "free": false, "oss": false }, "description": "Find flaws in binaries and bytecode without requiring source. Support all major programming languages: Java, .NET, JavaScript, Swift, Objective-C, C, C++ and more.", "discussion": null, "deprecated": null, "resources": [ { "title": "Veracode Overview", "url": "https://www.youtube.com/watch?v=6Fq_UMgwX4I" }, { "title": "Veracode SCA Scan for VS Code Plugin", "url": "https://www.youtube.com/watch?v=hCl2H8Heqnw" } ], "reviews": [ "https://www.peerspot.com/products/veracode-reviews" ], "demos": null, "wrapper": null }, "verible-linter-action": { "name": "verible-linter-action", "categories": [ "linter" ], "languages": [ "verilog" ], "other": [], "licenses": [ "Apache-2.0 License" ], "types": [ "service" ], "homepage": "https://github.com/chipsalliance/verible-linter-action", "source": "https://github.com/chipsalliance/verible-linter-action", "pricing": null, "plans": null, "description": "Automatic SystemVerilog linting in github actions with the help of Verible Used to lint Verilog and SystemVerilog source files and comment erroneous lines of code in Pull Requests automatically.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "verifast": { "name": "VeriFast", "categories": [ "linter" ], "languages": [ "ocaml" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/verifast/verifast", "source": "https://github.com/verifast/verifast", "pricing": null, "plans": null, "description": "A tool for modular formal verification of correctness properties of single-threaded and multithreaded C and Java programs annotated with preconditions and postconditions written in separation logic. To express rich specifications, the programmer can define inductive datatypes, primitive recursive pure functions over these datatypes, and abstract separation logic predicates.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "verilator": { "name": "Verilator", "categories": [ "linter" ], "languages": [ "verilog" ], "other": [], "licenses": [ "GPL v3 or Perl Artistic License Version 2.0" ], "types": [ "cli" ], "homepage": "https://www.veripool.org/verilator", "source": "https://github.com/verilator/verilator", "pricing": null, "plans": null, "description": "A tool which converts Verilog to a cycle-accurate behavioral model in C++ or SystemC. Performs lint code-quality checks.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "vetur": { "name": "Vetur", "categories": [ "linter", "formatter" ], "languages": [], "other": [ "vue" ], "licenses": [ "MIT License" ], "types": [ "cli", "ide-plugin" ], "homepage": "https://marketplace.visualstudio.com/items?itemName=octref.vetur", "source": "https://github.com/vuejs/vetur", "pricing": null, "plans": null, "description": "Vue tooling for VS Code, powered by vls (vue language server). Vetur has support for formatting embedded HTML, CSS, SCSS, JS, TypeScript, and more. Vetur only has a \"whole document formatter\" and cannot format arbitrary ranges.", "discussion": null, "deprecated": true, "resources": [ { "title": "Pine Wu - var vetur = vscode + vue; | VueConf 2017", "url": "https://www.youtube.com/watch?v=05tNXJ-Kric" } ], "reviews": null, "demos": null, "wrapper": null }, "vint": { "name": "vint", "categories": [ "linter" ], "languages": [ "vim-script" ], "other": [], "licenses": [ "MIT License" ], "types": [ "ide-plugin" ], "homepage": "https://github.com/Kuniwak/vint", "source": "https://github.com/Kuniwak/vint", "pricing": null, "plans": null, "description": "Fast and Highly Extensible Vim script Language Lint implemented by Python.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "violations-lib": { "name": "Violations Lib", "categories": [ "linter" ], "languages": [ "java" ], "other": [ "ci", "support" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/tomasbjerre/violations-lib", "source": "https://github.com/tomasbjerre/violations-lib", "pricing": null, "plans": null, "description": "Java library for parsing report files from static code analysis. Used by a bunch of Jenkins, Maven and Gradle plugins.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "visual-expert": { "name": "Visual Expert", "categories": [ "linter" ], "languages": [ "sql" ], "other": [], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://www.visual-expert.com", "source": null, "pricing": "https://www.visual-expert.com/EN/visual-expert-price.html", "plans": null, "description": "Code analysis for PowerBuilder, Oracle, and SQL Server Explores, analyzes, and documents Code ", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "vmware-chap": { "name": "VMware chap", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "GPL v2" ], "types": [ "cli" ], "homepage": "https://github.com/vmware/chap", "source": "https://github.com/vmware/chap", "pricing": null, "plans": null, "description": "chap analyzes un-instrumented ELF core files for leaks, memory growth, and corruption. It is sufficiently reliable that it can be used in automation to catch leaks before they are committed. As an interactive tool, it helps explain memory growth, can identify some forms of corruption, and supplements a debugger by giving the status of various memory locations. ", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "vscode-verilog-hdl-support": { "name": "vscode-verilog-hdl-support", "categories": [ "linter" ], "languages": [ "verilog" ], "other": [], "licenses": [ "MIT License" ], "types": [ "ide-plugin" ], "homepage": "https://github.com/mshr-h/vscode-verilog-hdl-support", "source": "https://github.com/mshr-h/vscode-verilog-hdl-support", "pricing": null, "plans": null, "description": "Verilog HDL/SystemVerilog/Bluespec SystemVerilog support for VS Code. Provides syntax highlighting and Linting support from Icarus Verilog, Vivado Logical Simulation, Modelsim and Verilator", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "vsdiagnostics": { "name": "VSDiagnostics", "categories": [ "linter" ], "languages": [ "csharp" ], "other": [], "licenses": [ "GNU General Public License v2.0" ], "types": [ "cli" ], "homepage": "https://github.com/Vannevelj/VSDiagnostics", "source": "https://github.com/Vannevelj/VSDiagnostics", "pricing": null, "plans": null, "description": "A collection of static analyzers based on Roslyn that integrates with VS.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "vuls": { "name": "Vuls", "categories": [ "linter" ], "languages": [], "other": [ "container" ], "licenses": [ "AGPL-3.0 License" ], "types": [ "cli" ], "homepage": "https://vuls.io/", "source": "https://github.com/future-architect/vuls", "pricing": null, "plans": null, "description": "Agent-less Linux vulnerability scanner based on information from NVD, OVAL, etc. It has some container image support, although is not a container specific tool.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "vulture": { "name": "vulture", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/jendrikseipp/vulture", "source": "https://github.com/jendrikseipp/vulture", "pricing": null, "plans": null, "description": "Find unused classes, functions and variables in Python code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "wala": { "name": "WALA", "categories": [ "linter" ], "languages": [ "java", "javascript" ], "other": [], "licenses": [ "Eclipse Public License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/wala/WALA", "source": "https://github.com/wala/WALA", "pricing": null, "plans": null, "description": "Static analysis capabilities for Java bytecode and related languages and for JavaScript.", "discussion": null, "deprecated": null, "resources": [ { "title": "WALA Everywhere", "url": "https://www.youtube.com/watch?v=QtrJEopSSuw" } ], "reviews": null, "demos": null, "wrapper": null }, "wap": { "name": "WAP", "categories": [ "linter" ], "languages": [ "php" ], "other": [], "licenses": [ "GNU GPL" ], "types": [ "cli" ], "homepage": "https://securityonline.info/owasp-wap-web-application-protection-project", "source": "https://awap.sourceforge.io", "pricing": null, "plans": null, "description": "Tool to detect and correct input validation vulnerabilities in PHP (4.0 or higher) web applications and predicts false positives by combining static analysis and data mining.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "warnalyzer": { "name": "warnalyzer", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MIT / Apache 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/est31/warnalyzer", "source": "https://github.com/est31/warnalyzer", "pricing": null, "plans": null, "description": "Show unused code from multi-crate Rust projects", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "wartremover": { "name": "WartRemover", "categories": [ "linter" ], "languages": [ "scala" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://www.wartremover.org", "source": "https://github.com/puffnfresh/wartremover", "pricing": null, "plans": null, "description": "A flexible Scala code linting tool.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "wasm-language-tools": { "name": "wasm-language-tools", "categories": [ "linter", "formatter" ], "languages": [ "wasm" ], "other": [], "licenses": [ "MIT License" ], "types": [ "ide-plugin" ], "homepage": "https://github.com/g-plane/wasm-language-tools", "source": "https://github.com/g-plane/wasm-language-tools", "pricing": null, "plans": null, "description": "WebAssembly Language Tools aims to provide and improve the editing experience of WebAssembly Text Format. It also provides an out-of-the-box formatter (a.k.a. pretty printer) for WebAssembly Text Format.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "weeder": { "name": "Weeder", "categories": [ "linter" ], "languages": [ "haskell" ], "other": [], "licenses": [ "BSD 3-Clause \"New\" or \"Revised\" License" ], "types": [ "cli" ], "homepage": "https://github.com/ocharles/weeder", "source": "https://github.com/ocharles/weeder", "pricing": null, "plans": null, "description": "A tool for detecting dead exports or package imports in Haskell code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "weggli": { "name": "weggli", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [ "security" ], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/googleprojectzero/weggli", "source": "https://github.com/googleprojectzero/weggli", "pricing": null, "plans": null, "description": "A fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "wemake-python-styleguide": { "name": "wemake-python-styleguide", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://wemake-python-styleguide.rtfd.io/", "source": "https://github.com/wemake-services/wemake-python-styleguide", "pricing": null, "plans": null, "description": "The strictest and most opinionated python linter ever.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "whitehat-application-security-platform": { "name": "WhiteHat Application Security Platform", "categories": [ "linter" ], "languages": [ "aspnet", "csharp", "java", "javascript", "objectivec", "php", "typescript" ], "other": [ "html", "mobile", "nodejs" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://source.whitehatsec.com/help/sentinel/sast-service-detail.html", "source": null, "pricing": null, "plans": null, "description": "WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "wily": { "name": "wily", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/tonybaloney/wily", "source": "https://github.com/tonybaloney/wily", "pricing": null, "plans": null, "description": "A command-line tool for archiving, exploring and graphing the complexity of Python source code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "wintellect-analyzers": { "name": "Wintellect.Analyzers", "categories": [ "linter" ], "languages": [ "csharp" ], "other": [], "licenses": [ "Other" ], "types": [ "cli" ], "homepage": "https://github.com/Wintellect/Wintellect.Analyzers", "source": "https://github.com/Wintellect/Wintellect.Analyzers", "pricing": null, "plans": null, "description": ".NET Compiler Platform (\"Roslyn\") diagnostic analyzers and code fixes.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "wotan": { "name": "Wotan", "categories": [ "linter" ], "languages": [ "javascript", "typescript" ], "other": [], "licenses": [ "Apache License 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/fimbullinter/wotan", "source": "https://github.com/fimbullinter/wotan", "pricing": null, "plans": null, "description": "Pluggable TypeScript and JavaScript linter.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "write-good": { "name": "write-good", "categories": [ "linter" ], "languages": [], "other": [ "writing" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/btford/write-good", "source": "https://github.com/btford/write-good", "pricing": null, "plans": null, "description": "A linter with a focus on eliminating \"weasel words\".", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "wsl": { "name": "wsl", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/bombsimon/wsl", "source": "https://github.com/bombsimon/wsl", "pricing": null, "plans": null, "description": "Enforces empty lines at the right places.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "xcode": { "name": "XCode", "categories": [ "linter" ], "languages": [ "c", "cpp", "objectivec" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://developer.apple.com/xcode", "source": null, "pricing": null, "plans": null, "description": "XCode provides a pretty decent UI for [Clang's](https://clang-analyzer.llvm.org/xcode.html) static code analyzer (C/C++, Obj-C).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "xenon": { "name": "xenon", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://xenon.readthedocs.io", "source": "https://github.com/rubik/xenon", "pricing": null, "plans": null, "description": "Monitor code complexity using [`radon`](https://github.com/rubik/radon).", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "xo": { "name": "xo", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/xojs/xo", "source": "https://github.com/xojs/xo", "pricing": null, "plans": null, "description": "Opinionated but configurable ESLint wrapper with lots of goodies included. Enforces strict and readable code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "xygeni": { "name": "Xygeni", "categories": [ "linter" ], "languages": [ "csharp", "go", "java", "javascript", "python" ], "other": [ "dockerfile", "kubernetes", "terraform" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://xygeni.io/", "source": null, "pricing": null, "plans": null, "description": "Xygeni is a comprehensive Software Supply Chain Security platform. It provides Advanced SAST with AI-powered remediation, Software Composition Analysis (SCA) with real-time malware detection, Infrastructure as Code (IaC) scanning, and Secrets detection to ensure end-to-end code security.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "yamllint": { "name": "yamllint", "categories": [ "linter" ], "languages": [], "other": [ "template", "yaml" ], "licenses": [ "GNU General Public License v3.0" ], "types": [ "cli" ], "homepage": "https://yamllint.readthedocs.io", "source": "https://github.com/adrienverge/yamllint", "pricing": null, "plans": null, "description": "Checks YAML files for syntax validity, key repetition and cosmetic problems such as lines length, trailing spaces, and indentation.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "yapf": { "name": "yapf", "categories": [ "formatter" ], "languages": [ "python" ], "other": [], "licenses": [ "Apache-2.0" ], "types": [ "cli" ], "homepage": "https://github.com/google/yapf", "source": "https://github.com/google/yapf", "pricing": null, "plans": null, "description": "A formatter for Python files created by Google\nYAPF follows a distinctive methodology, originating from the 'clang-format' tool created by Daniel Jasper. Essentially, the program reframes the code to the most suitable formatting that abides by the style guide, even if the original code already follows the style guide. This concept is similar to the Go programming language's 'gofmt' tool, which aims to put an end to debates about formatting by having the entire codebase of a project pass through YAPF whenever changes are made, thereby maintaining a consistent style throughout the project and eliminating the need to argue about style in every code review.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "yardstick": { "name": "yardstick", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/calmh/yardstick", "source": "https://github.com/calmh/yardstick", "pricing": null, "plans": null, "description": "Javascript code metrics.", "discussion": null, "deprecated": true, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "zarn": { "name": "zarn", "categories": [ "linter" ], "languages": [ "perl" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/htrgouvea/zarn", "source": "https://github.com/htrgouvea/zarn", "pricing": null, "plans": null, "description": "A lightweight static security analysis tool for modern Perl Apps", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "zod": { "name": "zod", "categories": [ "linter" ], "languages": [ "typescript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://zod.dev", "source": "https://github.com/colinhacks/zod", "pricing": null, "plans": null, "description": "TypeScript-first schema validation with static type inference. The goal is to eliminate duplicative type declarations. With Zod, you declare a validator once and Zod will automatically infer the static TypeScript type. It is easy to compose simpler types into complex data structures.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "zpa": { "name": "ZPA", "categories": [ "linter" ], "languages": [ "plsql" ], "other": [], "licenses": [ "LGPL-3.0 License" ], "types": [ "cli" ], "homepage": "https://zpa.felipebz.com", "source": "https://github.com/felipebz/zpa", "pricing": null, "plans": null, "description": "An open source parser and code analyzer for PL/SQL and Oracle SQL code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "zydis": { "name": "zydis", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://zydis.re", "source": "https://github.com/zyantific/zydis", "pricing": null, "plans": null, "description": "Fast and lightweight x86/x86-64 disassembler library", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null } } ================================================ FILE: data/render/.gitignore ================================================ target ================================================ FILE: data/render/Cargo.toml ================================================ [package] name = "render" version = "0.2.0" authors = ["Matthias Endler "] edition = "2024" description = "Static analysis tools catalog renderer" license = "MIT" repository = "https://github.com/analysis-tools-dev/static-analysis" keywords = ["static-analysis", "linting", "tools", "catalog"] categories = ["development-tools"] [lints.clippy] # Correctness lints (enabled by default, but being explicit) correctness = { level = "deny", priority = -1 } # Style lints style = { level = "warn", priority = -1 } complexity = { level = "warn", priority = -1 } perf = { level = "warn", priority = -1 } suspicious = { level = "warn", priority = -1 } # Additional strict lints cargo = { level = "warn", priority = -1 } pedantic = { level = "warn", priority = -1 } nursery = { level = "warn", priority = -1 } # Specific lints we want to enforce missing_docs_in_private_items = "warn" missing_errors_doc = "warn" missing_panics_doc = "warn" unwrap_used = "deny" expect_used = "warn" panic = "deny" unimplemented = "deny" unreachable = "deny" todo = "warn" print_stdout = "warn" print_stderr = "warn" dbg_macro = "warn" # Allow some pedantic lints that might be too noisy module_name_repetitions = "allow" similar_names = "allow" too_many_lines = "allow" # We'll use the clippy.toml threshold instead [dependencies] serde = "1.0.228" serde_derive = "1.0.136" serde_yaml = "0.9.34" askama = "0.12.1" # Switch back to crates as soon as a new release with tokio 1.x support is # released. See https://github.com/softprops/hubcaps/pull/285 hubcaps = { git="https://github.com/softprops/hubcaps" } tokio = { version = "1.43.4", features = ["rt-multi-thread", "macros"] } chrono = "0.4.44" anyhow = "1.0.102" pico-args = "0.5.0" serde_json = "1.0.149" slug = "0.1.6" ================================================ FILE: data/render/clippy.toml ================================================ # Clippy configuration for stricter linting # https://rust-lang.github.io/rust-clippy/master/index.html # Set the threshold for too many arguments too-many-arguments-threshold = 4 # Set the threshold for too many lines too-many-lines-threshold = 100 # Set the threshold for type complexity type-complexity-threshold = 250 # Avoid suggesting wildcard imports avoid-breaking-exported-api = false ================================================ FILE: data/render/src/bin/main.rs ================================================ use anyhow::{Context, Result}; use askama::Template; use pico_args::Arguments; use render::types::{Entry, ParsedEntry, Tag, Tags, Type}; use render::{check_deprecated, create_api, create_catalog}; use slug::slugify; use std::collections::BTreeMap; use std::env; use std::ffi::OsStr; use std::fs; use std::io; use std::path::PathBuf; struct Args { tags: PathBuf, tools: PathBuf, md_out: PathBuf, json_out: PathBuf, skip_deprecated: bool, } fn parse_path(s: &OsStr) -> Result { Ok(s.into()) } fn read_tags(path: PathBuf) -> Result { let f = std::fs::File::open(path)?; Ok(serde_yaml::from_reader(f)?) } fn read_tools(path: PathBuf) -> Result> { let dir: std::fs::ReadDir = std::fs::read_dir(path)?; let files = dir .map(|res| res.map(|e| e.path())) .filter(|x| match x { Ok(pb) => pb.extension().and_then(OsStr::to_str) == Some("yml"), Err(_) => false, }) .collect::, io::Error>>()?; files .iter() .inspect(|p| println!("Checking {}", p.display())) .map(|p| { let file = std::fs::File::open(p)?; let entry: ParsedEntry = serde_yaml::from_reader(file)?; Ok(entry) }) .collect::, _>>() } /// Backfills the deprecated field in the tools data from the old tools data. fn backfill_deprecated(tools: &mut Vec) -> Result<()> { let tools_raw = match fs::read_to_string("data/api/tools.json") { Ok(content) => content, Err(_) => return Ok(()), // No old data to backfill from. Skip silently. }; let old_tools_data: BTreeMap = serde_json::from_str(&tools_raw)?; for tool in tools { let id = slugify(&tool.name); if let Some(old_tool) = old_tools_data.get(&id) { // Only backfill deprecated if it's not already set if tool.deprecated.is_none() { tool.deprecated = old_tool.get("deprecated").and_then(|d| d.as_bool()); } } } Ok(()) } fn main() -> Result<()> { let mut args = Arguments::from_env(); let args = Args { tags: args.value_from_os_str("--tags", parse_path)?, tools: args.value_from_os_str("--tools", parse_path)?, md_out: args.value_from_os_str("--md-out", parse_path)?, json_out: args.value_from_os_str("--json-out", parse_path)?, skip_deprecated: args.contains("--skip-deprecated"), }; let tags = read_tags(args.tags)?; let parsed_tools = read_tools(args.tools)?; let tools: Result> = parsed_tools .into_iter() .map(|t| Entry::from_parsed(t, &tags)) .collect(); let mut tools = tools?; tools.sort(); let should_check_deprecation = !args.skip_deprecated; let github_token = env::var("GITHUB_TOKEN"); match (should_check_deprecation, github_token) { (true, Ok(token)) => check_deprecated(token, &mut tools)?, (true, Err(_)) => { eprintln!("No GITHUB_TOKEN environment variable found. Reusing old deprecation data."); backfill_deprecated(&mut tools)?; } (false, _) => backfill_deprecated(&mut tools)?, } let languages: Vec = tags .clone() .into_iter() .filter(|t| t.tag_type == Type::Language) .collect(); let other_tags: Vec = tags .clone() .into_iter() .filter(|t| t.tag_type == Type::Other) .collect(); let catalog = create_catalog(&tools, &languages, &other_tags)?; fs::write(&args.md_out, catalog.render()?).context(format!( "Cannot write Markdown output to {}", args.md_out.display() ))?; let api = create_api(catalog, &languages, &other_tags)?; let json = serde_json::to_string_pretty(&api)?; let tools_out = args.json_out.join("tools.json"); fs::write(&tools_out, json).context(format!( "Cannot write tools JSON output to {}", args.json_out.display() ))?; let mut tags_json = BTreeMap::new(); tags_json.insert("languages", languages); tags_json.insert("other", other_tags); let json = serde_json::to_string_pretty(&tags_json)?; let tags_out = args.json_out.join("tags.json"); fs::write(&tags_out, json).context(format!( "Cannot write tags JSON output to {}", args.json_out.display() ))?; // let stats_raw = fs::read_to_string("data/api/stats_raw.json")?; // let stats: StatsRaw = serde_json::from_str(&stats_raw)?; // let stats = format_stats(stats); // let json = serde_json::to_string(&stats)?; // let stats_out = args.json_out.join("stats.json"); // fs::write(&stats_out, json).context(format!( // "Cannot write stats JSON output to {}", // args.json_out.display() // ))?; Ok(()) } ================================================ FILE: data/render/src/lib.rs ================================================ #[macro_use] extern crate serde_derive; use anyhow::Result; use chrono::{DateTime, Local, NaiveDateTime, Utc}; use hubcaps::{Credentials, Github}; use slug::slugify; use stats::StatsRaw; mod lints; pub mod stats; pub mod types; use std::collections::BTreeMap; use types::{Api, ApiEntry, Catalog, Entry, ParsedEntry, Tag, Type}; fn valid(entry: &ParsedEntry, tags: &[Tag]) -> Result<()> { let lints = [lints::name, lints::min_one_tag]; lints.iter().try_for_each(|lint| lint(entry, tags)) } #[tokio::main] pub async fn check_deprecated(token: String, entries: &mut Vec) -> Result<()> { println!("Checking for deprecated entries on Github. This might take a while..."); let github = Github::new( String::from("analysis tools bot"), Credentials::Token(token), )?; for entry in entries { if entry.source.is_none() { continue; } let Some(source) = entry.source.as_ref() else { continue; }; let components: Vec<&str> = source.trim_end_matches('/').split('/').collect(); if !(components.contains(&"github.com") && components.len() == 5) { // valid github source must have 5 elements - anything longer and they are probably a // reference to a path inside a repo, rather than a repo itself. continue; } let owner = components[3]; let repo = components[4]; if let Ok(commit_list) = github.repo(owner, repo).commits().list("").await { let date = &commit_list[0].commit.author.date; let last_commit = NaiveDateTime::parse_from_str(date, "%Y-%m-%dT%H:%M:%SZ")?; let last_commit_utc: DateTime = DateTime::from_naive_utc_and_offset(last_commit, Utc); let now = Local::now().date_naive(); let duration = now.signed_duration_since(last_commit_utc.date_naive()); if duration.num_days() > 365 { entry.deprecated = Some(true); } else { entry.deprecated = None; } } } Ok(()) } pub fn create_catalog(entries: &[Entry], languages: &[Tag], other_tags: &[Tag]) -> Result { // Move tools that support multiple programming languages into their own category let (multi, entries): (Vec, Vec) = entries.iter().cloned().partition(|entry| { let language_tags = entry .tags .iter() .filter(|t| t.tag_type == Type::Language) .count(); language_tags > 1 && !entry.is_c_cpp() }); let mut linters = BTreeMap::new(); for language in languages { let list: Vec = entries .iter() .filter(|e| e.tags.contains(language)) .cloned() .collect(); if !list.is_empty() { linters.insert(language.clone(), list); } } let mut others = BTreeMap::new(); for other in other_tags { let list: Vec = entries .iter() .filter(|e| e.tags.contains(other)) .cloned() .collect(); if !list.is_empty() { others.insert(other.clone(), list); } } Ok(Catalog { linters, others, multi, }) } pub fn create_api(catalog: Catalog, languages: &[Tag], other_tags: &[Tag]) -> Result { let mut api_entries = BTreeMap::new(); // Concatenate all entries into one vector let mut entries: Vec = catalog.linters.into_values().flatten().collect(); entries.extend(catalog.others.into_values().flatten()); entries.extend(catalog.multi); for entry in entries { // Get the language data for the entry. We iterate over all languages // and look up each language in the entry tags This is an O(n) operation // as we iterate over the language list only once while the lookup is an // O(1) operation thanks to the tag hash set. let entry_languages = languages .iter() .filter_map(|lang| { if entry.tags.contains(lang) { entry.tags.get(lang).map(|tag| tag.value.clone()) } else { None } }) .collect(); // ...same for the non-language tags let entry_other = other_tags .iter() .filter_map(|other| { if entry.tags.contains(other) { entry.tags.get(other).map(|tag| tag.value.clone()) } else { None } }) .collect(); // In the future we want to split up licenses in the YAML input files into a list. // Emulate the future data format by creating a list from the current string. // Note that this string could contain more than one license name for now, e.g. // MIT / Apache License let licenses = vec![entry.license]; let api_entry = ApiEntry { name: entry.name.clone(), categories: entry.categories, languages: entry_languages, other: entry_other, licenses, types: entry.types, homepage: entry.homepage, source: entry.source, pricing: entry.pricing, plans: entry.plans, description: entry.description, discussion: entry.discussion, deprecated: entry.deprecated, resources: entry.resources, reviews: entry.reviews, demos: entry.demos, wrapper: entry.wrapper, }; api_entries.insert(slugify(&entry.name), api_entry); } Ok(api_entries) } #[cfg(test)] mod tests { use super::*; #[test] fn test_slugify() { assert_eq!(slugify("this is a test"), "this-is-a-test".to_string()); assert_eq!(slugify("Big"), "big".to_string()); assert_eq!(slugify(" Big"), "big".to_string()); assert_eq!(slugify("Astrée"), "astree".to_string()); assert_eq!(slugify("non word 1234"), "non-word-1234".to_string()); assert_eq!(slugify("it-has-dashes"), "it-has-dashes".to_string()); assert_eq!( slugify(" - - it-has-dashes - -"), "it-has-dashes".to_string() ); } } pub fn format_stats(stats: StatsRaw) -> BTreeMap { stats .data .result .into_iter() .map(|r| { ( r.metric.path.trim_start_matches("/tool/").to_string(), r.value.1, ) }) .collect() } ================================================ FILE: data/render/src/lints.rs ================================================ use anyhow::{Result, anyhow}; use crate::types::ParsedEntry; use crate::types::Tag; pub fn name(entry: &ParsedEntry, _: &[Tag]) -> Result<()> { if entry.name.len() <= 50 { Ok(()) } else { Err(anyhow!( "Name of entry may be at most 50 characters long, but {} is {} long", entry.name, entry.name.len() )) } } pub fn min_one_tag(entry: &ParsedEntry, _: &[Tag]) -> Result<()> { if entry.tags.is_empty() { Err(anyhow!( "{} must have at least one tag from `tags.yml`.", entry.name )) } else { Ok(()) } } ================================================ FILE: data/render/src/stats.rs ================================================ use serde_derive::Deserialize; use serde_derive::Serialize; #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct StatsRaw { pub status: String, pub data: Data, } #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct Data { pub result_type: String, pub result: Vec, pub stats: Stats, } #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct Result { pub metric: Metric, pub value: (f64, String), } #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct Metric { pub path: String, } #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct Stats { pub summary: Summary, pub store: Store, pub ingester: Ingester, } #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct Summary { pub bytes_processed_per_second: i64, pub lines_processed_per_second: i64, pub total_bytes_processed: i64, pub total_lines_processed: i64, pub exec_time: f64, } #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct Store { pub total_chunks_ref: i64, pub total_chunks_downloaded: i64, pub chunks_download_time: f64, pub head_chunk_bytes: i64, pub head_chunk_lines: i64, pub decompressed_bytes: i64, pub decompressed_lines: i64, pub compressed_bytes: i64, pub total_duplicates: i64, } #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct Ingester { pub total_reached: i64, pub total_chunks_matched: i64, pub total_batches: i64, pub total_lines_sent: i64, pub head_chunk_bytes: i64, pub head_chunk_lines: i64, pub decompressed_bytes: i64, pub decompressed_lines: i64, pub compressed_bytes: i64, pub total_duplicates: i64, } ================================================ FILE: data/render/src/types.rs ================================================ use anyhow::{Result, bail}; use askama::Template; use serde::Deserialize; use std::cmp::Ordering; use std::collections::{BTreeMap, BTreeSet}; use crate::valid; #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, Hash, Ord, PartialOrd)] pub enum Type { #[serde(alias = "language")] Language, #[serde(alias = "other")] Other, } #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, Hash, Ord, PartialOrd)] pub struct Tag { pub name: String, pub value: String, #[serde(alias = "type")] pub tag_type: Type, } impl Tag { fn new(name: &str, value: &str, tag_type: Type) -> Self { Self { name: name.into(), value: value.into(), tag_type, } } } // The tags from tags.yml. Note that this is a `Vector` and not a // `BTreeSet` because we like to keep the sorting between renders. pub type Tags = Vec; pub type EntryTags = BTreeSet; #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)] pub struct Resource { title: String, url: String, } #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)] pub struct Review { url: String, } #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)] pub struct Demo { url: String, } #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, Hash, Ord, PartialOrd)] #[serde(rename = "category")] pub enum Category { #[serde(rename = "linter")] Linter, #[serde(rename = "formatter")] Formatter, #[serde(rename = "performance")] Performance, #[serde(rename = "meta")] Meta, } #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)] pub struct ParsedEntry { pub name: String, pub categories: BTreeSet, pub tags: BTreeSet, pub license: String, pub types: BTreeSet, pub homepage: String, pub source: Option, pub pricing: Option, pub plans: Option>, pub description: String, pub discussion: Option, pub deprecated: Option, pub resources: Option>, pub reviews: Option>, pub demos: Option>, pub wrapper: Option, } #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, Ord, PartialOrd)] pub enum ToolType { #[serde(rename = "cli")] Commandline, #[serde(rename = "gui")] GUI, #[serde(rename = "service")] Service, #[serde(rename = "ide-plugin")] IdePlugin, } #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)] pub struct Entry { pub name: String, pub categories: BTreeSet, pub tags: BTreeSet, pub license: String, pub types: BTreeSet, pub homepage: String, pub source: Option, pub pricing: Option, pub plans: Option>, pub description: String, pub discussion: Option, pub deprecated: Option, pub resources: Option>, pub reviews: Option>, pub demos: Option>, pub wrapper: Option, } impl Entry { pub fn is_c_cpp(&self) -> bool { self.tags == [ Tag::new("C", "c", Type::Language), Tag::new("C++", "cpp", Type::Language), ] .iter() .cloned() .collect::>() } pub fn from_parsed(p: ParsedEntry, tags: &[Tag]) -> Result { valid(&p, tags)?; let tag_results: Vec> = p.tags.iter().map(|t| get_tag(t, tags)).collect(); let tag_errors: Vec = tag_results .iter() .filter_map(|r| r.as_ref().err().map(|e| e.to_string())) .collect(); if !tag_errors.is_empty() { bail!( "Tool '{}': {}\n File: data/tools/{}.yml", p.name, tag_errors.join("\n"), p.name.to_lowercase().replace(' ', "-") ); } let entry_tags: Result> = tag_results.into_iter().collect(); let types: Result> = p .types .iter() .map(|t| { let value = serde_json::to_value(t)?; serde_json::from_value::(value).map_err(Into::into) }) .collect(); Ok(Entry { name: p.name, categories: p.categories, tags: entry_tags?, license: p.license, types: types?, homepage: p.homepage, source: p.source, pricing: p.pricing, plans: p.plans, description: p.description, discussion: p.discussion, deprecated: p.deprecated, resources: p.resources, reviews: p.reviews, demos: p.demos, wrapper: p.wrapper, }) } } fn get_tag(t: &str, tags: &[Tag]) -> Result { for tag in tags { if tag.value == t { return Ok(tag.clone()); } } bail!("Invalid tag: {}", t) } impl PartialOrd for Entry { fn partial_cmp(&self, other: &Entry) -> Option { Some(self.cmp(other)) } } impl Ord for Entry { fn cmp(&self, other: &Entry) -> Ordering { self.name.to_lowercase().cmp(&other.name.to_lowercase()) } } pub type EntryMap = BTreeMap>; #[derive(Debug, Serialize, Deserialize, Template)] #[template(path = "README.md")] pub struct Catalog { pub linters: EntryMap, pub others: EntryMap, pub multi: Vec, } /// An entry of the machine-readable JSON out from the tool. /// /// We use a different, de-normalized data format instead of the catalog, which /// keeps the information for each tool in a struct instead of grouping tools by /// tags. #[derive(Debug, Serialize, Deserialize)] pub struct ApiEntry { /// The original entry name (not slugified) pub name: String, pub categories: BTreeSet, pub languages: Vec, pub other: Vec, pub licenses: Vec, pub types: BTreeSet, pub homepage: String, pub source: Option, pub pricing: Option, pub plans: Option>, pub description: String, pub discussion: Option, pub deprecated: Option, pub resources: Option>, pub reviews: Option>, pub demos: Option>, pub wrapper: Option, } /// The final API dataformat is a map where the key is the entry name and the /// value is the entry data, which makes searching for a tool's data easier pub type Api = BTreeMap; ================================================ FILE: data/render/templates/README.md ================================================ Analysis Tools Website This repository lists **static analysis tools** for all programming languages, build tools, config files and more. The focus is on tools which improve code quality such as linters and formatters. The official website, [analysis-tools.dev](https://analysis-tools.dev/) is based on this repository and adds rankings, user comments, and additional resources like videos for each tool. [![Website](https://img.shields.io/badge/Website-Online-2B5BAE)](https://analysis-tools.dev) ![CI](https://github.com/analysis-tools-dev/static-analysis/workflows/CI/badge.svg) [![Links](https://github.com/analysis-tools-dev/static-analysis/actions/workflows/links.yml/badge.svg)](https://github.com/analysis-tools-dev/static-analysis/actions/workflows/links.yml) ## Sponsors This project would not be possible without the generous support of our sponsors.
Pixee
If you also want to support this project, head over to our [Github sponsors page](https://github.com/sponsors/analysis-tools-dev). ## Meaning of Symbols: - :copyright: stands for proprietary software. All other tools are Open Source. - :information_source: indicates that the community does not recommend to use this tool for new projects anymore. The icon links to the discussion issue. - :warning: means that this tool was not updated for more than 1 year, or the repo was archived. Pull requests are very welcome! Also check out the sister project, [awesome-dynamic-analysis](https://github.com/mre/awesome-dynamic-analysis). ## Table of Contents #### [Programming Languages](#programming-languages-1) {% for (language, _) in linters %} - [{{ language.name }}](#{{ language.value }}) {%- endfor %} #### [Multiple Languages](#multiple-languages-1) #### [Other](#other-1)
Show Other {% for (tag, _) in others %} - [{{ tag.name }}](#{{ tag.value }}) {%- endfor %}
--- ## Programming Languages {%- for (language, linters) in linters %}

{{ language.name }}

{% for linter in linters %} - {% if linter.deprecated.is_some() && linter.deprecated.unwrap() %}**{{linter.name }}**{% else %}[{{linter.name }}]({{linter.homepage }}){% endif %}{% if linter.discussion.is_some() %} [:information_source:](<{{linter.discussion.as_ref().unwrap()}}>){% endif %}{% if linter.deprecated.is_some() && linter.deprecated.unwrap() %} :warning:{% endif %}{% if linter.license == "proprietary" %} :copyright:{% endif %} — {{ linter.description }} {% endfor %} {%- endfor %} ## Multiple languages {% for linter in multi %} - {% if linter.deprecated.is_some() && linter.deprecated.unwrap() %}**{{linter.name }}**{% else %}[{{linter.name }}]({{linter.homepage }}){% endif %}{% if linter.discussion.is_some() %} [:information_source:](<{{linter.discussion.as_ref().unwrap()}}>){% endif %}{% if linter.deprecated.is_some() && linter.deprecated.unwrap() %} :warning:{% endif %}{% if linter.license == "proprietary" %} :copyright:{% endif %} — {{ linter.description }} {% endfor %} ## Other {% for (tag, others) in others %}

{{ tag.name }}

{% for other in others %} - {% if other.deprecated.is_some() && other.deprecated.unwrap() %}**{{ other.name }}**{% else %}[{{ other.name }}]({{ other.homepage }}){% endif %}{% if other.discussion.is_some() %} [:information_source:](<{{other.discussion.as_ref().unwrap()}}>){% endif %}{% if other.deprecated.is_some() && other.deprecated.unwrap() %} :warning:{% endif %}{% if other.license == "proprietary" %} :copyright:{% endif %} — {{ other.description }} {% endfor %} {%- endfor %} ## More Collections - [Clean code linters](https://github.com/collections/clean-code-linters) — A collection of linters in github collections - [Code Quality Checker Tools For PHP Projects](https://github.com/collections/code-quality-in-php) — A collection of PHP linters in github collections - [go-tools](https://github.com/dominikh/go-tools) — A collection of tools and libraries for working with Go code, including linters and static analysis - [linters](https://github.com/mcandre/linters) — An introduction to static code analysis - [OWASP Source Code Analysis Tools](https://owasp.org/www-community/Source_Code_Analysis_Tools) — List of tools maintained by the Open Web Application Security Project - [php-static-analysis-tools](https://github.com/exakat/php-static-analysis-tools) — A reviewed list of useful PHP static analysis tools - [AppSec Santa — SAST Tools](https://appsecsanta.com/sast-tools) — Independent comparison of 30+ static analysis security testing tools with features, pricing, and alternatives - [Wikipedia](http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis) — A list of tools for static code analysis. ## License [![CC0](https://i.creativecommons.org/p/zero/1.0/88x31.png)](https://creativecommons.org/publicdomain/zero/1.0/) To the extent possible under law, [Matthias Endler](https://endler.dev) has waived all copyright and related or neighboring rights to this work. The underlying source code used to format and display that content is licensed under the MIT license. Title image [Designed by Freepik](https://www.freepik.com). ================================================ FILE: data/tags.yml ================================================ - name: .env value: dotenv type: other - name: .NET value: dotnet type: language - name: ABAP value: abap type: language - name: ActionScript value: actionscript type: language - name: Active Server Pages value: asp type: language - name: Ada value: ada type: language - name: Ansible value: ansible type: other - name: Apex value: apex type: language - name: Archive value: archive type: other - name: ASP.NET value: aspnet type: language - name: Assembly value: asm type: language - name: Awk value: awk type: language - name: Azure Resource Manager value: arm type: other - name: Binaries value: binary type: other - name: Build tools value: buildtool type: other - name: C value: c type: language - name: C# value: csharp type: language - name: C++ value: cpp type: language - name: Clojure value: clojure type: language - name: Cloud Formation value: cloudformation type: other - name: COBOL value: cobol type: language - name: CoffeeScript value: coffeescript type: language - name: ColdFusion value: coldfusion type: language - name: Config Files value: configfile type: other - name: Configuration Management value: configmanagement type: other - name: Containers value: container type: other - name: Continuous Integration value: ci type: other - name: Crystal value: crystal type: language - name: CSS/SASS/SCSS value: css type: other - name: Dart value: dart type: language - name: Delphi value: delphi type: language - name: Deno value: deno type: other - name: Dlang value: dlang type: language - name: Dockerfile value: dockerfile type: other - name: Elixir value: elixir type: language - name: Elm value: elm type: language - name: Embedded Ruby (a.k.a. ERB, eRuby) value: erb type: other - name: Embedded value: embedded type: other - name: Erlang value: erlang type: language - name: F# value: fsharp type: language - name: Fortran value: fortran type: language - name: Gherkin value: gherkin type: other - name: Ghidra value: ghidra type: other - name: Go value: go type: language - name: git value: git type: other - name: Groovy value: groovy type: language - name: Haskell value: haskell type: language - name: Haxe value: haxe type: language - name: HTML value: html type: other - name: Java value: java type: language - name: JavaScript value: javascript type: language - name: JavaServer Pages value: jsp type: language - name: Jimple value: jimple type: language - name: JSON value: json type: other - name: JSX value: jsx type: language - name: Julia value: julia type: language - name: Kotlin value: kotlin type: language - name: Kubernetes value: kubernetes type: other - name: Laravel value: laravel type: other - name: LaTeX value: latex type: other - name: Less value: less type: other - name: Lightning Web Components value: lwc type: language - name: Lisp value: lisp type: language - name: Lua value: lua type: language - name: Makefiles value: make type: other - name: Markdown value: markdown type: other - name: MATLAB value: matlab type: language - name: Metalinter value: meta type: other - name: Mobile value: mobile type: other - name: Nim value: nim type: language - name: Nix value: nix type: other - name: Node.js value: nodejs type: other - name: Objective C value: objectivec type: language - name: Ocaml value: ocaml type: language - name: Packages value: package type: other - name: Pascal value: pascal type: language - name: Perl value: perl type: language - name: PhoneGap value: phonegap type: other - name: PHP value: php type: language - name: PL/SQL value: plsql type: language - name: PowerShell value: powershell type: language - name: Prometheus value: prometheus type: other - name: Protocol Buffers value: protobuf type: other - name: Puppet value: puppet type: other - name: Python value: python type: language - name: R value: r type: language - name: Rails value: rails type: other - name: Raku value: raku type: language - name: Rego value: rego type: language - name: Ruby value: ruby type: language - name: Rust value: rust type: language - name: Scala value: scala type: language - name: Security/SAST value: security type: other - name: Shell value: shell type: language - name: Smart Contracts value: smart-contracts type: other - name: SQL value: sql type: language - name: Support value: support type: other - name: Spring value: spring type: other - name: Swift value: swift type: language - name: Tcl value: tcl type: language - name: Template-Languages value: template type: other - name: Terraform value: terraform type: other - name: Translation value: translation type: other - name: TSQL value: tsql type: language - name: TypeScript value: typescript type: language - name: VBScript value: vbscript type: language - name: Verilog/SystemVerilog value: verilog type: language - name: Vim Script value: vim-script type: language - name: Visual Basic value: vbasic type: language - name: Visual Basic .NET value: vbnet type: language - name: Visual Basic for Applications (VBA) value: vba type: language - name: Visualforce value: visualforce type: language - name: Vue.js value: vue type: other - name: WebAssembly value: wasm type: language - name: Writing value: writing type: other - name: XML value: xml type: other - name: YAML value: yaml type: other ================================================ FILE: data/tools/Meziantou.Analyzer.yml ================================================ name: Meziantou.Analyzer categories: - linter tags: - csharp license: MIT license types: - cli source: 'https://github.com/meziantou/Meziantou.Analyzer' homepage: 'https://github.com/meziantou/Meziantou.Analyzer' description: >- A Roslyn analyzer to enforce some good practices in C# in terms of design, usage, security, performance, and style. ================================================ FILE: data/tools/SonarAnalyzer.CSharp.yml ================================================ name: SonarAnalyzer.CSharp categories: - linter tags: - csharp license: LGPL-3.0-only license types: - cli source: 'https://github.com/SonarSource/sonar-dotnet' homepage: 'https://github.com/SonarSource/sonar-dotnet' description: >- These Roslyn analyzers allow you to produce Clean Code that is safe, reliable, and maintainable by helping you find and correct bugs, vulnerabilities, and code smells in your codebase. ================================================ FILE: data/tools/abaplint.yml ================================================ name: abaplint categories: - linter tags: - abap license: MIT License types: - cli - service - ide-plugin source: 'https://github.com/abaplint/abaplint' homepage: 'https://abaplint.org' description: 'Linter for ABAP, written in TypeScript.' ================================================ FILE: data/tools/abapopenchecks.yml ================================================ name: abapOpenChecks categories: - linter tags: - abap license: MIT License types: - cli source: 'https://github.com/larshp/abapOpenChecks' homepage: 'https://docs.abapopenchecks.org' description: Enhances the SAP Code Inspector with new and customizable checks. ================================================ FILE: data/tools/actionlint.yml ================================================ name: actionlint categories: - linter tags: - ci license: MIT License types: - cli source: 'https://github.com/rhysd/actionlint' homepage: 'https://rhysd.github.io/actionlint' description: 'Static checker for GitHub Actions workflow files. Provides an online version.' ================================================ FILE: data/tools/active-record-doctor.yml ================================================ name: Active Record Doctor categories: - linter tags: - ruby - rails license: MIT License types: - cli source: "https://github.com/gregnavis/active_record_doctor" homepage: "https://github.com/gregnavis/active_record_doctor" description: >- Identify database issues before they hit production. ================================================ FILE: data/tools/aether.yml ================================================ name: aether categories: - linter tags: - javascript license: MIT License types: - cli source: 'https://github.com/codecombat/aether' homepage: 'http://aetherjs.com' description: >- Lint, analyze, normalize, transform, sandbox, run, step through, and visualize user JavaScript, in node or the browser. ================================================ FILE: data/tools/after-the-deadline.yml ================================================ name: After the Deadline categories: - linter tags: - writing deprecated: true license: GPL v2 types: - cli source: 'https://open.afterthedeadline.com' homepage: 'https://open.afterthedeadline.com' description: 'Spell, style and grammar checker.' ================================================ FILE: data/tools/ale.yml ================================================ name: ale categories: - linter tags: - javascript - python license: BSD 2-Clause "Simplified" License types: - ide-plugin source: 'https://github.com/w0rp/ale' homepage: 'https://github.com/w0rp/ale' description: Asynchronous Lint Engine for Vim and NeoVim with support for many languages. ================================================ FILE: data/tools/alex.yml ================================================ name: alex categories: - linter tags: - writing license: MIT License types: - cli source: 'https://github.com/get-alex/alex' homepage: 'https://alexjs.com' description: 'Catch insensitive, inconsiderate writing' ================================================ FILE: data/tools/aligncheck.yml ================================================ name: aligncheck categories: - linter tags: - go license: GPL v2 types: - cli source: 'https://gitlab.com/opennota/check' homepage: 'https://gitlab.com/opennota/check' description: Find inefficiently packed structs. ================================================ FILE: data/tools/alquitran.yml ================================================ name: alquitran categories: - linter tags: - archive license: MIT License types: - cli source: 'https://github.com/ferivoz/alquitran' homepage: 'https://github.com/ferivoz/alquitran' description: >- Inspects tar archives and tries to spot portability issues in regard to POSIX 2017 pax specification and common tar implementations. This project is intended to be used by maintainers of projects who want to offer portable source code archives for as many systems as possible. Checking tar archives with alquitran before publishing them should help spotting issues before they reach distributors and users. ================================================ FILE: data/tools/ameba.yml ================================================ name: ameba categories: - linter tags: - crystal license: MIT License types: - cli source: 'https://github.com/crystal-ameba/ameba' homepage: 'https://crystal-ameba.github.io' resources: - title: Crystal Language Static Code Analysis with the Ameba Shard url: https://www.youtube.com/watch?v=SV8tV79Lvog description: A static code analysis tool for Crystal. ================================================ FILE: data/tools/anchore.yml ================================================ name: anchore categories: - linter tags: - container license: Apache License 2.0 types: - cli source: 'https://github.com/anchore/anchore-engine' homepage: 'https://anchore.io' description: >- Discover, analyze, and certify container images. A service that analyzes Docker images and applies user-defined acceptance policies to allow automated container image validation and certification ================================================ FILE: data/tools/android-lint-summary.yml ================================================ name: android-lint-summary categories: - linter tags: - mobile license: Apache License 2.0 types: - cli source: 'https://github.com/passy/android-lint-summary' homepage: 'https://passy.github.io/android-lint-summary' description: >- Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once. ================================================ FILE: data/tools/android-lint.yml ================================================ name: Android Lint categories: - linter tags: - mobile license: Android Software Development Kit License Agreement types: - cli source: "https://android.googlesource.com" homepage: "https://developer.android.com/studio/write/lint" description: Run static analysis on Android projects. ================================================ FILE: data/tools/android-studio.yml ================================================ name: Android Studio categories: - linter tags: - java - kotlin license: Android Software Development Kit License Agreement types: - ide-plugin source: >- https://android.googlesource.com/platform/tools/adt/idea/+/refs/heads/mirror-goog-studio-master-dev homepage: 'https://developer.android.com/studio' description: >- Based on IntelliJ IDEA, and comes bundled with tools for Android including Android Lint. ================================================ FILE: data/tools/angr.yml ================================================ name: angr categories: - linter tags: - binary license: BSD 2-Clause "Simplified" License types: - cli homepage: 'https://github.com/angr/angr' description: Binary code analysis tool that also supports symbolic execution. ================================================ FILE: data/tools/angular-eslint.yml ================================================ name: Angular ESLint categories: - linter tags: - typescript - html license: MIT License types: - cli source: 'https://github.com/angular-eslint/angular-eslint' homepage: 'https://github.com/angular-eslint/angular-eslint#readme' description: 'Linter for Angular projects' ================================================ FILE: data/tools/ansible-lint.yml ================================================ name: ansible-lint categories: - linter tags: - configmanagement license: MIT License types: - cli source: "https://github.com/ansible/ansible-lint" homepage: "https://ansible.readthedocs.io/projects/lint/" description: >- Checks playbooks for practices and behaviour that could potentially be improved. ================================================ FILE: data/tools/appchecker.yml ================================================ name: AppChecker categories: - linter tags: - c - cpp - java - php license: proprietary types: - cli homepage: https://npo-echelon.ru/en/solutions/appchecker.php pricing: https://npo-echelon.ru/en/solutions/appchecker.php plans: free: false oss: false description: Static analysis for C/C++/C#, PHP and Java. ================================================ FILE: data/tools/application-inspector.yml ================================================ name: Application Inspector categories: - linter tags: - asp - c - cpp - csharp - html - java - javascript - objectivec - php - sql - swift - vbnet - security license: proprietary types: - service homepage: "https://www.ptsecurity.com/ww-en/products/ai" pricing: https://global.ptsecurity.com/en/products/ai/ plans: free: false oss: false description: >- Commercial Static Code Analysis which generates exploits to verify vulnerabilities. ================================================ FILE: data/tools/applicationinspector.yml ================================================ name: ApplicationInspector categories: - linter tags: - c - cpp - csharp - go - html - java - javascript - objectivec - php - powershell - python - ruby license: MIT License types: - cli source: 'https://github.com/microsoft/ApplicationInspector' homepage: 'https://github.com/microsoft/ApplicationInspector' resources: - title: Introducing Microsoft Application Inspector url: https://www.microsoft.com/security/blog/2020/01/16/introducing-microsoft-application-inspector/ description: >- Creates reports of over 400 rule patterns for feature detection (e.g. the use of cryptography or version control in apps). ================================================ FILE: data/tools/appscan-source.yml ================================================ name: HCL AppScan Source categories: - linter tags: - asp - aspnet - c - cobol - coldfusion - cpp - csharp - java - javascript - jsp - mobile - perl - php - plsql - tsql - vbasic - vbnet - vbscript - security license: proprietary types: - service homepage: "https://www.hcltechsw.com/products/appscan" pricing: http://www.hcl-software.com/appscan/contact-us plans: free: false oss: false description: Commercial Static Code Analysis. resources: - title: Introducing HCL AppScan Standard url: https://www.youtube.com/watch?v=TmYY67w18RI ================================================ FILE: data/tools/archunit.yml ================================================ name: ArchUnit categories: - linter tags: - java - kotlin license: Apache License 2.0 types: - cli source: 'https://github.com/TNG/ArchUnit' homepage: 'https://www.archunit.org' description: Unit test your Java or Kotlin architecture. ================================================ FILE: data/tools/archunitnet.yml ================================================ name: ArchUnitNET categories: - linter tags: - csharp license: Apache License 2.0 types: - cli source: 'https://github.com/TNG/ArchUnitNET' homepage: 'https://github.com/TNG/ArchUnitNET' description: >- A C# architecture test library to specify and assert architecture rules in C# for automated testing. ================================================ FILE: data/tools/arkitect.yml ================================================ name: PHPArkitect categories: - linter tags: - php license: MIT types: - cli source: 'https://github.com/phparkitect/arkitect' homepage: 'https://github.com/phparkitect/arkitect' resources: - title: 'PUG Romagna - Testing Architectural Decisions with PHPArkitect (Italian)' url: 'https://www.youtube.com/watch?v=fhRDZs82AbE' description: >- PHPArkitect helps you to keep your PHP codebase coherent and solid, by permitting to add some architectural constraint check to your workflow. You can express the constraint that you want to enforce, in simple and readable PHP code. ================================================ FILE: data/tools/ast-grep.yml ================================================ name: ast-grep categories: - linter tags: - c - csharp - go - java - lua - javascript - json - jsx - kotlin - python - ruby - rust - typescript - yaml license: MIT types: - cli - ide-plugin source: 'https://github.com/ast-grep/ast-grep' homepage: 'https://ast-grep.github.io/' resources: - title: ast-grep Quick Start Guide url: https://ast-grep.github.io/guide/quick-start.html description: >- ast-grep is a powerful tool designed for managing code at scale using Abstract Syntax Trees (AST). Think of it as a hybrid of grep, eslint, and codemod, with the ability to search, lint, and rewrite code based on its structure rather than plain text. It supports multiple languages and is designed to be extensible, allowing you to register custom languages. reviews: - https://stackshare.io/ast-grep demos: - https://ast-grep.github.io/playground.html ================================================ FILE: data/tools/astre.yml ================================================ name: Astrée categories: - linter tags: - c - cpp license: proprietary types: - cli homepage: 'https://www.absint.com/astree/index.htm' pricing: https://www.absint.com/astree/contact.htm plans: free: false oss: false description: >- Astrée automatically proves the absence of runtime errors and invalid con­current behavior in C/C++ applications. It is sound for floating-point computations, very fast, and exceptionally precise. The analyzer also checks for MISRA/CERT/CWE/Adaptive Autosar coding rules and supports qualification for ISO 26262, DO-178C level A, and other safety standards. Jenkins and Eclipse plugins are available. ================================================ FILE: data/tools/atom-beautify.yml ================================================ name: Atom-Beautify categories: - linter tags: - c - coffeescript - coldfusion - cpp - csharp - css - html - java - javascript - objectivec - php - python - ruby - sql - typescript license: MIT License types: - ide-plugin source: "https://github.com/Glavin001/atom-beautify" homepage: "https://atom.io/packages/atom-beautify" resources: - title: Adding Atom Beautify Package to Atom url: https://www.youtube.com/watch?v=oBz6rXG0XT8 - title: 10 Essential Atom Editor Packages & Setup url: https://www.youtube.com/watch?v=aiXNKHKWlmY description: >- Beautify HTML, CSS, JavaScript, PHP, Python, Ruby, Java, C, C++, C#, Objective-C, CoffeeScript, TypeScript, Coldfusion, SQL, and more in Atom editor. ================================================ FILE: data/tools/autocorrect.yml ================================================ name: autocorrect categories: - linter - formatter tags: - writing - markdown - html - javascript - css - typescript - jsx - vue - json - yaml - rust - ruby - python - go - csharp - scala - shell - xml license: MIT types: - cli source: 'https://github.com/huacnlee/autocorrect' homepage: 'https://huacnlee.github.io/autocorrect' description: A linter and formatter to help you to improve copywriting, correct spaces, words, punctuations between CJK (Chinese, Japanese, Korean). ================================================ FILE: data/tools/autoflake.yml ================================================ name: autoflake categories: - linter tags: - python license: MIT License types: - cli source: 'https://github.com/PyCQA/autoflake' homepage: 'https://github.com/PyCQA/autoflake' description: Autoflake removes unused imports and unused variables from Python code. ================================================ FILE: data/tools/autopep8.yml ================================================ name: autopep8 categories: - formatter tags: - python license: MIT types: - cli source: "https://github.com/hhatto/autopep8" homepage: "https://pypi.org/project/autopep8/" description: >- A tool that automatically formats Python code to conform to the PEP 8 style guide. It uses the pycodestyle utility to determine what parts of the code needs to be formatted. ================================================ FILE: data/tools/axe-core.yml ================================================ name: axe-core categories: - linter tags: - html license: MPL-2.0 types: - cli source: 'https://github.com/dequelabs/axe-core' homepage: 'https://www.deque.com/axe/' description: >- Accessibility engine for automated Web UI testing. Tests HTML against WCAG 2.0, 2.1, and 2.2 guidelines. Used by Google Lighthouse, Microsoft Accessibility Insights, and thousands of organizations worldwide. ================================================ FILE: data/tools/axivion-bauhaus-suite.yml ================================================ name: Axivion Bauhaus Suite categories: - linter tags: - c - cpp - java - php license: proprietary types: - cli homepage: https://www.axivion.com/en/products-services-9#products_bauhaussuite description: >- Tracks down error-prone code locations, style violations, cloned or dead code, cyclic dependencies and more for C/C++, C#/.NET, Java and Ada 83/Ada 95. pricing: https://www.axivion.com/pricing ================================================ FILE: data/tools/azsk.yml ================================================ name: AzSK categories: - linter tags: - arm - configmanagement - ci - security license: MIT License types: - cli source: 'https://github.com/azsk/DevOpsKit' homepage: 'https://azsk.azurewebsites.net/' description: 'Secure DevOps kit for Azure (AzSK) provides security IntelliSense, Security Verification Tests (SVTs), CICD scan vulnerabilities, compliance issues, and infrastructure misconfiguration in your infrastructure-as-code. Supports Azure via ARM.' ================================================ FILE: data/tools/bandit.yml ================================================ name: bandit categories: - linter tags: - python license: Apache License 2.0 types: - cli source: "https://github.com/PyCQA/bandit" homepage: "https://bandit.readthedocs.io/en/latest" description: A tool to find common security issues in Python code. resources: - title: "Code security with Bandit and Safety — Perfect Python" url: https://www.youtube.com/watch?v=YZOKnvisJpw - title: "The Python Podcast.__init__: Bandit with Tim Kelsey, Travis McPeak, and Eric Brown - E62" url: https://www.pythonpodcast.com/episodepage/bandit-with-tim-kelsey-travis-mcpeak-and-eric-brown ================================================ FILE: data/tools/bashate.yml ================================================ name: bashate categories: - linter tags: - shell license: Apache-2.0 License types: - cli source: 'https://github.com/openstack/bashate' homepage: 'https://github.com/openstack/bashate' description: >- Code style enforcement for bash programs. The output format aims to follow pycodestyle (pep8) default output format. resources: - title: Official bashate documentation url: https://docs.openstack.org/bashate ================================================ FILE: data/tools/bearer.yml ================================================ name: Bearer categories: - linter tags: - ci - security - html - javascript - java - typescript - json - jsx - rails - ruby - c - go - yaml license: Elastic License 2.0 types: - cli source: "https://github.com/bearer/bearer" homepage: "https://github.com/bearer/bearer" plans: oss: true free: false pricing: https://www.bearer.com/plans resources: - title: "Bearer's built-in set of rules to prevent cirtical security risks and vulnerabilities" url: https://docs.bearer.com/reference/rules/ - title: "Bearer CLI: 2 months in retrospect of new features and improvements!" url: https://www.bearer.com/blog/bearer-cli-2-months-in-retrospect-of-new-features-and-improvements description: >- Open-Source static code analysis tool to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). Highly configurable and easily extensible, built for security and engineering teams. ================================================ FILE: data/tools/bellybutton.yml ================================================ name: bellybutton categories: - linter tags: - python license: MIT License types: - cli source: 'https://github.com/hchasestevens/bellybutton' homepage: 'https://github.com/hchasestevens/bellybutton' description: A linting engine supporting custom project-specific rules. ================================================ FILE: data/tools/better-code-hub.yml ================================================ name: Better Code Hub categories: - linter tags: - cpp - csharp - go - groovy - java - javascript - kotlin - objectivec - perl - php - python - ruby - scala - shell - smart-contracts - swift - typescript license: proprietary types: - service homepage: https://bettercodehub.com description: >- Better Code Hub checks your GitHub codebase against 10 engineering guidelines devised by the authority in software quality, Software Improvement Group. resources: - title: Better Code Hub introduction video url: https://www.youtube.com/watch?v=diERwdr2omM pricing: https://bettercodehub.com/pricing plans: free: true oss: true ================================================ FILE: data/tools/betterscan.yml ================================================ name: Betterscan CE categories: - linter tags: - ci - apex - c - cpp - csharp - php - python - perl - ruby - go - java - ruby - scala - swift - kotlin - javascript - typescript - python - security license: AGPL-3.0 types: - cli deprecated: true source: "https://github.com/tcosolutions/betterscan-ce" homepage: "https://github.com/tcosolutions/betterscan-ce" plans: oss: true free: false description: Checks your code and infra (various Git repositories supported, cloud stacks, CLI, Web Interface platform, integrationss available) for security and quality issues. Code Scanning/SAST/Linting using many tools/Scanners deduplicated with One Report (AI optional). ================================================ FILE: data/tools/binbloom.yml ================================================ name: binbloom categories: - linter tags: - binary license: Apache-2.0 License types: - cli source: 'https://github.com/quarkslab/binbloom' homepage: 'https://github.com/quarkslab/binbloom' description: >- Analyzes a raw binary firmware and determines features like endianness or the loading address. The tool is compatible with all architectures. Loading address: binbloom can parse a raw binary firmware and determine its loading address. Endianness: binbloom can use heuristics to determine the endianness of a firmware. UDS Database: binbloom can parse a raw binary firmware and check if it contains an array containing UDS command IDs. resources: - title: "Tutorial: Binbloom - Raw Binary Firmware Analysis Software" url: https://www.kitploit.com/2020/10/binbloom-raw-binary-firmware-analysis.html?m=1 ================================================ FILE: data/tools/binskim.yml ================================================ name: BinSkim categories: - linter tags: - binary license: Other types: - cli source: 'https://github.com/Microsoft/binskim' homepage: 'https://github.com/Microsoft/binskim' description: >- A binary static analysis tool that provides security and correctness results for Windows portable executables. ================================================ FILE: data/tools/biome.yml ================================================ name: biome categories: - linter tags: - javascript - typescript - json - css license: MIT types: - cli source: "https://github.com/biomejs/biome" homepage: "https://biomejs.dev" description: >- A toolchain for web projects, aimed to provide functionalities to maintain them. Biome formats and lints code in a fraction of a second. It is the successor to Rome. It is designed to eventually replace Biome is designed to eventually replace Babel, ESLint, webpack, Prettier, Jest, and others. ================================================ FILE: data/tools/black-duck.yml ================================================ name: Black Duck categories: - linter tags: - binary license: proprietary types: - cli homepage: "https://www.blackducksoftware.com" pricing: https://www.synopsys.com/software-integrity/contact-sales.html plans: free: false oss: false description: >- Tool to analyze source code and binaries for reusable code, necessary licenses and potential security aspects. resources: - title: Black Duck SCA & Coverity Static Analysis (SAST) Integrations with Amazon AWS CI Tools | Synopsys url: https://www.youtube.com/watch?v=GEvxbU6EmiA ================================================ FILE: data/tools/black.yml ================================================ name: Black categories: - formatter tags: - python license: MIT License types: - cli source: "https://github.com/psf/black" homepage: "https://black.readthedocs.io/en/stable" description: The uncompromising Python code formatter. resources: - title: Using the black code formatter in Python url: https://www.youtube.com/watch?v=InA-oAWu3Mo - title: "Łukasz Langa - Life Is Better Painted Black, or: How to Stop Worrying and Embrace Auto-Formatting" url: https://www.youtube.com/watch?v=esZLCuWs_2Y demos: - https://black.vercel.app/ reviews: - https://luminousmen.com/post/my-unpopular-opinion-about-black-code-formatter ================================================ FILE: data/tools/bloaty.yml ================================================ name: bloaty categories: - linter tags: - binary license: Apache-2.0 License types: - cli source: 'https://github.com/google/bloaty' homepage: 'https://github.com/google/bloaty' description: >- Ever wondered what's making your binary big? Bloaty McBloatface will show you a size profile of the binary so you can understand what's taking up space inside. Bloaty performs a deep analysis of the binary. Using custom ELF, DWARF, and Mach-O parsers, Bloaty aims to accurately attribute every byte of the binary to the symbol or compileunit that produced it. It will even disassemble the binary looking for references to anonymous data. F ================================================ FILE: data/tools/blockwatch.yml ================================================ name: BlockWatch categories: - linter tags: - c - cpp - csharp - css - go - html - java - javascript - jsx - kotlin - make - markdown - php - python - ruby - rust - shell - sql - swift - typescript - xml - yaml license: MIT License types: - cli source: 'https://github.com/mennanov/blockwatch' homepage: 'https://github.com/mennanov/blockwatch' description: 'A language-agnostic linter that keeps code, documentation, and configuration in sync and enforces strict formatting and validation rules.' ================================================ FILE: data/tools/bodyclose.yml ================================================ name: bodyclose categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/timakin/bodyclose' homepage: 'https://github.com/timakin/bodyclose' description: Checks whether HTTP response body is closed. ================================================ FILE: data/tools/bootlint.yml ================================================ name: Bootlint categories: - linter tags: - html license: MIT License types: - cli source: 'https://github.com/twbs/bootlint' homepage: 'https://github.com/twbs/bootlint' description: An HTML linter for Bootstrap projects. ================================================ FILE: data/tools/bowler.yml ================================================ name: Bowler categories: - linter tags: - python license: MIT License types: - cli source: 'https://github.com/facebookincubator/bowler' homepage: 'https://pybowler.io/' description: >- Safe code refactoring for modern Python. Bowler is a refactoring tool for manipulating Python at the syntax tree level. It enables safe, large scale code modifications while guaranteeing that the resulting code compiles and runs. It provides both a simple command line interface and a fluent API in Python for generating complex code modifications in code. ================================================ FILE: data/tools/brakeman.yml ================================================ name: brakeman categories: - linter tags: - ruby - security license: Other types: - cli source: "https://github.com/presidentbeef/brakeman" homepage: "https://brakemanscanner.org" description: >- A static analysis security vulnerability scanner for Ruby on Rails applications. resources: - title: "Brakeman: A Security Scanner for Ruby on Rails" url: https://www.youtube.com/watch?v=pTUlPq4glOg ================================================ FILE: data/tools/brittany.yml ================================================ name: brittany categories: - formatter tags: - haskell license: GNU Affero General Public License v3.0 types: - cli source: 'https://github.com/lspitzner/brittany' homepage: 'https://github.com/lspitzner/brittany' description: Haskell source code formatter ================================================ FILE: data/tools/buf.yml ================================================ name: buf categories: - linter tags: - protobuf license: Apache-2.0 License types: - cli source: 'https://github.com/bufbuild/buf' homepage: 'https://buf.build' description: >- Provides a CLI linter that enforces good API design choices and structure ================================================ FILE: data/tools/bugprove.yml ================================================ name: BugProve categories: - linter tags: - asm - binary - c - cpp - security license: proprietary types: - cli plans: free: true deprecated: true homepage: "https://bugprove.com" description: >- BugProve is a firmware analysis platform featuring both static and dynamic analysis techniques to discover memory corruptions, command injections and other classes or common weaknesses in binary code. It also detects vulnerable dependencies, weak cryptographic parameters, misconfigurations, and more. resources: - title: BugProve Product Intro by John Hammond url: https://www.youtube.com/watch?v=orTvsOlFS5k reviews: - https://www.g2.com/products/bugprove/reviews ================================================ FILE: data/tools/bullet.yml ================================================ name: Bullet categories: - linter tags: - ruby - rails license: MIT License types: - cli source: "https://github.com/flyerhzm/bullet" homepage: "https://github.com/flyerhzm/bullet" description: >- Help to kill N+1 queries and unused eager loading. ================================================ FILE: data/tools/bundler-audit.yml ================================================ name: bundler-audit categories: - linter tags: - ruby license: GNU General Public License v3.0 types: - cli source: 'https://github.com/rubysec/bundler-audit' homepage: 'https://github.com/rubysec/bundler-audit' description: >- Audit Gemfile.lock for gems with security vulnerabilities reported in [Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db). ================================================ FILE: data/tools/c2rust.yml ================================================ name: C2Rust categories: - linter tags: - rust license: Other types: - cli source: 'https://github.com/immunant/c2rust' homepage: 'https://c2rust.com' resources: - title: "RustConf 2018 - C2Rust: Migrating Legacy Code to Rust by Per Larsen" url: https://www.youtube.com/watch?v=WEsR0Vv7jhg&t=233s description: >- C2Rust helps you migrate C99-compliant code to Rust. The translator (or transpiler) produces unsafe Rust code that closely mirrors the input C code. ================================================ FILE: data/tools/cakefuzzer.yml ================================================ name: CakeFuzzer categories: - linter tags: - php license: GNU GPL types: - cli source: 'https://github.com/Zigrin-Security/CakeFuzzer' homepage: 'https://zigrin.com/tools/cake-fuzzer/' description: >- Web application security testing tool for CakePHP-based web applications. CakeFuzzer employs a predefined set of attacks that are randomly modified before execution. Leveraging its deep understanding of the Cake PHP framework, Cake Fuzzer launches attacks on all potential application entry points. ================================================ FILE: data/tools/callGraph.yml ================================================ name: callGraph categories: - linter tags: - awk - shell - dart - fortran - go - lua - javascript - julia - kotlin - matlab - perl - pascal - php - python - r - raku - ruby - rust - scala - swift - tcl - typescript license: GNU General Public License types: - cli source: 'https://github.com/koknat/callGraph' homepage: 'https://github.com/koknat/callGraph' description: Statically generates a call graph image and displays it on screen. ================================================ FILE: data/tools/cane.yml ================================================ name: cane categories: - linter tags: - ruby license: Other types: - cli source: 'https://github.com/square/cane' homepage: 'https://github.com/square/cane' description: Code quality threshold checking as part of your build. ================================================ FILE: data/tools/cargo-audit.yml ================================================ name: cargo-audit categories: - linter tags: - rust license: Other types: - cli source: "https://github.com/RustSec/cargo-audit" homepage: "https://rustsec.org" resources: - title: "Keep your Users Safe and Scan Your Rust Dependencies With This Tool" url: https://www.youtube.com/watch?v=V8RfQ0uihzE - title: "How to audit Rust code in 4 minutes!" url: https://www.youtube.com/watch?v=w2Co88TzrsQ description: >- Audit Cargo.lock for crates with security vulnerabilities reported to the [RustSec Advisory Database](https://github.com/RustSec/advisory-db/). ================================================ FILE: data/tools/cargo-bloat.yml ================================================ name: cargo-bloat categories: - linter tags: - binary - rust license: MIT License types: - cli source: 'https://github.com/RazrFalcon/cargo-bloat' homepage: 'https://github.com/RazrFalcon/cargo-bloat' description: >- Find out what takes most of the space in your executable. supports ELF (Linux, BSD), Mach-O (macOS) and PE (Windows) binaries. ================================================ FILE: data/tools/cargo-breaking.yml ================================================ name: cargo-breaking categories: - linter tags: - rust license: MPL-2.0 types: - cli source: 'https://github.com/iomentum/cargo-breaking' homepage: 'https://github.com/iomentum/cargo-breaking' description: >- cargo-breaking compares a crate's public API between two different branches, shows what changed, and suggests the next version according to semver. ================================================ FILE: data/tools/cargo-call-stack.yml ================================================ name: cargo-call-stack categories: - linter tags: - rust license: Apache-2.0 types: - cli source: "https://github.com/japaric/cargo-call-stack" homepage: "https://github.com/japaric/cargo-call-stack" description: >- Whole program static stack analysis The tool produces the full call graph of a program as a dot file. ================================================ FILE: data/tools/cargo-deny.yml ================================================ name: cargo-deny categories: - linter tags: - rust license: Apache License types: - cli source: 'https://github.com/EmbarkStudios/cargo-deny' homepage: 'https://embarkstudios.github.io/cargo-deny' description: >- A cargo plugin for linting your dependencies. It can be used either as a command line too, a Rust crate, or a Github action for CI. It checks for valid license information, duplicate crates, security vulnerabilities, and more. ================================================ FILE: data/tools/cargo-expand.yml ================================================ name: cargo-expand categories: - linter tags: - rust license: Apache License 2.0 types: - cli source: 'https://github.com/dtolnay/cargo-expand' homepage: 'https://github.com/dtolnay/cargo-expand' description: >- Cargo subcommand to show result of macro expansion and #[derive] expansion applied to the current crate. This is a wrapper around a more verbose compiler command. ================================================ FILE: data/tools/cargo-geiger.yml ================================================ name: cargo-geiger categories: - linter tags: - rust license: MIT License types: - cli source: 'https://github.com/geiger-rs/cargo-geiger' homepage: 'https://github.com/geiger-rs/cargo-geiger' description: >- A cargo plugin for analysing the usage of unsafe Rust code Provides statistical output to aid security auditing ================================================ FILE: data/tools/cargo-inspect.yml ================================================ name: cargo-inspect categories: - linter tags: - rust license: Other types: - cli source: 'https://github.com/mre/cargo-inspect' homepage: 'https://github.com/mre/cargo-inspect' description: >- Inspect Rust code without syntactic sugar to see what the compiler does behind the curtains. ================================================ FILE: data/tools/cargo-semver-checks.yml ================================================ name: cargo-semver-checks categories: - linter tags: - rust license: Apache License (Version 2.0) or MIT types: - cli source: 'https://github.com/obi1kenobi/cargo-semver-checks' homepage: 'https://crates.io/crates/cargo-semver-checks' description: >- Scan your Rust crate releases for semver violations. It can be used either directly via the CLI, as a GitHub Action in CI, or via release managers like `release-plz`. It found semver violations in [more than 1 in 6 of the top 1000 most-downloaded crates](https://predr.ag/blog/semver-violations-are-common-better-tooling-is-the-answer/) on crates.io. ================================================ FILE: data/tools/cargo-show-asm.yml ================================================ name: cargo-show-asm categories: - linter tags: - rust license: MIT / Apache 2.0 types: - cli source: 'https://github.com/pacak/cargo-show-asm' homepage: 'https://github.com/pacak/cargo-show-asm' description: >- cargo subcommand showing the assembly, LLVM-IR and MIR generated for Rust code ================================================ FILE: data/tools/cargo-spellcheck.yml ================================================ name: cargo-spellcheck categories: - linter tags: - rust license: Apache 2.0 / MIT License types: - cli source: 'https://github.com/drahnr/cargo-spellcheck' homepage: 'https://github.com/drahnr/cargo-spellcheck' description: >- Checks all your documentation for spelling and grammar mistakes with hunspell (ready) and languagetool (preview) ================================================ FILE: data/tools/cargo-udeps.yml ================================================ name: cargo udeps categories: - linter tags: - rust license: MIT License / Apache 2.0 license types: - cli source: 'https://github.com/est31/cargo-udeps' homepage: 'https://github.com/est31/cargo-udeps' description: >- Find unused dependencies in Cargo.toml. It either prints out a "unused crates" line listing the crates, or it prints out a line saying that no crates were unused. ================================================ FILE: data/tools/cargo-unused-features.yml ================================================ name: cargo-unused-features categories: - linter tags: - rust license: MIT types: - cli source: 'https://github.com/TimonPost/cargo-unused-features' homepage: 'https://github.com/TimonPost/cargo-unused-features' description: >- Find potential unused enabled feature flags and prune them. You can generate a simple HTML report from the json to make it easier to inspect results. It removes a feature of a dependency and then compiles the project to see if it still compiles. If it does, the feature flag can possibly be removed, but it can be a false-positive. ================================================ FILE: data/tools/cast-highlight.yml ================================================ name: CAST Highlight categories: - linter tags: - abap - c - cobol - cpp - csharp - java - javascript - jsp - php - plsql - python - tsql - vbasic license: proprietary types: - cli homepage: https://www.castsoftware.com/products/highlight description: >- Commercial Static Code Analysis which runs locally, but uploads the results to its cloud for presentation. pricing: https://www.castsoftware.com/products/highlight/pricing#pricing ================================================ FILE: data/tools/cbmc.yml ================================================ name: CBMC categories: - linter tags: - c - cpp license: BSD-4-Clause-UC types: - cli source: 'https://github.com/diffblue/cbmc' homepage: 'http://www.cprover.org/cbmc' description: >- Bounded model-checker for C programs, user-defined assertions, standard assertions, several coverage metric analyses. ================================================ FILE: data/tools/cfn-lint.yml ================================================ name: cfn-lint categories: - linter tags: - configmanagement license: Other types: - cli source: 'https://github.com/awslabs/cfn-python-lint' homepage: 'https://github.com/awslabs/cfn-python-lint' description: AWS Labs CloudFormation linter. ================================================ FILE: data/tools/cfn_nag.yml ================================================ name: cfn_nag categories: - linter tags: - configmanagement license: MIT License types: - cli source: 'https://github.com/stelligent/cfn_nag' homepage: 'https://github.com/stelligent/cfn_nag' description: A linter for AWS CloudFormation templates. ================================================ FILE: data/tools/chap.yml ================================================ name: VMware chap categories: - linter tags: - binary license: GPL v2 types: - cli source: 'https://github.com/vmware/chap' homepage: 'https://github.com/vmware/chap' description: >- chap analyzes un-instrumented ELF core files for leaks, memory growth, and corruption. It is sufficiently reliable that it can be used in automation to catch leaks before they are committed. As an interactive tool, it helps explain memory growth, can identify some forms of corruption, and supplements a debugger by giving the status of various memory locations. ================================================ FILE: data/tools/chart-testing.yml ================================================ name: chart-testing categories: - linter tags: - kubernetes license: Apache-2.0 License types: - cli source: 'https://github.com/helm/chart-testing' homepage: 'https://github.com/helm/chart-testing' description: >- ct is the tool for testing Helm charts. It is meant to be used for linting and testing pull requests. It automatically detects charts changed against the target branch. ================================================ FILE: data/tools/checker-framework.yml ================================================ name: Checker Framework categories: - linter tags: - java license: GPL with Classpath exception / MIT License types: - cli source: 'https://github.com/typetools/checker-framework' homepage: 'https://checkerframework.org' description: Pluggable type-checking for Java. This is not just a bug-finder, but a verification tool that gives a guarantee of correctness. It comes with 27 pre-built type systems, and it enables users to define their own type system; the manual lists over 30 user-contributed type systems. ================================================ FILE: data/tools/checkmake.yml ================================================ name: checkmake categories: - linter tags: - buildtool - make license: MIT License types: - cli source: 'https://github.com/mrtazz/checkmake' homepage: 'https://github.com/mrtazz/checkmake' description: Linter / Analyzer for Makefiles. ================================================ FILE: data/tools/checkmarx-cxsast.yml ================================================ name: Checkmarx CxSAST categories: - linter tags: - apex - asp - c - cpp - csharp - go - groovy - html - java - javascript - mobile - nodejs - objectivec - perl - phonegap - php - python - ruby - scala - security - swift - vbasic - vbnet - vbscript - visualforce license: proprietary types: - cli homepage: 'https://www.checkmarx.com/products/static-application-security-testing' pricing: https://checkmarx.com/packaging/ plans: free: false oss: false description: Commercial Static Code Analysis which doesn't require pre-compilation. ================================================ FILE: data/tools/checkov.yml ================================================ name: checkov categories: - linter tags: - configmanagement license: Apache-2.0 types: - cli source: 'https://github.com/bridgecrewio/checkov' homepage: 'https://www.checkov.io' description: >- Static analysis tool for Terraform files (tf>=v0.12), preventing cloud misconfigs at build time. ================================================ FILE: data/tools/checkstyle.yml ================================================ name: checkstyle categories: - linter tags: - java license: Other types: - cli source: 'https://github.com/checkstyle/checkstyle' homepage: 'https://checkstyle.org' description: >- Checking Java source code for adherence to a Code Standard or set of validation rules (best practices). ================================================ FILE: data/tools/chktex.yml ================================================ name: ChkTeX categories: - linter tags: - latex license: GNU Public License version 2 or greater types: - cli source: 'http://git.savannah.nongnu.org/cgit/chktex.git' deprecated: true homepage: 'http://www.nongnu.org/chktex' description: A linter for LaTex which catches some typographic errors LaTeX oversees. ================================================ FILE: data/tools/churn-php.yml ================================================ name: churn-php categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/bmitch/churn-php' homepage: 'https://github.com/bmitch/churn-php' description: Helps discover good candidates for refactoring. ================================================ FILE: data/tools/churn.yml ================================================ name: Churn categories: - linter tags: - ruby license: MIT License types: - cli source: "https://github.com/danmayer/churn" homepage: "https://github.com/danmayer/churn" description: >- A Project to give the churn file, class, and method for a project for a given checkin. Over time the tool adds up the history of churns to give the number of times a file, class, or method is changing during the life of a project. ================================================ FILE: data/tools/ciocheck.yml ================================================ name: ciocheck categories: - formatter - meta tags: - meta - python license: MIT License types: - cli source: 'https://github.com/ContinuumIO/ciocheck' homepage: 'https://github.com/ContinuumIO/ciocheck' description: >- Linter, formatter and test suite helper. As a linter, it is a wrapper around `pep8`, `pydocstyle`, `flake8`, and `pylint`. ================================================ FILE: data/tools/ck.yml ================================================ name: ck categories: - linter tags: - java license: Apache License 2.0 types: - cli source: 'https://github.com/mauricioaniche/ck' homepage: 'https://github.com/mauricioaniche/ck' description: >- Calculates Chidamber and Kemerer object-oriented metrics by processing the source Java files. ================================================ FILE: data/tools/ckjm.yml ================================================ name: ckjm categories: - linter tags: - java license: Apache License 2.0 types: - cli source: 'https://github.com/dspinellis/ckjm' homepage: 'http://www.spinellis.gr/sw/ckjm' description: >- Calculates Chidamber and Kemerer object-oriented metrics by processing the bytecode of compiled Java files. ================================================ FILE: data/tools/clair.yml ================================================ name: clair categories: - linter tags: - container license: Other types: - cli source: 'https://github.com/coreos/clair' homepage: 'https://github.com/coreos/clair' description: Vulnerability Static Analysis for Containers. ================================================ FILE: data/tools/clang-tidy.yml ================================================ name: clang-tidy categories: - linter tags: - c - cpp license: Apache License v2.0 with LLVM Exceptions types: - cli source: 'https://clang.llvm.org/extra/clang-tidy' homepage: 'https://clang.llvm.org/extra/clang-tidy' description: Clang-based C++ linter tool with the (limited) ability to fix issues, too. ================================================ FILE: data/tools/classgraph.yml ================================================ name: ClassGraph categories: - linter tags: - groovy - java - kotlin license: MIT License types: - cli source: 'https://github.com/classgraph/classgraph' homepage: 'https://github.com/classgraph/classgraph' description: >- A classpath and module path scanner for querying or visualizing class metadata or class relatedness. ================================================ FILE: data/tools/clayton.yml ================================================ name: Clayton homepage: https://www.getclayton.com/ description: >- AI-powered code reviews for Salesforce. Secure your developments, enforce best practice and control your technical debt in real-time. tags: - apex - lwc - visualforce categories: - linter types: - service license: proprietary pricing: https://www.getclayton.com/pricing ================================================ FILE: data/tools/clazy.yml ================================================ name: clazy categories: - linter tags: - c - cpp license: LGPL types: - cli source: 'https://github.com/KDE/clazy' homepage: 'https://github.com/KDE/clazy' description: >- Qt-oriented static code analyzer based on the Clang framework. clazy is a compiler plugin which allows clang to understand Qt semantics. You get more than 50 Qt related compiler warnings, ranging from unneeded memory allocations to misusage of API, including fix-its for automatic refactoring. ================================================ FILE: data/tools/clippy.yml ================================================ name: clippy categories: - linter tags: - rust license: Apache-2.0, MIT license types: - cli source: "https://github.com/rust-lang/rust-clippy" homepage: "https://rust-lang.github.io/rust-clippy" demos: - https://play.rust-lang.org resources: - title: Rust For Beginners Tutorial - Linting with Clippy url: https://www.youtube.com/watch?v=BE9KY6X7aUM - title: "Easy Rust 096: Final example of iterators and quick look at clippy" url: https://www.youtube.com/watch?v=OgcrRt84bUY description: A code linter to catch common mistakes and improve your Rust code. ================================================ FILE: data/tools/clj-kondo.yml ================================================ name: clj-kondo categories: - linter tags: - clojure license: Eclipse Public License 1.0 types: - cli source: 'https://github.com/borkdude/clj-kondo' homepage: 'https://github.com/borkdude/clj-kondo' description: >- A linter for Clojure code that sparks joy. It informs you about potential errors while you are typing. ================================================ FILE: data/tools/closure-compiler.yml ================================================ name: Closure Compiler categories: - linter tags: - javascript license: Apache License 2.0 types: - cli source: 'https://github.com/google/closure-compiler' homepage: 'https://developers.google.com/closure/compiler' description: >- A compiler tool to increase efficiency, reduce size, and provide code warnings in JavaScript files. ================================================ FILE: data/tools/closurelinter.yml ================================================ name: ClosureLinter categories: - linter tags: - javascript deprecated: true license: Apache License 2.0 types: - cli source: 'https://github.com/google/closure-linter' homepage: 'https://github.com/google/closure-linter' description: >- Ensures that all of your project's JavaScript code follows the guidelines in the Google JavaScript Style Guide. It can also automatically fix many common errors. ================================================ FILE: data/tools/cloud-iac-security.yml ================================================ name: Cloud (IaC) Security for JetBrains IDEs categories: - linter tags: - dockerfile - kubernetes - security license: MIT types: - ide-plugin source: "https://github.com/NordCoderd/cloud-security-plugin" homepage: "https://plugins.jetbrains.com/plugin/25413-cloud-iac-security" description: "Cloud (IaC) Security plugin for JetBrains IDEs. Performs real-time inspections of Docker & Kubernetes IaC with 50+ rules based on Docker image/build security best practices, Kubernetes Pod Security Standards, and NSA/CISA Kubernetes Hardening Guidance." resources: - title: "Bundled-rules documentation" url: https://protsenko.dev/infrastructure-security/ ================================================ FILE: data/tools/cloudformation-guard.yml ================================================ name: AWS CloudFormation Guard categories: - linter tags: - configmanagement license: Apache License 2.0 types: - cli source: 'https://github.com/aws-cloudformation/cloudformation-guard' homepage: 'https://github.com/aws-cloudformation/cloudformation-guard' description: >- Check local CloudFormation templates against policy-as-code rules and generate rules from existing templates. ================================================ FILE: data/tools/clusterlint.yml ================================================ name: clusterlint categories: - linter tags: - kubernetes license: Apache-2.0 License types: - cli source: 'https://github.com/digitalocean/clusterlint' homepage: 'https://github.com/digitalocean/clusterlint' description: >- Clusterlint queries live Kubernetes clusters for resources, executes common and platform specific checks against these resources and provides actionable feedback to cluster operators. It is a non invasive tool that is run externally. Clusterlint does not alter the resource configurations. ================================================ FILE: data/tools/cmetrics.yml ================================================ name: CMetrics categories: - linter tags: - c - cpp license: GNU General Public License v2.0 types: - cli source: 'https://github.com/MetricsGrimoire/CMetrics' homepage: 'https://github.com/MetricsGrimoire/CMetrics' description: Measures size and complexity for C files. ================================================ FILE: data/tools/coala.yml ================================================ name: coala categories: - linter tags: - c - cpp - css - java - javascript license: AGPL-3.0-only deprecated: true types: - cli source: "https://github.com/coala/coala" homepage: "https://github.com/coala/coala" description: >- Language independent framework for creating code analysis - supports over 60 languages by default. ================================================ FILE: data/tools/cobra.yml ================================================ name: Cobra categories: - linter tags: - ada - c - cpp - python license: proprietary types: - cli homepage: 'https://spinroot.com/cobra' plans: free: true oss: true description: Structural source code analyzer by NASA's Jet Propulsion Laboratory. ================================================ FILE: data/tools/codacy.yml ================================================ name: Codacy categories: - linter tags: - apex - shell - coffeescript - cpp - csharp - crystal - css - elixir - go - groovy - java - javascript - json - jsp - kotlin - markdown - php - plsql - python - ruby - scala - swift - tsql - typescript - vbscript - visualforce - xml license: proprietary types: - service homepage: https://www.codacy.com description: Code Analysis to ship Better Code, Faster. resources: - title: Automate your code quality with Codacy Static Analysis Tool url: https://www.youtube.com/watch?v=oxqTu2ouxaw - title: A founder's journey - Codacy url: https://www.youtube.com/watch?v=lVxkD_bmbFY pricing: https://www.codacy.com/pricing plans: free: false oss: true ================================================ FILE: data/tools/code-climate.yml ================================================ name: Code Climate categories: - linter license: AGPL-3.0 License tags: - ci types: - service source: "https://github.com/codeclimate/codeclimate" homepage: "https://codeclimate.com" description: "The open and extensible static analysis platform, for everyone." ================================================ FILE: data/tools/code-cracker.yml ================================================ name: code-cracker categories: - linter tags: - csharp license: Apache License 2.0 types: - cli source: 'https://github.com/code-cracker/code-cracker' homepage: 'https://code-cracker.github.io' description: >- An analyzer library for C# and VB that uses Roslyn to produce refactorings, code analysis, and other niceties. ================================================ FILE: data/tools/code-graph-rag.yml ================================================ name: Code-Graph-RAG categories: - meta tags: - python - javascript - typescript - rust - go - java - scala - cpp - lua license: MIT types: - cli source: "https://github.com/vitali87/code-graph-rag" homepage: "https://code-graph-rag.com" description: >- Builds knowledge graphs from multi-language codebases using Tree-sitter AST parsing and stores them in Memgraph. Supports 11 programming languages with a unified graph schema and enables natural language querying and editing of code structure and relationships. Functions as an MCP server for AI assistant integration. ================================================ FILE: data/tools/code-pathfinder.yml ================================================ name: Code Pathfinder categories: - linter tags: - ci - container - dockerfile - python - security license: AGPL-3.0 types: - cli source: 'https://github.com/shivasurya/code-pathfinder' homepage: 'https://codepathfinder.dev' resources: - title: Code Pathfinder Rules Registry url: https://codepathfinder.dev/registry description: >- An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection. Built for advanced structural search, derive insights, find vulnerabilities in code. ================================================ FILE: data/tools/codeac.yml ================================================ name: Codeac categories: - linter tags: - ci - container - go - java - javascript - php - python - ruby - typescript license: proprietary types: - service homepage: "https://www.codeac.io/?ref=awesome-static-analysis" pricing: https://www.codeac.io/pricing.html plans: free: true oss: true description: >- Automated code review tool integrates with GitHub, Bitbucket and GitLab (even self-hosted). Available for JavaScript, TypeScript, Python, Ruby, Go, PHP, Java, Docker, and more. (open-source free) ================================================ FILE: data/tools/codeburner.yml ================================================ name: codeburner categories: - meta tags: - c - cpp - java - javascript - meta - php license: MIT License types: - cli source: 'https://github.com/groupon/codeburner' homepage: 'https://groupon.github.io/codeburner' description: Provides a unified interface to sort and act on the issues it finds. ================================================ FILE: data/tools/codechecker.yml ================================================ name: codechecker categories: - linter tags: - buildtool - c - cpp license: Apache License 2.0 types: - cli source: 'https://github.com/Ericsson/codechecker' homepage: 'https://codechecker.readthedocs.io/en/latest' description: >- A defect database and viewer extension for the Clang Static Analyzer with web GUI. ================================================ FILE: data/tools/codecov.yml ================================================ name: Codecov categories: - linter license: proprietary tags: - ci types: - service homepage: "https://about.codecov.io/" pricing: "https://about.codecov.io/pricing/" plans: free: true oss: true resources: - title: "Codecov Overview" url: https://www.youtube.com/watch?v=wwFookaYHoo - title: "Codecov Onboarding 1: Account Creation" url: https://www.youtube.com/watch?v=8xToLcchs4Y - title: "Codecov Github Tutorial/Demo" url: https://docs.codecov.com/docs/github-tutorial reviews: - https://www.g2.com/products/codecov/reviews description: >- Codecov is a company that provides code coverage tools for developers and engineering leaders to gain visibility into their code coverage. They offer flexible and unified reporting, seamless coverage insights, and robust coverage controls. Codecov supports over 20 languages and is CI/CD agnostic. Over 29,000 organizations and 1 million developers use Codecov. Codecov has recently joined Sentry. ================================================ FILE: data/tools/codedepends.yml ================================================ name: CodeDepends categories: - linter tags: - r license: GPL types: - cli deprecated: true source: 'https://github.com/duncantl/CodeDepends' homepage: 'https://github.com/duncantl/CodeDepends' description: Static Code Analysis for R. ================================================ FILE: data/tools/codefactor.yml ================================================ name: CodeFactor categories: - linter tags: - ci - c - cpp - csharp - java - css - javascript - go - python - ruby - typescript - scala - coffeescript - groovy - php - container - shell - yaml - vue - html - swift - kotlin - powershell - dart - r license: proprietary types: - service homepage: https://codefactor.io description: Automated Code Analysis for repos on GitHub or BitBucket. resources: - title: Getting started with CodeFactor.io url: https://www.youtube.com/watch?v=0wL1bgoya2U pricing: https://codefactor.io/pricing plans: free: false oss: true ================================================ FILE: data/tools/codeflow.yml ================================================ name: CodeFlow categories: - linter tags: - ci - javascript - typescript - php - ruby - java - css - container - python license: proprietary types: - service homepage: 'https://www.getcodeflow.com' pricing: https://www.getcodeflow.com plans: free: false oss: true description: >- Automated code analysis tool to deal with technical depth. Integrates with Bitbucket and Gitlab. (free for Open Source Projects) ================================================ FILE: data/tools/codeintelligence.yml ================================================ name: Code Intelligence categories: - linter tags: - security - go - c - cpp - java license: proprietary types: - service homepage: 'https://www.code-intelligence.com' pricing: https://www.code-intelligence.com/product-pricing plans: free: false oss: true description: 'CI/CD-agnostic DevSecOps platform which combines industry-leading fuzzing engines for finding bugs and visualizing code coverage' resources: - title: Code Intelligence | Introduction url: https://www.youtube.com/watch?v=Qfsz_ZTKM6Y ================================================ FILE: data/tools/codelyzer.yml ================================================ name: Codelyzer categories: - linter tags: - typescript deprecated: true license: MIT License types: - cli source: 'https://github.com/mgechev/codelyzer' homepage: 'http://codelyzer.com' description: >- A set of tslint rules for static code analysis of Angular 2 TypeScript projects. ================================================ FILE: data/tools/codemodder.yml ================================================ name: Codemodder categories: - linter tags: - java - python license: GNU AFFERO GENERAL PUBLIC LICENSE 3.0 types: - cli source: 'https://github.com/pixee/codemodder-java' homepage: 'https://codemodder.io/' description: >- Codemodder is a pluggable framework for building expressive codemods. Use Codemodder when you need more than a linter or code formatting tool. Use it to fix non-trivial security issues and other code quality problems. ================================================ FILE: data/tools/codenarc.yml ================================================ name: CodeNarc categories: - linter tags: - groovy license: Apache License 2.0 types: - cli source: 'https://github.com/CodeNarc/CodeNarc' homepage: 'https://codenarc.github.io/CodeNarc' description: >- A static analysis tool for Groovy source code, enabling monitoring and enforcement of many coding standards and best practices. ================================================ FILE: data/tools/codeql.yml ================================================ name: codeql categories: - linter tags: - ci - security - java - python - javascript - typescript - csharp - c - cpp license: MIT types: - service - ide-plugin homepage: 'https://github.com/github/codeql' resources: - title: Community-powered security analysis with CodeQL - GitHub Universe 2020 url: https://www.youtube.com/watch?v=Y6PjAaZKNYk - title: Continuous code analysis with CodeQL url: https://www.youtube.com/watch?v=KEPiDz2oO-I description: >- Deep code analysis - semantic queries and dataflow for several languages with VSCode plugin support. ================================================ FILE: data/tools/codeque.yml ================================================ name: CodeQue categories: - linter tags: - typescript - javascript - jsx - lua - python - json license: Sustainable Use License types: - cli - ide-plugin source: "https://github.com/codeque-co/codeque" homepage: "https://codeque.co" description: Ecosystem for structural matching JavaScript and TypeScript code. Offers search tool that understands code structure. Available as CLI tool and Visual Studio Code extension. It helps to search code faster and more accurately making you workflow more effective. Soon it will offer ESLint plugin to create your own rules in minutes to help with assuring codebase quality. resources: - title: Documentation url: "https://codeque.co/docs" - title: Visual Studio Code Extension url: "https://codeque.co/r/vsc" - title: CLI via NPM url: "https://www.npmjs.com/package/@codeque/cli" - title: Core via NPM url: "https://www.npmjs.com/package/@codeque/core" ================================================ FILE: data/tools/coderabbit.yml ================================================ name: CodeRabbit categories: - linter tags: - ci types: - service source: "https://github.com/coderabbitai" homepage: "https://coderabbit.ai" license: proprietary plans: oss: true free: true pricing: https://coderabbit.ai/pricing resources: - title: "AI Code Reviews Demo" url: https://www.youtube.com/watch?v=3SyUOSebG7E description: >- AI-powered code review tool that helps developers write better code faster. CodeRabbit provides automated code reviews, identifies security vulnerabilities, and suggests code improvements. It integrates with GitHub and GitLab. ================================================ FILE: data/tools/coderush.yml ================================================ name: CodeRush categories: - linter tags: - aspnet - csharp - dotnet license: proprietary types: - cli homepage: https://www.devexpress.com/products/coderush description: >- Code creation, debugging, navigation, refactoring, analysis and visualization tools that use the Roslyn engine in Visual Studio 2015 and up. pricing: https://www.devexpress.com/buy/net/ ================================================ FILE: data/tools/codescan.yml ================================================ name: CodeScan homepage: https://www.codescan.io/ description: "Code Quality and Security for Salesforce Developers. Made exclusively\ \ for the Salesforce platform, CodeScan\u2019s code analysis solutions provide you\ \ with total visibility into your code health." categories: - linter tags: - apex - lwc - visualforce license: proprietary types: - service pricing: https://www.codescan.io/pricing ================================================ FILE: data/tools/codescene.yml ================================================ name: CodeScene categories: - linter tags: - c - clojure - cpp - csharp - dart - elixir - erlang - go - groovy - java - javascript - kotlin - perl - php - powershell - python - ruby - scala - swift - typescript license: proprietary types: - service homepage: https://codescene.com description: >- CodeScene is a quality visualization tool for software. Prioritize technical debt, detect delivery risks, and measure organizational aspects. Fully automated. resources: - title: CodeScene Introduction - short video with the essentials of CodeScene url: https://www.youtube.com/watch?v=4Mwv-Swxo84 - title: Augmented Code Analysis with CodeScene url: https://www.youtube.com/watch?v=c2lqk98bC00 - title: "Beyond code: interview with Adam Tornhill about CodeScene" url: https://www.youtube.com/watch?v=tbCA2JiO_K8 pricing: https://codescene.com/pricing plans: free: false oss: true reviews: - https://www.capterra.com/p/193379/CodeScene/ ================================================ FILE: data/tools/codesee.yml ================================================ name: CodeSee categories: - linter tags: - go - java - javascript - python - rust - typescript license: proprietary types: - service - ide-plugin homepage: 'https://www.codesee.io/' demos: - https://www.codesee.io/maps-demos pricing: https://www.codesee.io/pricing plans: free: true oss: false description: >- CodeSee is mapping and automating your app's services, directories, file dependencies, and code changes. It's like Google Map, but for code.t ================================================ FILE: data/tools/codesonar-from-grammatech.yml ================================================ name: CodeSonar from GrammaTech categories: - linter tags: - c - cpp - csharp - java license: proprietary types: - cli homepage: 'https://codesecure.com/our-products/codesonar/' pricing: https://codesecure.com/trial-request/ plans: free: false oss: false description: >- Advanced, whole program, deep path, static analysis of C, C++, Java and C# with easy-to-understand explanations and code and path visualization. ================================================ FILE: data/tools/codespell.yml ================================================ name: codespell categories: - linter tags: - writing license: GNU General Public License v2.0 types: - cli source: 'https://github.com/codespell-project/codespell' homepage: 'https://github.com/codespell-project/codespell' description: Check code for common misspellings. ================================================ FILE: data/tools/codety.yml ================================================ name: Codety categories: - linter tags: - ci - cpp - go - java - javascript - json - jsp - kotlin - plsql - python - scala - swift - typescript license: proprietary types: - service homepage: https://www.codety.io pricing: https://www.codety.io plans: free: true oss: true description: Codety Scanner is a comprehensive source code scanner that embeds 5000+ static code analysis rules, which aim to detect code issues for 20+ programming languages and IaC tools. source: "https://github.com/codetyio/codety-scanner" ================================================ FILE: data/tools/codiga.yml ================================================ name: Codiga categories: - linter tags: - apex - c - cpp - dockerfile - go - java - javascript - kotlin - ruby - php - python - typescript - scala - ci license: proprietary types: - service homepage: https://www.codiga.io description: >- Automated Code Reviews and Technical Debt management platform that supports 12+ languages. pricing: https://www.codiga.io/pricing resources: - title: Codiga Code Analysis Demonstration url: https://www.youtube.com/watch?v=hQ_BjDYlsCU - title: Codiga Coding Assistant url: https://www.youtube.com/watch?v=alS_h2ig7ZI plans: free: true oss: false reviews: - https://www.capterra.com/p/234335/Codiga/ ================================================ FILE: data/tools/coffeelint.yml ================================================ name: coffeelint categories: - linter tags: - coffeescript license: Other types: - cli source: 'https://github.com/clutchski/coffeelint' homepage: 'https://coffeelint.github.io/' description: A style checker that helps keep CoffeeScript code clean and consistent. ================================================ FILE: data/tools/cognicrypt.yml ================================================ name: CogniCrypt categories: - linter tags: - java license: Eclipse Public License 2.0 types: - cli source: "https://github.com/eclipse-cognicrypt/CogniCrypt" homepage: "https://www.eclipse.org/cognicrypt" description: Checks Java source and byte code for incorrect uses of cryptographic APIs. resources: - title: "Tutorial: CogniCrypt basics, and how to integrate your own Crypto APIs into CognICrypt" url: https://www.youtube.com/watch?v=vOZKN8yQcAY ================================================ FILE: data/tools/cohesion.yml ================================================ name: cohesion categories: - linter tags: - python license: GNU General Public License v3.0 types: - cli source: 'https://github.com/mschwager/cohesion' homepage: 'https://github.com/mschwager/cohesion' description: A tool for measuring Python class cohesion. ================================================ FILE: data/tools/collector.yml ================================================ name: collector categories: - formatter tags: - container license: Other types: - cli source: 'https://github.com/banyanops/collector' homepage: 'https://github.com/banyanops/collector' description: 'Run arbitrary scripts inside containers, and gather useful information.' ================================================ FILE: data/tools/commitlint.yml ================================================ name: commitlint categories: - linter tags: - git license: MIT License types: - cli source: 'https://github.com/conventional-changelog/commitlint' homepage: 'https://commitlint.js.org' description: >- checks if your commit messages meet the conventional commit format ================================================ FILE: data/tools/complexity-report.yml ================================================ name: complexity-report categories: - linter tags: - javascript deprecated: true license: MIT License types: - cli source: 'https://github.com/escomplex/complexity-report' homepage: 'https://github.com/escomplex/complexity-report' description: Software complexity analysis for JavaScript projects. ================================================ FILE: data/tools/composer-dependency-analyser.yml ================================================ name: composer-dependency-analyser categories: - linter tags: - php - ci - package license: MIT types: - cli source: 'https://github.com/shipmonk-rnd/composer-dependency-analyser' homepage: 'https://github.com/shipmonk-rnd/composer-dependency-analyser' description: | Fast detection of composer dependency issues. * 💪 Powerful: Detects unused, shadow and misplaced composer dependencies * ⚡ Performant: Scans 15 000 files in 2s! * ⚙️ Configurable: Fine-grained ignores via PHP config * 🕸️ Lightweight: No composer dependencies * 🍰 Easy-to-use: No config needed for first try * ✨ Compatible: PHP >= 7.2 ================================================ FILE: data/tools/cookstyle.yml ================================================ name: cookstyle categories: - linter tags: - configmanagement license: Apache License 2.0 types: - cli source: 'https://github.com/chef/cookstyle' homepage: 'https://docs.chef.io/cookstyle.html' description: >- Cookstyle is a linting tool based on the RuboCop Ruby linting tool for Chef cookbooks. ================================================ FILE: data/tools/corgea.yml ================================================ name: Corgea categories: - linter tags: - ci - go - java - javascript - php - python - ruby - security - typescript - csharp - kotlin - c - cpp license: proprietary types: - cli - service homepage: 'https://corgea.com/' pricing: https://corgea.com/pricing plans: free: true oss: false description: >- Corgea is an AI-powered SAST scanner that helps developers find and fix insecure code. It finds business logic flaws, broken authentication, API vulnerabilities, and more with little false positives. Additionally, it automatically writes security fixes for them to approve. Corgea integrates with GitHub, GitLab, Azure DevOps, IDEs and CLI. It is free to try it. resources: - title: Product homepage url: https://corgea.com/ - title: Corgea Docs url: https://docs.corgea.app/ ================================================ FILE: data/tools/corrode.yml ================================================ name: Corrode categories: - linter tags: - c - cpp - rust deprecated: true license: GNU General Public License v2.0 types: - cli source: 'https://github.com/jameysharp/corrode' homepage: 'https://github.com/jameysharp/corrode' description: >- Semi-automatic translation from C to Rust. Could reveal bugs in the original implementation by showing Rust compiler warnings and errors. Superseded by C2Rust. ================================================ FILE: data/tools/coverity.yml ================================================ name: Coverity categories: - linter tags: - c - cpp - csharp - fortran - java - javascript - php - python - rails - scala - security - typescript - vbnet license: proprietary types: - cli homepage: >- https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html pricing: https://www.synopsys.com/software-integrity/contact-sales.html plans: free: false oss: true description: >- Synopsys Coverity supports 20 languages and over 70 frameworks including Ruby on rails, Scala, PHP, Python, JavaScript, TypeScript, Java, Fortran, C, C++, C#, VB.NET. resources: - title: Coverity - Static Analysis by Synopsys url: https://www.youtube.com/watch?v=FZ-ySGEcD0c - title: Checkmarx - Source Code Analysis Made Easy 2017 url: https://www.youtube.com/watch?v=zo1pCl6yQ34 reviews: - https://www.gartner.com/reviews/market/application-security-testing/vendor/synopsys/product/coverity-sast - https://www.g2.com/products/coverity/reviews - https://www.peerspot.com/products/coverity-reviews ================================================ FILE: data/tools/cpachecker.yml ================================================ name: CPAchecker categories: - linter tags: - c license: Apache 2.0 License types: - cli source: 'https://cpachecker.sosy-lab.org/download.php' homepage: 'https://cpachecker.sosy-lab.org' description: >- A tool for configurable software verification of C programs. The name CPAchecker was chosen to reflect that the tool is based on the CPA concepts and is used for checking software programs. ================================================ FILE: data/tools/cpp-linter-action.yml ================================================ name: cpp-linter-action categories: - linter tags: - c - cpp - ci - python license: MIT types: - cli source: 'https://github.com/cpp-linter/cpp-linter-action' homepage: 'https://cpp-linter.github.io/cpp-linter-action/' description: A Github Action for linting C/C++ code integrating clang-tidy and clang-format to collect feedback provided in the form of thread comments and/or annotations. resources: - title: C/C++ Lint Action introduction url: https://github.com/cpp-linter/cpp-linter-action ================================================ FILE: data/tools/cppcheck.yml ================================================ name: cppcheck categories: - linter tags: - c - cpp license: GNU General Public License v3.0 types: - cli source: "https://github.com/danmar/cppcheck" homepage: "https://cppcheck.sourceforge.io" description: Static analysis of C/C++ code. demos: - https://cppcheck.sourceforge.io/demo/ - https://www.g2.com/products/cppcheck/reviews reviews: - https://sourceforge.net/projects/cppcheck/reviews/ resources: - title: Cppcheck introduction url: https://www.viva64.com/en/t/0083/ - title: "Using cppcheck for C & C++ Static Analysis" url: https://www.youtube.com/watch?v=oJ8SXVoefaA ================================================ FILE: data/tools/cppdepend.yml ================================================ name: CppDepend categories: - linter tags: - c - cpp deprecated: false license: proprietary types: - cli homepage: https://www.cppdepend.com description: >- Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity. pricing: https://www.cppdepend.com/purchase ================================================ FILE: data/tools/cpplint.yml ================================================ name: cpplint categories: - linter tags: - c - cpp license: Apache-2.0 types: - cli source: "https://github.com/cpplint/cpplint" homepage: "https://github.com/cpplint/cpplint" description: Automated C++ checker that follows Google's style guide. ================================================ FILE: data/tools/cqc.yml ================================================ name: cqc categories: - linter tags: - css - javascript - jsx - less - vue license: BSD-3-Clause (original text) types: - cli source: 'https://github.com/xcatliu/cqc' homepage: 'https://github.com/xcatliu/cqc' description: >- Check your code quality for js, jsx, vue, css, less, scss, sass and styl files. ================================================ FILE: data/tools/cqmetrics.yml ================================================ name: cqmetrics categories: - linter tags: - c - cpp license: Other types: - cli source: 'https://github.com/dspinellis/cqmetrics' homepage: 'https://github.com/dspinellis/cqmetrics' description: Quality metrics for C code. ================================================ FILE: data/tools/credential-digger.yml ================================================ name: Credential Digger categories: - linter tags: - security license: Apache License 2.0 types: - cli source: 'https://github.com/SAP/credential-digger' homepage: 'https://github.com/SAP/credential-digger' description: >- Credential Digger is a GitHub scanning tool that identifies hardcoded credentials (Passwords, API Keys, Secret Keys, Tokens, personal information, etc), and filtering the false positive data through a machine learning model called [Password Model](https://huggingface.co/SAPOSS/password-model). This scanner is able to detect passwords and non structured tokens with a low false positive rate. ================================================ FILE: data/tools/credo.yml ================================================ name: credo categories: - linter tags: - elixir license: MIT License types: - cli source: 'https://github.com/rrrene/credo' homepage: 'https://github.com/rrrene/credo' description: A static code analysis tool with a focus on code consistency and teaching. ================================================ FILE: data/tools/crystal.yml ================================================ name: crystal categories: - linter tags: - crystal license: Apache License 2.0 types: - cli source: 'https://github.com/crystal-lang/crystal' homepage: 'https://crystal-lang.org' description: The Crystal compiler has built-in linting functionality. ================================================ FILE: data/tools/cscout.yml ================================================ name: CScout categories: - linter tags: - c - cpp license: GNU General Public License v3.0 types: - cli source: 'https://github.com/dspinellis/cscout' homepage: 'https://www.spinellis.gr/cscout' description: Complexity and quality metrics for C and C preprocessor code. ================================================ FILE: data/tools/csharpessentials.yml ================================================ name: CSharpEssentials categories: - linter tags: - csharp license: Other types: - cli source: 'https://github.com/DustinCampbell/CSharpEssentials' homepage: 'https://github.com/DustinCampbell/CSharpEssentials' description: >- C# Essentials is a collection of Roslyn diagnostic analyzers, code fixes and refactorings that make it easy to work with C# 6 language features. ================================================ FILE: data/tools/css-stats.yml ================================================ name: CSS Stats categories: - linter tags: - css license: MIT License types: - cli source: 'https://github.com/cssstats/cssstats' homepage: 'https://cssstats.com' description: Potentially interesting stats on stylesheets. ================================================ FILE: data/tools/csscomb.yml ================================================ name: CSScomb categories: - formatter tags: - css license: MIT License types: - cli source: 'https://github.com/csscomb/csscomb.js' homepage: 'https://github.com/csscomb/csscomb.js' description: >- A coding style formatter for CSS. Supports own configurations to make style sheets beautiful and consistent. ================================================ FILE: data/tools/csslint.yml ================================================ name: CSSLint categories: - linter tags: - css license: Other types: - cli source: 'https://github.com/CSSLint/csslint' homepage: 'http://csslint.net' description: >- Does basic syntax checking and finds problematic patterns or signs of inefficiency. ================================================ FILE: data/tools/cwe_checker.yml ================================================ name: cwe_checker categories: - linter tags: - binary license: GNU Lesser General Public License v3.0 types: - cli source: 'https://github.com/fkie-cad/cwe_checker' homepage: 'https://github.com/fkie-cad/cwe_checker' description: cwe_checker finds vulnerable patterns in binary executables. ================================================ FILE: data/tools/cyclocomp.yml ================================================ name: cyclocomp categories: - linter tags: - r license: Other types: - cli source: 'https://github.com/MangoTheCat/cyclocomp' homepage: 'https://github.com/MangoTheCat/cyclocomp' description: Quantifies the cyclomatic complexity of R functions / expressions. ================================================ FILE: data/tools/d-scanner.yml ================================================ name: D-scanner categories: - linter tags: - dlang license: Boost Software License 1.0 types: - cli source: 'https://github.com/dlang-community/D-Scanner' homepage: 'https://github.com/dlang-community/D-Scanner' description: D-Scanner is a tool for analyzing D source code. ================================================ FILE: data/tools/dagda.yml ================================================ name: dagda categories: - linter tags: - container license: Apache License 2.0 types: - cli source: 'https://github.com/eliasgranderubio/dagda' homepage: 'https://github.com/eliasgranderubio/dagda' description: Perform static analysis of known vulnerabilities in docker images/containers. deprecated: true ================================================ FILE: data/tools/dart-code-metrics.yml ================================================ name: Dart Code Metrics categories: - linter tags: - dart license: MIT License types: - cli source: 'https://github.com/dart-code-checker/dart-code-metrics' homepage: 'https://pub.dev/packages/dart_code_metrics' description: Additional linter for Dart. Reports code metrics, checks for anti-patterns and provides additional rules for Dart analyzer. ================================================ FILE: data/tools/database_consistency.yml ================================================ name: DatabaseConsistency categories: - linter tags: - ruby - rails license: MIT License types: - cli source: "https://github.com/djezzzl/database_consistency" homepage: "https://github.com/djezzzl/database_consistency" description: >- The tool to avoid various issues due to inconsistencies and inefficiencies between a database schema and application models. ================================================ FILE: data/tools/dataflow-framework.yml ================================================ name: Dataflow Framework categories: - linter tags: - java license: GPL with Classpath exception / MIT License types: - cli source: 'https://github.com/typetools/checker-framework' homepage: 'https://github.com/typetools/checker-framework' description: >- An industrial-strength dataflow framework for Java. The Dataflow Framework is used in the Checker Framework, Google’s Error Prone, Uber’s NullAway, Meta’s Nullsafe, and in other contexts. It is distributed with the Checker Framework. resources: - title: "User Manual" url: https://checkerframework.org/manual/checker-framework-dataflow-manual.pdf ================================================ FILE: data/tools/datree.yml ================================================ name: Datree categories: - linter tags: - kubernetes - security license: Apache License 2.0 types: - cli source: 'https://github.com/datreeio/datree' homepage: 'https://datree.io/' description: 'A CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies' ================================================ FILE: data/tools/dawnscanner.yml ================================================ name: dawnscanner categories: - linter tags: - rails - ruby license: MIT License types: - cli source: 'https://github.com/thesp0nge/dawnscanner' homepage: 'https://github.com/thesp0nge/dawnscanner' description: >- A static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks. ================================================ FILE: data/tools/dbcritic.yml ================================================ name: dbcritic categories: - linter tags: - sql license: BSD-3-Clause License types: - cli source: 'https://github.com/channable/dbcritic' homepage: 'https://github.com/channable/dbcritic' description: >- dbcritic finds problems in a database schema, such as a missing primary key constraint in a table. ================================================ FILE: data/tools/deadcode.yml ================================================ name: deadcode categories: - linter tags: - go license: Other types: - cli source: 'https://github.com/tsenart/deadcode' homepage: 'https://github.com/tsenart/deadcode' description: Finds unused code. ================================================ FILE: data/tools/deadnix.yml ================================================ name: deadnix categories: - linter tags: - nix license: GPL-3.0 types: - cli source: 'https://github.com/astro/deadnix' homepage: 'https://github.com/astro/deadnix' description: 'Scan Nix files for dead code (unused variable bindings)' ================================================ FILE: data/tools/deal.yml ================================================ name: deal categories: - linter tags: - python license: MIT types: - cli source: "https://github.com/life4/deal" homepage: "https://deal.readthedocs.io/" description: >- Design by contract for Python. Write bug-free code. By adding a few decorators to your code, you get for free tests, static analysis, formal verification, and much more. ================================================ FILE: data/tools/deepcode.yml ================================================ name: DeepCode categories: - linter tags: - c - cpp - java - javascript - python - typescript license: proprietary types: - service homepage: https://snyk.io/platform/deepcode-ai/ deprecated: true description: >- DeepCode was acquired by Snyk is now Snyk Code. resources: - title: Intro to DeepCode url: https://www.youtube.com/watch?v=5ThvYN3nWcg - title: "Introduction to DeepCode's CLI - Install, config, first use" url: https://www.youtube.com/watch?v=PG8PmrKEuLY ================================================ FILE: data/tools/deepscan.yml ================================================ name: DeepScan categories: - linter tags: - javascript license: proprietary types: - cli homepage: https://deepscan.io description: >- An analyzer for JavaScript which targets runtime errors and quality issues rather than coding conventions. pricing: https://deepscan.io/pricing plans: free: false oss: true ================================================ FILE: data/tools/deepsource.yml ================================================ name: DeepSource categories: - linter tags: - configmanagement - container - go - javascript - python - ruby - sql license: proprietary types: - service homepage: https://deepsource.com resources: - title: What is DeepSource? url: https://www.youtube.com/watch?v=SwEQXK1ms_U - title: Static analysis for C# with DeepSource url: https://www.youtube.com/watch?v=hgWui62Aa0E description: >- In-depth static analysis to find issues in verticals of bug risks, security, anti-patterns, performance, documentation and style. Native integrations with GitHub, GitLab and Bitbucket. Less than 5% false positives. pricing: https://deepsource.io/pricing plans: free: true oss: true reviews: - https://www.capterra.com/p/199025/DeepSource/ ================================================ FILE: data/tools/deleaker.yml ================================================ name: deleaker categories: - linter tags: - c - cpp - csharp - delphi - dotnet license: proprietary types: - service homepage: 'https://www.deleaker.com/' pricing: https://www.deleaker.com/order.html plans: free: false oss: false description: >- Deleaker is a memory leak detection tool for C++, .NET, and Delphi, integrating with Visual Studio, Qt Creator, and RAD Studio or running as a standalone application. It helps developers find and fix memory, GDI, and handle leaks efficiently. ================================================ FILE: data/tools/delphilint.yml ================================================ name: DelphiLint categories: - linter tags: - delphi license: LGPL-3.0-only license types: - ide-plugin source: 'https://github.com/integrated-application-development/delphilint' homepage: 'https://github.com/integrated-application-development/delphilint' description: A Delphi IDE package providing on-the-fly code analysis and linting, powered by SonarDelphi. ================================================ FILE: data/tools/dennis.yml ================================================ name: dennis categories: - linter tags: - translation license: BSD-3-Clause types: - cli source: 'https://github.com/willkg/dennis' homepage: 'https://github.com/willkg/dennis' description: >- A set of utilities for working with PO files to ease development and improve quality. ================================================ FILE: data/tools/deno_lint.yml ================================================ name: deno_lint categories: - linter tags: - deno license: MIT License types: - cli source: 'https://github.com/denoland/deno_lint' homepage: 'https://github.com/denoland/deno_lint' description: Official linter for Deno. ================================================ FILE: data/tools/depends.yml ================================================ name: Depends categories: - linter tags: - c - cpp - java - php license: MIT License types: - cli source: 'https://github.com/multilang-depends/depends' homepage: 'https://github.com/multilang-depends/depends' description: >- Analyses the comprehensive dependencies of code elements for Java, C/C++, Ruby. ================================================ FILE: data/tools/dephpend.yml ================================================ name: dephpend categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/mihaeu/dephpend' homepage: 'https://github.com/mihaeu/dephpend' description: Dependency analysis tool. ================================================ FILE: data/tools/deprecation-detector.yml ================================================ name: deprecation-detector categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/sensiolabs-de/deprecation-detector' homepage: 'https://github.com/sensiolabs-de/deprecation-detector' description: Finds usages of deprecated (Symfony) code. ================================================ FILE: data/tools/deptrac.yml ================================================ name: deptrac categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/sensiolabs-de/deptrac' homepage: 'https://github.com/sensiolabs-de/deptrac' description: Enforce rules for dependencies between software layers. ================================================ FILE: data/tools/derscanner.yml ================================================ name: DerScanner categories: - linter tags: - abap - apex - asp - c - cpp - cobol - csharp - dart - delphi - go - groovy - html - java - javascript - kotlin - mobile - nodejs - objectivec - pascal - perl - php - plsql - python - ruby - rust - scala - security - swift - vbasic - vbnet - vbscript - xml license: proprietary types: - cli - service homepage: https://derscanner.com/ description: >- Multi-language Static Application Security Testing (SAST) platform that detects critical vulnerabilities, including hardcoded secrets, weak cryptography, backdoors, SQL injections, insecure configurations, etc. pricing: https://derscanner.com/pricing ================================================ FILE: data/tools/designite.yml ================================================ name: Designite categories: - linter tags: - csharp license: proprietary types: - cli homepage: http://www.designite-tools.com description: >- Designite supports detection of various architecture, design, and implementation smells, computation of various code quality metrics, and trend analysis. pricing: http://www.designite-tools.com/buy ================================================ FILE: data/tools/designitejava.yml ================================================ name: DesigniteJava categories: - linter tags: - java license: proprietary types: - cli homepage: http://www.designite-tools.com/designitejava description: >- DesigniteJava supports detection of various architecture, design, and implementation smells along with computation of various code quality metrics. pricing: http://www.designite-tools.com/buy ================================================ FILE: data/tools/designpatterndetector.yml ================================================ name: DesignPatternDetector categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/Halleck45/DesignPatternDetector' homepage: 'https://github.com/Halleck45/DesignPatternDetector' description: Detection of design patterns in PHP code. ================================================ FILE: data/tools/detect-secrets.yml ================================================ name: detect-secrets categories: - linter tags: - security license: Apache-2.0 types: - cli source: 'https://github.com/Yelp/detect-secrets' homepage: 'https://github.com/Yelp/detect-secrets' description: >- An enterprise friendly way of detecting and preventing secrets in code. It does this by running periodic diff outputs against heuristically crafted regex statements, to identify whether any new secret has been committed. This way, it avoids the overhead of digging through all git history, as well as the need to scan the entire repository every time. ================================================ FILE: data/tools/detekt.yml ================================================ name: detekt categories: - linter tags: - kotlin license: Apache License 2.0 types: - cli source: 'https://github.com/detekt/detekt' homepage: 'https://detekt.github.io/detekt' description: Static code analysis for Kotlin code. ================================================ FILE: data/tools/devskim.yml ================================================ name: DevSkim categories: - linter tags: - asp - c - cpp - java - php - python - ruby license: MIT License types: - ide-plugin source: 'https://github.com/microsoft/devskim' homepage: 'https://github.com/microsoft/devskim' resources: - title: "ToorCon 19 — Pavel Bansky - Detecting security issues as fast as you making them" url: https://www.youtube.com/watch?v=VK80nTLGUk4 description: >- Regex-based static analysis tool for Visual Studio, VS Code, and Sublime Text - C/C++, C#, PHP, ASP, Python, Ruby, Java, and others. ================================================ FILE: data/tools/dialyxir.yml ================================================ name: dialyxir categories: - linter tags: - elixir license: Apache License 2.0 types: - cli source: 'https://github.com/jeremyjh/dialyxir' homepage: 'https://github.com/jeremyjh/dialyxir' description: 'Mix tasks to simplify use of Dialyzer in Elixir projects.' ================================================ FILE: data/tools/dialyzer.yml ================================================ name: dialyzer categories: - linter tags: - erlang license: Apache-2.0 License types: - cli source: 'https://github.com/erlang/otp/tree/master/lib/dialyzer' homepage: 'https://www.erlang.org/doc/man/dialyzer.html' description: >- The DIALYZER, a DIscrepancy AnaLYZer for ERlang programs. Dialyzer is a static analysis tool that identifies software discrepancies, such as definite type errors, code that has become dead or unreachable because of programming error, and unnecessary tests, in single Erlang modules or entire (sets of) applications. Dialyzer starts its analysis from either debug-compiled BEAM bytecode or from Erlang source code. The file and line number of a discrepancy is reported along with an indication of what the discrepancy is about. Dialyzer bases its analysis on the concept of success typings, which allows for sound warnings (no false positives). resources: - title: "ElixirConf 2016 - Dialyzer: Optimistic Type Checking for Erlang and Elixir by Jason Voegele" url: https://www.youtube.com/watch?v=JT0ECYZ9FaQ - title: "Sean Cribbs - Chemanalysis: Dialyzing Elixir | Code BEAM SF 19" url: https://www.youtube.com/watch?v=k4au7VioXNk - title: "Stavros Aronis - What does Dialyzer think about me? | Code BEAM STO 19" url: https://www.youtube.com/watch?v=Nxsw1jRE2A4&t=709s ================================================ FILE: data/tools/diesel-guard.yml ================================================ name: diesel-guard categories: - linter tags: - sql - rust license: MIT License types: - cli source: 'https://github.com/ayarotsky/diesel-guard' homepage: 'https://github.com/ayarotsky/diesel-guard' description: >- Linter for dangerous Postgres migration patterns in Diesel and SQLx. Prevents downtime caused by unsafe schema changes. ================================================ FILE: data/tools/diffblue.yml ================================================ name: Diffblue categories: - linter license: proprietary tags: - ci - java types: - service homepage: "https://www.diffblue.com/" pricing: "https://www.diffblue.com/pricing/" plans: free: true resources: - title: "Diffblue Cover Overview" url: https://www.youtube.com/watch?v=9vt1szlaAKw - title: "Codecov Github Tutorial/Demo" url: https://docs.codecov.com/docs/github-tutorial - title: "Diffblue Cover in Eclipse" url: https://www.youtube.com/watch?v=jiUgMs21NNE - title: "Diffblue Cover on a Pull Request" url: https://www.youtube.com/watch?v=dhN-mbgOSMo description: >- Diffblue is a software company that provides AI-powered code analysis and testing solutions for software development teams. Its technology helps developers automate testing, find bugs, and reduce manual labor in their software development processes. The company's main product, Diffblue Cover, uses AI to generate and run unit tests for Java code, helping to catch errors and improve code quality. ================================================ FILE: data/tools/diffrs.yml ================================================ name: diff.rs categories: - linter tags: - rust license: MIT types: - cli source: "https://github.com/xfbs/diff.rs" homepage: "https://diff.rs" description: >- Web application (WASM) to render a diff between Rust crate versions. ================================================ FILE: data/tools/diktat.yml ================================================ name: diktat categories: - linter - formatter tags: - kotlin license: MIT License types: - cli source: 'https://github.com/saveourtool/diktat' homepage: 'https://diktat.saveourtool.com' description: Strict coding standard for Kotlin and a linter that detects and auto-fixes code smells. ================================================ FILE: data/tools/dingo-hunter.yml ================================================ name: dingo-hunter categories: - linter tags: - go license: Apache License 2.0 types: - cli source: 'https://github.com/nickng/dingo-hunter' homepage: 'https://github.com/nickng/dingo-hunter' description: Static analyser for finding deadlocks in Go. ================================================ FILE: data/tools/dlint.yml ================================================ name: Dlint categories: - linter tags: - python license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/dlint-py/dlint' homepage: 'https://github.com/dlint-py/dlint' description: A tool for ensuring Python code is secure. ================================================ FILE: data/tools/docker-label-inspector.yml ================================================ name: Docker Label Inspector categories: - linter tags: - container license: Apache License 2.0 types: - cli source: 'https://github.com/garethr/docker-label-inspector' homepage: 'https://github.com/garethr/docker-label-inspector' description: Lint and validate Dockerfile labels. ================================================ FILE: data/tools/dockle.yml ================================================ name: Dockle categories: - linter tags: - container - security - dockerfile license: Apache License 2.0 types: - cli source: "https://github.com/goodwithtech/dockle" homepage: "https://github.com/goodwithtech/dockle" description: >- Container Image Linter for Security helping build the Best-Practice Docker Image. Scans Docker images for security vulnerabilities and CIS Benchmark compliance. Checks for secrets, credential exposure, and security best practices. Provides multiple severity levels (FATAL, WARN, INFO) and supports various output formats for CI/CD integration. ================================================ FILE: data/tools/dodgy.yml ================================================ name: Dodgy categories: - linter tags: - python license: MIT License types: - cli source: "https://github.com/landscapeio/dodgy" homepage: "https://github.com/landscapeio/dodgy" description: Dodgy is a very basic tool to run against your codebase to search for "dodgy" looking values. It is a series of simple regular expressions designed to detect things such as accidental SCM diff checkins, or passwords or secret keys hard coded into files. ================================================ FILE: data/tools/dogsled.yml ================================================ name: dogsled categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/alexkohler/dogsled' homepage: 'https://github.com/alexkohler/dogsled' description: Finds assignments/declarations with too many blank identifiers. ================================================ FILE: data/tools/doop.yml ================================================ name: Doop categories: - linter tags: - java license: UPL types: - cli source: 'https://github.com/plast-lab/doop' homepage: 'https://plast-lab.github.io/doop-pldi15-tutorial/' description: Doop is a declarative framework for static analysis of Java/Android programs, centered on pointer analysis algorithms. Doop provides a large variety of analyses and also the surrounding scaffolding to run an analysis end-to-end (fact generation, processing, statistics, etc.). ================================================ FILE: data/tools/dotenv-linter-rust.yml ================================================ name: dotenv-linter (Rust) categories: - linter tags: - configfile license: MIT License types: - cli source: 'https://github.com/dotenv-linter/dotenv-linter' homepage: 'https://dotenv-linter.github.io/#/' description: 'Lightning-fast linter for .env files. Written in Rust' ================================================ FILE: data/tools/dotenv-linter.yml ================================================ name: dotenv-linter categories: - linter tags: - configfile license: MIT License types: - cli source: 'https://github.com/wemake-services/dotenv-linter' homepage: 'https://dotenv-linter.readthedocs.io/en/latest' description: Linting dotenv files like a charm. ================================================ FILE: data/tools/dotnet-format.yml ================================================ name: dotnet-format categories: - linter tags: - dotnet - csharp - vbasic license: MIT types: - cli source: "https://github.com/dotnet/format" homepage: "https://github.com/dotnet/format" description: >- A code formatter for .NET. Preferences will be read from an `.editorconfig` file, if present, otherwise a default set of preferences will be used. At this time dotnet-format is able to format C# and Visual Basic projects with a subset of supported `.editorconfig` options. ================================================ FILE: data/tools/drnim.yml ================================================ name: DrNim categories: - linter tags: - nim license: MIT types: - cli source: 'https://nim-lang.org/docs/drnim.html' homepage: 'https://nim-lang.org/docs/drnim.html' description: 'DrNim combines the Nim frontend with the Z3 proof engine in order to allow verify / validate software written in Nim.' ================================================ FILE: data/tools/dupl.yml ================================================ name: dupl categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/mibk/dupl' homepage: 'https://github.com/mibk/dupl' description: Reports potentially duplicated code. ================================================ FILE: data/tools/dylint.yml ================================================ name: dylint categories: - linter tags: - rust license: MIT License / Apache 2.0 license types: - cli source: 'https://github.com/trailofbits/dylint' homepage: 'https://www.trailofbits.com/post/write-rust-lints-without-forking-clippy' description: >- A tool for running Rust lints from dynamic libraries. Dylint makes it easy for developers to maintain their own personal lint collections. ================================================ FILE: data/tools/easycodingstandard.yml ================================================ name: EasyCodingStandard categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/Symplify/EasyCodingStandard' homepage: >- https://www.tomasvotruba.com/blog/2017/05/03/combine-power-of-php-code-sniffer-and-php-cs-fixer-in-3-lines description: >- Combine [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer) and [PHP-CS-Fixer](https://github.com/FriendsOfPHP/PHP-CS-Fixer). ================================================ FILE: data/tools/effective_dart.yml ================================================ name: effective_dart categories: - linter tags: - dart license: MIT License types: - cli source: 'https://github.com/tenhobi/effective_dart' homepage: 'https://pub.dev/packages/effective_dart' description: Linter rules corresponding to the guidelines in Effective Dart ================================================ FILE: data/tools/electrolysis.yml ================================================ name: electrolysis categories: - linter tags: - rust license: Other types: - cli source: 'https://github.com/Kha/electrolysis' homepage: 'https://kha.github.io/electrolysis' description: >- A tool for formally verifying Rust programs by transpiling them into definitions in the Lean theorem prover. ================================================ FILE: data/tools/elm-analyse.yml ================================================ name: elm-analyse categories: - linter tags: - elm license: MIT License types: - cli source: 'https://github.com/stil4m/elm-analyse' homepage: 'https://stil4m.github.io/elm-analyse' description: >- A tool that allows you to analyse your Elm code, identify deficiencies and apply best practices. ================================================ FILE: data/tools/elm-review.yml ================================================ name: elm-review categories: - linter tags: - elm license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/jfmengels/elm-review' homepage: 'https://package.elm-lang.org/packages/jfmengels/elm-review/latest' description: >- Analyzes whole Elm projects, with a focus on shareable and custom rules written in Elm that add guarantees the Elm compiler doesn't give you. ================================================ FILE: data/tools/elvis.yml ================================================ name: elvis categories: - linter tags: - erlang license: Apache License 2.0 types: - cli source: 'https://github.com/inaka/elvis' homepage: 'https://github.com/inaka/elvis' description: Erlang Style Reviewer. ================================================ FILE: data/tools/ember-template-lint.yml ================================================ name: ember-template-lint categories: - linter tags: - template license: MIT License types: - cli source: 'https://github.com/ember-template-lint/ember-template-lint' homepage: 'https://github.com/ember-template-lint/ember-template-lint' description: Linter for Ember or Handlebars templates. ================================================ FILE: data/tools/embold.yml ================================================ name: Embold categories: - linter tags: - c - cpp - csharp - go - java - javascript - kotlin - python - typescript license: proprietary types: - service homepage: https://embold.io description: >- Intelligent software analytics platform that identifies design issues, code issues, duplication and metrics. Supports Java, C, C++, C#, JavaScript, TypeScript, Python, Go, Kotlin and more. pricing: https://embold.io/pricing plans: free: true oss: false ================================================ FILE: data/tools/emerge.yml ================================================ name: emerge categories: - linter tags: - c - cpp - objectivec - go - javascript - java - kotlin - php - python - ruby - swift - typescript license: MIT types: - cli - service source: "https://github.com/glato/emerge" homepage: "https://github.com/glato/emerge" description: Emerge is a source code and dependency visualizer that can be used to gather insights about source code structure, metrics, dependencies and complexity of software projects. After scanning the source code of a project it provides you an interactive web interface to explore and analyze your project by using graph structures. ================================================ FILE: data/tools/enforster.yml ================================================ name: Enforster AI categories: - linter tags: - ci - go - java - javascript - php - python - security - typescript - csharp - c - cpp license: proprietary types: - service homepage: 'https://enforster.ai/' description: >- Enforster AI performs Contextual Code Security SAST, leveraging LLMs and artificial intelligence to reduce and enrich the detection of Logic Flaws, Secrets, Data leaks, Supply chain and technical vulnerabilities. resources: - title: Product homepage url: https://enforster.ai/ - title: Docs url: https://docs.enforster.ai/ - title: Platform Access url: https://app.enforster.ai/ ================================================ FILE: data/tools/enlightn.yml ================================================ name: Enlightn categories: - linter tags: - php - security - laravel license: LGPL-3.0 License types: - cli source: 'https://github.com/enlightn/enlightn' homepage: 'https://www.laravel-enlightn.com/' resources: - title: "Enlightn: Performance and Security Consultant" url: https://www.youtube.com/watch?v=l6gY53fL1zI description: >- A static and dynamic analysis tool for Laravel applications that provides recommendations to improve the performance, security and code reliability of Laravel apps. Contains 120 automated checks. ================================================ FILE: data/tools/enre-cpp.yml ================================================ name: ENRE-cpp categories: - linter tags: - c - cpp license: LGPL-2.1 license types: - cli source: 'https://github.com/xjtu-enre/ENRE-cpp' homepage: 'https://github.com/xjtu-enre/ENRE-cpp' description: >- ENRE (ENtity Relationship Extractor) is a tool for extraction of code entity dependencies or relationships from source code. ENRE-cpp is a ENtity Relationship Extractor for C/C++ based on @eclipse/CDT. (Under development) ================================================ FILE: data/tools/enre-java.yml ================================================ name: ENRE-java categories: - linter tags: - java license: LGPL-2.1 license types: - cli source: 'https://github.com/xjtu-enre/ENRE-java' homepage: 'https://github.com/xjtu-enre/ENRE-java' description: >- ENRE (ENtity Relationship Extractor) is a tool for extraction of code entity dependencies or relationships from source code. ENRE-java is a ENtity Relationship Extractor for Java projects based on @Eclipse JDT/parser. ================================================ FILE: data/tools/enre-py.yml ================================================ name: ENRE-py categories: - linter tags: - python license: LGPL-2.1 license types: - cli source: 'https://github.com/xjtu-enre/ENRE-py' homepage: 'https://github.com/xjtu-enre/ENRE-py' description: >- ENRE (ENtity Relationship Extractor) is a tool for extraction of code entity dependencies or relationships from source code. ENRE-py is a ENtity Relationship Extractor for Python based on Python Language Services of The Standard Library. ================================================ FILE: data/tools/enre-ts.yml ================================================ name: ENRE-ts categories: - linter tags: - typescript license: LGPL-2.1 license types: - cli source: 'https://github.com/xjtu-enre/ENRE-ts' homepage: 'https://github.com/xjtu-enre/ENRE-ts' description: >- ENRE (ENtity Relationship Extractor) is a tool for extraction of code entity dependencies or relationships from source code. ENRE-ts is a ENtity Relationship Extractor for ECMAScript and TypeScript based on @babel/parser. ================================================ FILE: data/tools/erb-formatter.yml ================================================ name: ERB::Formatter categories: - formatter tags: - erb - html - ruby - rails license: MIT License types: - cli source: "https://github.com/nebulab/erb-formatter" homepage: "https://github.com/nebulab/erb-formatter" description: >- Format ERB files with speed and precision. ================================================ FILE: data/tools/erb-lint.yml ================================================ name: ERB Lint categories: - linter tags: - erb - html - ruby license: MIT License types: - cli source: 'https://github.com/Shopify/erb-lint' homepage: 'https://github.com/Shopify/erb-lint' description: 'Lint your ERB or HTML files' ================================================ FILE: data/tools/errcheck.yml ================================================ name: errcheck categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/kisielk/errcheck' homepage: 'https://github.com/kisielk/errcheck' description: Check that error return values are used. ================================================ FILE: data/tools/error-prone.yml ================================================ name: Error Prone categories: - linter tags: - java license: Apache License 2.0 types: - cli source: 'https://github.com/google/error-prone' homepage: 'https://errorprone.info' description: Catch common Java mistakes as compile-time errors. ================================================ FILE: data/tools/errwrap.yml ================================================ name: errwrap categories: - linter tags: - go license: BSD 3-Clause License types: - cli source: 'https://github.com/fatih/errwrap' homepage: 'https://github.com/fatih/errwrap' description: >- Wrap and fix Go errors with the new %w verb directive. This tool analyzes fmt.Errorf() calls and reports calls that contain a verb directive that is different than the new %w verb directive introduced in Go v1.13. It's also capable of rewriting calls to use the new %w wrap verb directive. ================================================ FILE: data/tools/es6-plato.yml ================================================ name: es6-plato categories: - linter tags: - javascript license: MIT License types: - cli source: 'https://github.com/the-simian/es6-plato' homepage: 'https://github.com/the-simian/es6-plato' description: Visualize JavaScript (ES6) source complexity. ================================================ FILE: data/tools/esbmc.yml ================================================ name: ESBMC categories: - linter tags: - c - cpp license: Apache License 2.0 types: - cli source: 'https://github.com/esbmc/esbmc' homepage: 'http://esbmc.org' description: >- ESBMC is an open source, permissively licensed, context-bounded model checker based on satisfiability modulo theories for the verification of single- and multi-threaded C/C++ programs. ================================================ FILE: data/tools/escomplex.yml ================================================ name: escomplex categories: - linter tags: - javascript license: MIT License types: - cli source: 'https://github.com/jared-stilwell/escomplex' homepage: 'https://github.com/jared-stilwell/escomplex' description: Software complexity analysis of JavaScript-family abstract syntax trees. ================================================ FILE: data/tools/eslint.yml ================================================ name: ESLint categories: - linter tags: - javascript - typescript - jsx license: MIT License types: - cli source: "https://github.com/eslint/eslint" homepage: "https://github.com/eslint/eslint" description: An extensible linter for JS, following the ECMAScript standard. reviews: - https://stackshare.io/eslint - https://openbase.com/js/eslint/reviews demos: - https://eslint.org/play/ resources: - title: ESLint Tutorial with VSCode url: https://www.youtube.com/watch?v=fslNny60HzI - title: VSCode ESLint, Prettier & Airbnb Style Guide Setup url: https://www.youtube.com/watch?v=SydnKbGc7W8 ================================================ FILE: data/tools/esprima.yml ================================================ name: Esprima categories: - linter tags: - javascript license: BSD 2-Clause "Simplified" License types: - cli source: 'https://github.com/jquery/esprima' homepage: 'https://esprima.org' description: ECMAScript parsing infrastructure for multipurpose analysis. ================================================ FILE: data/tools/exakat.yml ================================================ name: exakat categories: - linter tags: - ci - php license: Other types: - service source: 'https://github.com/exakat/exakat' homepage: 'https://www.exakat.io' description: An automated code reviewing engine for PHP. ================================================ FILE: data/tools/ezno.yml ================================================ name: ezno categories: - linter tags: - javascript - typescript license: MIT types: - cli source: "https://github.com/kaleidawave/ezno" homepage: "https://kaleidawave.github.io/posts/introducing-ezno/" description: >- A JavaScript compiler and TypeScript checker written in Rust with a focus on static analysis and runtime performance. Ezno's type checker is built from scratch. The checker is fully compatible with TypeScript type annotations and can work without any type annotations at all. ================================================ FILE: data/tools/fantomas.yml ================================================ name: fantomas categories: - formatter tags: - fsharp license: Apache License 2.0 types: - cli source: 'https://github.com/fsprojects/fantomas' homepage: 'https://fsprojects.github.io/fantomas/' description: F# source code formatter. ================================================ FILE: data/tools/fasterer.yml ================================================ name: Fasterer categories: - linter tags: - ruby license: MIT License types: - cli source: 'https://github.com/DamirSvrtan/fasterer' homepage: 'https://github.com/DamirSvrtan/fasterer' description: 'Common Ruby idioms checker.' ================================================ FILE: data/tools/fb-contrib.yml ================================================ name: fb-contrib categories: - linter tags: - java license: GNU Lesser General Public License v2.1 types: - cli source: 'https://github.com/mebigfatguy/fb-contrib' homepage: 'http://fb-contrib.sourceforge.net' description: A plugin for FindBugs with additional bug detectors. ================================================ FILE: data/tools/find-security-bugs.yml ================================================ name: Find Security Bugs categories: - linter tags: - groovy - java - kotlin - scala license: LGPL-3.0-only types: - cli source: 'https://github.com/find-sec-bugs/find-sec-bugs' homepage: 'https://find-sec-bugs.github.io' description: >- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects) ================================================ FILE: data/tools/fix-insight.yml ================================================ name: Fix Insight categories: - linter tags: - delphi license: proprietary types: - cli source: https://www.tmssoftware.com/site/fixinsight.asp homepage: https://www.tmssoftware.com/site/fixinsight.asp description: >- A free IDE Plugin for static code analysis. A _Pro_ edition includes a command line tool for automation purposes. pricing: https://tmssoftware.com/site/tmsallaccess.asp#product-buy-online ================================================ FILE: data/tools/fixinator.yml ================================================ name: Fixinator categories: - linter tags: - coldfusion license: proprietary types: - cli homepage: https://fixinator.app description: Static security code analysis for ColdFusion or CFML code. Designed to work within a CI pipeline or from the developers terminal. resources: - title: Fixinator Getting Started Guide url: https://github.com/foundeo/fixinator/wiki/Getting-Started pricing: https://fixinator.app ================================================ FILE: data/tools/fixit.yml ================================================ name: fixit categories: - linter tags: - python license: MIT types: - cli source: 'https://github.com/Instagram/Fixit' homepage: 'https://pypi.org/project/fixit' description: A framework for creating lint rules and corresponding auto-fixes for source code. resources: - title: Enforcing coding conventions using libCST and Fixit url: https://www.digitalernachschub.de/blog/enforcing-coding-conventions-using-libcst-and-fixit/ ================================================ FILE: data/tools/flake8.yml ================================================ name: flake8 categories: - meta tags: - meta - python license: Other types: - cli source: "https://github.com/PyCQA/flake8" homepage: "https://github.com/PyCQA/flake8" description: "A wrapper around `pyflakes`, `pycodestyle` and `mccabe`." resources: - title: My Python Code Looks Ugly and Confusing - Help! url: https://www.youtube.com/watch?v=TDUf93vqq3g - title: flake8 in Python | Linters | PEP8 Standards url: https://www.youtube.com/watch?v=qUpfUenwUPA - title: A flake8 plugin from scratch (intermediate) url: https://www.youtube.com/watch?v=ot5Z4KQPBL8 demo: - https://aperezhortal.github.io/flake8-dashboard/example_dashboard/index.html reviews: - https://www.slant.co/options/12632/~flake8-review ================================================ FILE: data/tools/flakeheaven.yml ================================================ name: flakeheaven categories: - meta tags: - meta - python license: MIT License types: - cli source: "https://github.com/flakeheaven/flakeheaven" homepage: "https://pypi.org/project/flakeheaven/" description: >- flakeheaven is a python linter built around flake8 to enable inheritable and complex toml configuration. ================================================ FILE: data/tools/flawfinder.yml ================================================ name: flawfinder categories: - linter tags: - c - cpp license: GNU General Public License v2.0 types: - cli source: 'https://github.com/david-a-wheeler/flawfinder' homepage: 'http://dwheeler.com/flawfinder/' description: Finds possible security weaknesses. ================================================ FILE: data/tools/flay.yml ================================================ name: flay categories: - linter tags: - ruby license: MIT types: - cli source: 'https://github.com/seattlerb/flay' homepage: 'https://ruby.sadi.st/Flay.html' description: Flay analyzes code for structural similarities. ================================================ FILE: data/tools/flen.yml ================================================ name: flen categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/lafolle/flen' homepage: 'https://github.com/lafolle/flen' description: Get info on length of functions in a Go package. ================================================ FILE: data/tools/flint.yml ================================================ name: flint++ categories: - linter tags: - c - cpp deprecated: true license: Boost Software License 1.0 types: - cli source: 'https://github.com/JossWhittle/FlintPlusPlus' homepage: 'https://github.com/JossWhittle/FlintPlusPlus' description: >- Cross-platform, zero-dependency port of flint, a lint program for C++ developed and used at Facebook. ================================================ FILE: data/tools/flog.yml ================================================ name: flog categories: - linter tags: - ruby license: MIT types: - cli source: 'https://github.com/seattlerb/flog' homepage: 'https://ruby.sadi.st/Flog.html' description: >- Flog reports the most tortured code in an easy to read pain report. The higher the score, the more pain the code is in. ================================================ FILE: data/tools/flow.yml ================================================ name: flow categories: - linter tags: - javascript license: MIT License types: - cli source: 'https://github.com/facebook/flow' homepage: 'https://flow.org' description: A static type checker for JavaScript. ================================================ FILE: data/tools/flowdroid.yml ================================================ name: FlowDroid categories: - linter tags: - mobile license: GNU Lesser General Public License v2.1 types: - cli source: 'https://github.com/secure-software-engineering/FlowDroid' homepage: 'https://github.com/secure-software-engineering/FlowDroid' description: Static taint analysis tool for Android applications. ================================================ FILE: data/tools/flowr.yml ================================================ name: flowR categories: - linter tags: - r license: GPL-3 types: - cli - ide-plugin source: 'https://github.com/flowr-analysis/flowr' homepage: 'https://github.com/flowr-analysis/flowr' description: >- A [program slicer](https://github.com/flowr-analysis/flowr/wiki/Terminology#program-slice) and [dataflow analyzer](https://en.wikipedia.org/wiki/Data-flow_analysis) for the [R](https://www.r-project.org/) programming language. Its slicer allows you to reduce a complicated program just to the parts related for a specific task (e.g., the generation of a single or collection of plots, a significance test, ...). The dataflow analysis provides you with a detailed view on the semantics of the R code which can greatly improve other analyses. To use _flowR_, check out the [Visual Studio Code extension](https://marketplace.visualstudio.com/items?itemName=code-inspect.vscode-flowr), the [RStudio Addin](https://github.com/flowr-analysis/rstudio-addin-flowr), the [Docker image](https://hub.docker.com/r/eagleoutice/flowr), or the [R package](https://github.com/flowr-analysis/flowr-r-adapter). resources: - title: Wiki Pages url: https://github.com/flowr-analysis/flowr/wiki - title: Overview of the VS Code extension url: https://www.youtube.com/watch?v=Zgq6rnbvvhk ================================================ FILE: data/tools/foodcritic.yml ================================================ name: foodcritic categories: - linter tags: - configmanagement license: MIT License types: - cli source: 'https://github.com/foodcritic/foodcritic' homepage: 'http://www.foodcritic.io' description: A lint tool that checks Chef cookbooks for common problems. ================================================ FILE: data/tools/forbidden-apis.yml ================================================ name: forbidden-apis categories: - linter tags: - java license: Apache License 2.0 types: - cli source: 'https://github.com/policeman-tools/forbidden-apis' homepage: 'https://github.com/policeman-tools/forbidden-apis' description: >- Detects and forbids invocations of specific method/class/field (like reading from a text stream without a charset). Maven/Gradle/Ant compatible. ================================================ FILE: data/tools/fortify.yml ================================================ name: Fortify categories: - linter tags: - abap - actionscript - apex - aspnet - c - cobol - coldfusion - cpp - csharp - html - java - javascript - jsp - objectivec - php - plsql - python - ruby - scala - security - swift - tsql - vbasic - vbnet - vbscript - xml license: proprietary types: - ide-plugin homepage: https://www.microfocus.com/en-us/cyberres/application-security/static-code-analyzer pricing: https://www.opentext.com/products/fortify-on-demand/trial plans: free: false oss: false description: >- A commercial static analysis platform that supports the scanning of C/C++, C#, VB.NET, VB6, ABAP/BSP, ActionScript, Apex, ASP.NET, Classic ASP, VB Script, Cobol, ColdFusion, HTML, Java, JS, JSP, MXML/Flex, Objective-C, PHP, PL/SQL, T-SQL, Python (2.6, 2.7), Ruby (1.9.3), Swift, Scala, VB, and XML. resources: - title: Visual Studio - real-time security with Fortify Security Assistant (2018) url: https://www.youtube.com/watch?v=7CfeUXtDlwQ ================================================ FILE: data/tools/fortitude.yml ================================================ name: Fortitude categories: - linter tags: - fortran license: MIT License types: - cli homepage: "https://fortitude.readthedocs.io" source: "https://github.com/PlasmaFAIR/fortitude" description: >- Fortran linter, inspired by (and built on) Ruff, and based on community best practices. Supports latest Fortran (2023) standard. ================================================ FILE: data/tools/fprettify.yml ================================================ name: fprettify categories: - linter tags: - fortran license: NOASSERTION types: - cli source: "https://github.com/pseewald/fprettify" homepage: "https://pypi.python.org/pypi/fprettify" description: >- Auto-formatter for modern fortran source code, written in Python. Fprettify is a tool that provides consistent whitespace, indentation, and delimiter alignment in code, including the ability to change letter case and handle preprocessor directives, all while preserving revision history and tested for editor integration. ================================================ FILE: data/tools/frama-c.yml ================================================ name: Frama-C categories: - linter tags: - c license: GNU Lesser General Public License v2.1 types: - cli source: 'https://www.frama-c.com/html/get-frama-c.html' homepage: 'https://www.frama-c.com' description: A sound and extensible static analyzer for C code. ================================================ FILE: data/tools/freeplane-code-explorer.yml ================================================ name: Freeplane Code Explorer categories: - meta tags: - java - kotlin - scala license: GPL-2.0-or-later types: - gui source: 'https://github.com/freeplane/freeplane' homepage: 'https://docs.freeplane.org/user-documentation/Code_Explorer.html' description: > The Code Explorer mode in Freeplane is designed for analyzing the structure and dependencies of code compiled to JVM class files. It also allows displaying ArchUnit test results directly in Freeplane, if Freeplane is running and ArchUnit detects rule violations during the tests. ================================================ FILE: data/tools/frink.yml ================================================ name: Frink categories: - formatter tags: - tcl license: unknown types: - cli source: 'http://catless.ncl.ac.uk/Programs/Frink' homepage: 'http://catless.ncl.ac.uk/Programs/Frink' description: >- A Tcl formatting and static check program (can prettify the program, minimise, obfuscate or just sanity check it). ================================================ FILE: data/tools/fsharplint.yml ================================================ name: FSharpLint categories: - linter tags: - fsharp license: MIT License types: - cli source: "https://github.com/fsprojects/FSharpLint" homepage: "https://github.com/fsprojects/FSharpLint" description: Lint tool for F#. ================================================ FILE: data/tools/fta.yml ================================================ name: fta categories: - linter types: - cli tags: - typescript license: MIT source: 'https://github.com/sgb-io/fta' homepage: 'https://ftaproject.dev/' description: >- Rust-based static analysis for TypeScript projects demos: - https://ftaproject.dev/playground ================================================ FILE: data/tools/fukuzatsu.yml ================================================ name: Fukuzatsu categories: - linter tags: - ruby license: MIT License types: - cli source: 'https://github.com/CoralineAda/fukuzatsu' homepage: 'https://github.com/CoralineAda/fukuzatsu' description: 'A tool for measuring code complexity in Ruby class files. Its analysis generates scores based on cyclomatic complexity algorithms with no added "opinions".' ================================================ FILE: data/tools/gawk-lint.yml ================================================ name: gawk --lint categories: - linter tags: - awk license: GNU General Public License v3.0 types: - cli source: 'https://www.gnu.org/software/gawk/manual/html_node/Options.html' homepage: 'https://www.gnu.org/software/gawk/manual/html_node/Options.html' description: >- Warns about constructs that are dubious or nonportable to other awk implementations. ================================================ FILE: data/tools/gcc.yml ================================================ name: GCC categories: - linter tags: - c - cpp license: GPL types: - cli source: "https://github.com/gcc-mirror/gcc" homepage: "https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html" description: >- The GCC compiler has static analysis capabilities since version 10. This option is only available if GCC was configured with analyzer support enabled. It can also output its diagnostics to a JSON file in the SARIF format (from v13). ================================================ FILE: data/tools/gendarme.yml ================================================ name: Gendarme categories: - formatter tags: - csharp license: MIT types: - cli source: 'https://github.com/mono/mono-tools' homepage: 'https://www.mono-project.com/docs/tools+libraries/tools/gendarme' description: >- Gendarme inspects programs and libraries that contain code in ECMA CIL format (Mono and .NET). ================================================ FILE: data/tools/gherkin-lint.yml ================================================ name: gherkin-lint categories: - linter tags: - gherkin license: ISC License types: - cli source: 'https://github.com/vsiakka/gherkin-lint' homepage: 'https://github.com/vsiakka/gherkin-lint' description: A linter for the Gherkin-Syntax written in Javascript. ================================================ FILE: data/tools/ghidra.yml ================================================ name: Ghidra categories: - linter tags: - binary license: Apache License 2.0 types: - cli source: 'https://github.com/NationalSecurityAgency/ghidra' homepage: 'https://ghidra-sre.org' description: >- A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission resources: - title: Ghidra Installation Guide url: https://ghidra-sre.org/InstallationGuide.html ================================================ FILE: data/tools/gitguardian-internel-monitoring.yml ================================================ name: GitGuardian ggshield categories: - linter tags: - security - ci - dotenv - terraform - container - git license: MIT types: - cli - service source: 'https://github.com/gitguardian/ggshield' homepage: 'https://www.gitguardian.com/ggshield' resources: - title: Getting started with ggshield url: https://docs.gitguardian.com/ggshield-docs/getting-started - title: A Developer's View of GitGuardian ggshield Throughout The Software Development Lifecycle url: https://www.youtube.com/watch?v=diuBTBjx7Qc description: >- ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase. free forever for individual developers: - https://dashboard.gitguardian.com/auth/signup ================================================ FILE: data/tools/gitleaks.yml ================================================ name: Gitleaks categories: - linter tags: - security license: MIT License types: - cli source: 'https://github.com/zricethezav/gitleaks' homepage: 'https://github.com/zricethezav/gitleaks' description: >- A SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos. ================================================ FILE: data/tools/gixy.yml ================================================ name: gixy categories: - linter tags: - configfile license: Other types: - cli source: 'https://github.com/yandex/gixy' homepage: 'https://github.com/yandex/gixy' description: >- A tool to analyze Nginx configuration. The main goal is to prevent misconfiguration and automate flaw detection. ================================================ FILE: data/tools/go-consistent.yml ================================================ name: go-consistent categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/Quasilyte/go-consistent' homepage: 'https://github.com/Quasilyte/go-consistent' description: Analyzer that helps you to make your Go programs more consistent. ================================================ FILE: data/tools/go-critic.yml ================================================ name: go-critic categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/go-critic/go-critic' homepage: 'https://github.com/go-critic/go-critic' description: >- Go source code linter that maintains checks which are currently not implemented in other linters. ================================================ FILE: data/tools/go-meta-linter.yml ================================================ name: Go Meta Linter categories: - meta tags: - go - meta deprecated: true license: MIT License types: - cli source: 'https://github.com/alecthomas/gometalinter' homepage: 'https://github.com/alecthomas/gometalinter' description: >- Concurrently run Go lint tools and normalise their output. Use `golangci-lint` for new projects. ================================================ FILE: data/tools/go-tool-vet-shadow.yml ================================================ name: go tool vet --shadow categories: - linter tags: - go license: BSD-3-Clause (original text) types: - cli source: 'https://github.com/golang/go/tree/master/src/cmd/vet' homepage: 'https://golang.org/cmd/vet#hdr-Shadowed_variables' description: Reports variables that may have been unintentionally shadowed. ================================================ FILE: data/tools/go-vet.yml ================================================ name: go vet categories: - linter tags: - go license: BSD-3-Clause (original text) types: - cli source: 'https://github.com/golang/go/tree/master/src/cmd/vet' homepage: 'https://golang.org/cmd/vet' description: Examines Go source code and reports suspicious. ================================================ FILE: data/tools/goast-rego.yml ================================================ name: goast categories: - linter tags: - go license: Apache License 2.0 types: - cli source: "https://github.com/m-mizutani/goast" homepage: "https://github.com/m-mizutani/goast" description: Go AST (Abstract Syntax Tree) based static analysis tool with Rego. ================================================ FILE: data/tools/goast.yml ================================================ name: go/ast categories: - linter tags: - go license: BSD-3-Clause (original text) types: - cli source: 'https://github.com/golang/go/tree/master/src/go/ast' homepage: 'https://golang.org/pkg/go/ast' description: Package ast declares the types used to represent syntax trees for Go packages. ================================================ FILE: data/tools/goblint.yml ================================================ name: Goblint categories: - linter tags: - c - ci license: MIT License types: - cli - ide-plugin homepage: "https://goblint.in.tum.de" source: "https://github.com/goblint/analyzer" description: >- A static analyzer for the analysis of multi-threaded C programs. Its primary focus is the detection of data races, but it also reports other runtime errors, such as buffer overflows and null-pointer dereferences. ================================================ FILE: data/tools/gochecknoglobals.yml ================================================ name: gochecknoglobals categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/leighmcculloch/gochecknoglobals' homepage: 'https://github.com/leighmcculloch/gochecknoglobals' description: Checks that no globals are present. ================================================ FILE: data/tools/goconst.yml ================================================ name: goconst categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/jgautheron/goconst' homepage: 'https://github.com/jgautheron/goconst' description: Finds repeated strings that could be replaced by a constant. ================================================ FILE: data/tools/gocyclo.yml ================================================ name: gocyclo categories: - linter tags: - go license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/fzipp/gocyclo' homepage: 'https://github.com/fzipp/gocyclo' description: Calculate cyclomatic complexities of functions in Go source code. ================================================ FILE: data/tools/gofmt-s.yml ================================================ name: gofmt -s categories: - formatter - linter tags: - go license: BSD-3-Clause (original text) types: - cli source: 'https://github.com/golang/go/tree/master/src/cmd/gofmt' homepage: 'https://golang.org/cmd/gofmt' description: Checks if the code is properly formatted and could not be further simplified. ================================================ FILE: data/tools/gofumpt.yml ================================================ name: gofumpt categories: - formatter tags: - go license: BSD-3 types: - cli - ide-plugin source: 'https://github.com/mvdan/gofumpt' homepage: 'https://github.com/mvdan/gofumpt' description: >- Enforce a stricter format than `gofmt`, while being backwards-compatible. That is, `gofumpt` is happy with a subset of the formats that `gofmt` is happy with. The tool is a fork of `gofmt` as of Go 1.19, and requires Go 1.18 or later. It can be used as a drop-in replacement to format your Go code, and running gofmt after gofumpt should produce no changes. `gofumpt` will never add rules which disagree with `gofmt` formatting. So we extend `gofmt` rather than compete with it. ================================================ FILE: data/tools/goimports.yml ================================================ name: goimports categories: - linter tags: - go license: BSD-3-Clause (original text) types: - cli source: 'https://github.com/golang/tools/tree/master/cmd/goimports' homepage: 'https://pkg.go.dev/golang.org/x/tools/cmd/goimports' description: Checks missing or unreferenced package imports. ================================================ FILE: data/tools/gokart.yml ================================================ name: gokart categories: - linter tags: - go - security license: Apache-2.0 License types: - cli source: 'https://github.com/praetorian-inc/gokart' homepage: 'https://github.com/praetorian-inc/gokart' description: >- Golang security analysis with a focus on minimizing false positives. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe. ================================================ FILE: data/tools/golangci-lint.yml ================================================ name: GolangCI-Lint categories: - linter tags: - go license: GNU General Public License v3.0 types: - cli source: "https://github.com/golangci/golangci-lint" homepage: "https://golangci-lint.run" description: "Alternative to `Go Meta Linter`: GolangCI-Lint is a linters aggregator." resources: - title: "GopherCon 2019: Denis Isaev (author of golangci-lint) - Go Linters: Myths and Best Practices" url: https://www.youtube.com/watch?v=1U-Gzz4TYP0 ================================================ FILE: data/tools/golint.yml ================================================ name: golint categories: - linter tags: - go license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/golang/lint' homepage: 'https://github.com/golang/lint' description: Prints out coding style mistakes in Go source code. ================================================ FILE: data/tools/goodcheck.yml ================================================ name: Goodcheck categories: - linter tags: - c - cpp - java - php license: MIT License types: - cli homepage: 'https://sider.github.io/goodcheck' description: Regexp based customizable linter. ================================================ FILE: data/tools/goodpractice.yml ================================================ name: goodpractice categories: - linter tags: - r license: Other types: - cli source: "https://github.com/mangothecat/goodpractice" homepage: "https://docs.ropensci.org/goodpractice/" description: >- Analyses the source code for R packages and provides best-practice recommendations. ================================================ FILE: data/tools/google-java-format.yml ================================================ name: google-java-format categories: - formatter tags: - java license: Apache License 2.0 types: - cli - ide-plugin source: "https://github.com/google/google-java-format" homepage: "https://github.com/google/google-java-format" description: >- Reformats Java source code to comply with Google Java Style ================================================ FILE: data/tools/goone.yml ================================================ name: goone categories: - linter tags: - go - sql license: MIT License types: - cli source: 'https://github.com/masibw/goone' homepage: 'https://github.com/masibw/goone' description: 'Finds N+1 queries (SQL calls in a for loop) in go code' ================================================ FILE: data/tools/goreporter.yml ================================================ name: goreporter categories: - meta tags: - go - meta license: Apache License 2.0 types: - cli source: 'https://github.com/360EntSecGroup-Skylar/goreporter' homepage: 'https://github.com/360EntSecGroup-Skylar/goreporter' description: Concurrently runs many linters and normalises their output to a report. ================================================ FILE: data/tools/goroutine-inspect.yml ================================================ name: goroutine-inspect categories: - linter tags: - go license: BSD 2-Clause "Simplified" License types: - cli source: 'https://github.com/linuxerwang/goroutine-inspect' homepage: 'https://github.com/linuxerwang/goroutine-inspect' description: An interactive tool to analyze Golang goroutine dump. ================================================ FILE: data/tools/gosec-gas.yml ================================================ name: gosec (gas) categories: - linter tags: - go license: Apache License 2.0 types: - cli source: 'https://github.com/securego/gosec' homepage: 'https://securego.io' description: Inspects source code for security problems by scanning the Go AST. ================================================ FILE: data/tools/gotype.yml ================================================ name: gotype categories: - linter tags: - go license: 3-Clause BSD License + Patent Grant types: - cli source: 'https://golang.org/x/tools/cmd/gotype' homepage: 'https://pkg.go.dev/golang.org/x/tools/cmd/gotype' description: Syntactic and semantic analysis similar to the Go compiler. ================================================ FILE: data/tools/govulncheck.yml ================================================ name: govulncheck categories: - linter tags: - go license: BSD-3-Clause types: - cli - service source: 'https://pkg.go.dev/golang.org/x/vuln/vulncheck' homepage: 'https://go.dev/blog/vuln' description: >- Govulncheck reports known vulnerabilities that affect Go code. It uses static analysis of source code or a binary's symbol table to narrow down reports to only those that could affect the application. By default, govulncheck makes requests to the Go vulnerability database at https://vuln.go.dev. Requests to the vulnerability database contain only module paths, not code or other properties of your program. ================================================ FILE: data/tools/graphmycsscom.yml ================================================ name: GraphMyCSS.com categories: - linter tags: - css license: MIT License types: - cli source: 'https://github.com/TheJaredWilcurt/itcss-specificity-graph' homepage: 'https://graphmycss.com' description: CSS Specificity Graph Generator. ================================================ FILE: data/tools/graudit.yml ================================================ name: graudit categories: - linter tags: - asp - c - cpp - csharp - java - perl - php - python - ruby license: GNU General Public License v3.0 types: - cli source: 'https://github.com/wireghoul/graudit' homepage: 'http://www.justanotherhacker.com' description: Grep rough audit - source code auditing tool. ================================================ FILE: data/tools/griffe.yml ================================================ name: Griffe categories: - linter tags: - python license: ISC License types: - cli source: 'https://github.com/mkdocstrings/griffe' homepage: 'https://mkdocstrings.github.io/griffe/' description: >- Signatures for entire Python programs. Extract the structure, the frame, the skeleton of your project, to generate API documentation or find breaking changes in your API. ================================================ FILE: data/tools/grumphp.yml ================================================ name: GrumPHP categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/phpro/grumphp' homepage: 'https://github.com/phpro/grumphp' description: Checks code on every commit. ================================================ FILE: data/tools/grunt-bootlint.yml ================================================ name: grunt-bootlint categories: - linter tags: - html license: MIT License types: - cli source: 'https://github.com/twbs/grunt-bootlint' homepage: 'https://github.com/twbs/grunt-bootlint' description: >- A Grunt wrapper for [Bootlint](https://github.com/twbs/bootlint), the HTML linter for Bootstrap projects. ================================================ FILE: data/tools/grype.yml ================================================ name: Grype categories: - linter tags: - security - container license: Apache License 2.0 types: - cli source: "https://github.com/anchore/grype" homepage: "https://github.com/anchore/grype" description: >- Vulnerability scanner for container images and filesystems. Developed by Anchore, it scans container images, directories, and archives for known vulnerabilities. Supports multiple image formats, SBOM integration, and VEX (Vulnerability Exploitability eXchange) for accurate vulnerability assessment. Works with various vulnerability databases and provides detailed reporting. ================================================ FILE: data/tools/gulp-bootlint.yml ================================================ name: gulp-bootlint categories: - linter tags: - html license: MIT License types: - cli source: 'https://github.com/tschortsch/gulp-bootlint' homepage: 'https://github.com/tschortsch/gulp-bootlint' description: >- A gulp wrapper for [Bootlint](https://github.com/twbs/bootlint), the HTML linter for Bootstrap projects. ================================================ FILE: data/tools/haml-lint.yml ================================================ name: haml-lint categories: - linter tags: - template license: MIT License types: - cli source: 'https://github.com/sds/haml-lint' homepage: 'https://github.com/sds/haml-lint' description: Tool for writing clean and consistent HAML. ================================================ FILE: data/tools/haskell-dockerfile-linter.yml ================================================ name: Haskell Dockerfile Linter categories: - linter tags: - container license: GNU General Public License v3.0 types: - cli source: 'https://github.com/lukasmartinelli/hadolint' homepage: 'https://github.com/lukasmartinelli/hadolint' description: A smarter Dockerfile linter that helps you build best practice Docker images. ================================================ FILE: data/tools/hasmysecretleaked.yml ================================================ name: HasMySecretLeaked categories: - linter tags: - git - security license: proprietary types: - cli - service deprecated: true homepage: "https://gitguardian.com/hasmysecretleaked" source: "https://github.com/GitGuardian/ggshield" description: >- HasMySecretLeaked is a project from GitGuardian that aims to help individual users and organizations search across 20 million exposed secrets to verify if their developer secrets have leaked on public repositories, gists, and issues on GitHub projects. ================================================ FILE: data/tools/haxe-checkstyle.yml ================================================ name: Haxe Checkstyle categories: - linter tags: - haxe license: MIT License types: - cli source: 'https://github.com/HaxeCheckstyle/haxe-checkstyle' homepage: 'https://haxecheckstyle.github.io/docs/haxe-checkstyle/home.html' description: >- A static analysis tool to help developers write Haxe code that adheres to a coding standard. ================================================ FILE: data/tools/hegel.yml ================================================ name: hegel categories: - linter tags: - javascript license: MIT License types: - cli source: 'https://github.com/JSMonk/hegel' homepage: 'https://hegel.js.org' description: >- A static type checker for JavaScript with a bias on type inference and strong type systems. ================================================ FILE: data/tools/helix-qac.yml ================================================ name: Helix QAC categories: - linter tags: - c - cpp license: proprietary types: - cli homepage: https://www.perforce.com/products/helix-qac description: >- Enterprise-grade static analysis for embedded software. Supports MISRA, CERT, and AUTOSAR coding standards. resources: - title: Code with Confidence - Helix QAC url: https://www.youtube.com/watch?v=HHaBnZx2fGY - title: How to Apply AUTOSAR Guidelines With Helix QAC url: https://www.youtube.com/watch?v=XFvZ_hh6LCo pricing: https://www.perforce.com/purchase ================================================ FILE: data/tools/herbie.yml ================================================ name: herbie categories: - linter tags: - rust license: Mozilla Public License 2.0 types: - cli source: 'https://github.com/mcarton/rust-herbie-lint' homepage: 'https://github.com/mcarton/rust-herbie-lint' description: >- Adds warnings or errors to your crate when using a numerically unstable floating point expression. ================================================ FILE: data/tools/hlint.yml ================================================ name: HLint categories: - linter tags: - haskell license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/ndmitchell/hlint' homepage: 'https://github.com/ndmitchell/hlint' description: HLint is a tool for suggesting possible improvements to Haskell code. ================================================ FILE: data/tools/holistic.yml ================================================ name: holistic categories: - linter tags: - sql license: MIT License types: - service homepage: 'https://holistic.dev/' description: >- More than 1,300 rules to analyze SQL queries. Takes an SQL schema definition and the query source code to generate improvement recommendations. Detects code smells, unused indexes, unused tables, views, materialized views, and more. ================================================ FILE: data/tools/hopper-gui.yml ================================================ name: Hopper categories: - linter tags: - binary license: proprietary types: - gui homepage: "https://www.hopperapp.com/" description: >- macOS and Linux reverse engineering tool that lets you disassemble, decompile and debug applications. Hopper displays the code using different representations, e.g. the Control Flow Graph, and the pseudo-code of a procedure. Supports Apple Silicon. ================================================ FILE: data/tools/hopper.yml ================================================ name: Hopper categories: - linter tags: - groovy - java - kotlin - scala deprecated: true license: Apache License 2.0 types: - cli source: 'https://github.com/cuplv/hopper' homepage: 'https://github.com/cuplv/hopper' description: A static analysis tool written in scala for languages that run on JVM. ================================================ FILE: data/tools/hound-ci.yml ================================================ name: Hound CI categories: - linter tags: - coffeescript - css - go - javascript - ruby - swift license: MIT License types: - cli source: 'https://github.com/houndci/hound' homepage: 'https://houndci.com' description: >- Comments on style violations in GitHub pull requests. Supports Coffeescript, Go, HAML, JavaScript, Ruby, SCSS and Swift. ================================================ FILE: data/tools/html-inspector.yml ================================================ name: HTML Inspector categories: - linter tags: - html deprecated: true license: MIT types: - cli source: 'https://github.com/philipwalton/html-inspector' homepage: 'https://github.com/philipwalton/html-inspector' description: >- HTML Inspector is a code quality tool to help you and your team write better markup. ================================================ FILE: data/tools/html-tidy.yml ================================================ name: HTML Tidy categories: - linter tags: - html license: Custom types: - cli source: 'https://github.com/htacg/tidy-html5' homepage: 'http://www.html-tidy.org' description: >- Corrects and cleans up HTML and XML documents by fixing markup errors and upgrading legacy code to modern standards. ================================================ FILE: data/tools/html-validate.yml ================================================ name: HTML-Validate categories: - linter tags: - html - vue license: MIT License types: - cli - ide-plugin source: 'https://gitlab.com/html-validate/html-validate' homepage: 'https://html-validate.org/' description: Offline HTML5 validator. ================================================ FILE: data/tools/htmlbeautifier.yml ================================================ name: htmlbeautifier categories: - formatter tags: - erb - html - ruby license: MIT License types: - cli source: "https://github.com/threedaymonk/htmlbeautifier" homepage: "https://github.com/threedaymonk/htmlbeautifier" description: >- A normaliser/beautifier for HTML that also understands embedded Ruby. Ideal for tidying up Rails templates. ================================================ FILE: data/tools/htmlhint.yml ================================================ name: HTMLHint categories: - linter tags: - html license: MIT License types: - cli source: 'https://github.com/yaniswang/HTMLHint' homepage: 'https://htmlhint.com' description: A Static Code Analysis Tool for HTML. ================================================ FILE: data/tools/huntbugs.yml ================================================ name: HuntBugs categories: - linter tags: - java deprecated: true license: Apache License 2.0 types: - cli source: 'https://github.com/amaembo/huntbugs' homepage: 'https://github.com/amaembo/huntbugs' description: >- Bytecode static analyzer tool based on Procyon Compiler Tools aimed to supersede FindBugs. ================================================ FILE: data/tools/i-code-cnes-for-fortran.yml ================================================ name: i-Code CNES for Fortran categories: - linter tags: - fortran license: Eclipse Public License 1.0 types: - cli source: 'https://github.com/lequal/i-CodeCNES' homepage: 'https://github.com/lequal/i-CodeCNES' description: 'An open source static code analysis tool for Fortran 77, Fortran 90 and Shell.' ================================================ FILE: data/tools/i-code-cnes-for-shell.yml ================================================ name: i-Code CNES for Shell categories: - linter tags: - shell license: Eclipse Public License 1.0 types: - cli source: 'https://github.com/lequal/i-CodeCNES' homepage: 'https://github.com/lequal/i-CodeCNES' description: An open source static code analysis tool for Shell and Fortran (77 and 90). ================================================ FILE: data/tools/iblessing.yml ================================================ name: iblessing categories: - linter tags: - mobile - security license: GNU General Public License v3.0 types: - cli source: 'https://github.com/Soulghost/iblessing' homepage: 'https://www.kitploit.com/2020/08/iblessing-ios-security-exploiting.html' description: >- iblessing is an iOS security exploiting toolkit. It can be used for reverse engineering, binary analysis and vulnerability mining. ================================================ FILE: data/tools/ida-free.yml ================================================ name: IDA Free categories: - linter tags: - binary license: proprietary types: - cli homepage: 'https://www.hex-rays.com/products/ida/support/download_freeware' description: Binary code analysis tool. ================================================ FILE: data/tools/ikos.yml ================================================ name: IKOS categories: - linter tags: - c - cpp license: Other types: - cli source: 'https://github.com/nasa-sw-vnv/ikos' homepage: 'https://github.com/nasa-sw-vnv/ikos' description: A sound static analyzer for C/C++ code based on LLVM. ================================================ FILE: data/tools/imhotep.yml ================================================ name: imhotep categories: - meta tags: - buildtool - javascript - meta - python - ruby license: MIT License types: - cli source: 'https://github.com/justinabrahms/imhotep' homepage: 'https://github.com/justinabrahms/imhotep' description: >- Comment on commits coming into your repository and check for syntactic errors and general lint warnings. ================================================ FILE: data/tools/include-gardener.yml ================================================ name: include-gardener categories: - formatter tags: - c - cpp - python - ruby license: GNU Public License version 2 or greater types: - cli source: 'https://github.com/feddischson/include_gardener' homepage: 'https://github.com/feddischson/include_gardener' description: >- A multi-language static analyzer for C/C++/Obj-C/Python/Ruby to create a graph (in dot or graphml format) which shows all `#include` relations of a given set of files. ================================================ FILE: data/tools/ineffassign.yml ================================================ name: ineffassign categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/gordonklaus/ineffassign' homepage: 'https://github.com/gordonklaus/ineffassign' description: Detect ineffectual assignments in Go code. ================================================ FILE: data/tools/infer.yml ================================================ name: Infer categories: - linter tags: - c - cpp - java - objectivec license: MIT License types: - cli source: 'https://github.com/facebook/infer' homepage: 'https://fbinfer.com' description: 'A static analyzer for Java, C and Objective-C' ================================================ FILE: data/tools/infersharp.yml ================================================ name: Infer# categories: - linter tags: - csharp license: MIT License types: - cli source: 'https://github.com/microsoft/infersharp' homepage: 'https://github.com/microsoft/infersharp' description: >- InferSharp (also referred to as Infer#) is an interprocedural and scalable static code analyzer for C#. Via the capabilities of Facebook's Infer, this tool detects null pointer dereferences and resource leaks. ================================================ FILE: data/tools/inspectortiger.yml ================================================ name: InspectorTiger categories: - linter tags: - python license: MIT types: - cli source: 'https://github.com/thg-consulting/it' homepage: 'https://github.com/thg-consulting/it' description: >- IT, Inspector Tiger, is a modern python code review tool / framework. It comes with bunch of pre-defined handlers which warns you about improvements and possible bugs. Beside these handlers, you can write your own or use community ones. ================================================ FILE: data/tools/intellij-idea.yml ================================================ name: IntelliJ IDEA categories: - formatter tags: - java license: proprietary types: - ide-plugin homepage: https://www.jetbrains.com/idea description: >- Comes bundled with a lot of inspections for Java and Kotlin and includes tools for refactoring, formatting and more. pricing: https://www.jetbrains.com/buy plans: free: false oss: true ================================================ FILE: data/tools/interfacer.yml ================================================ name: interfacer categories: - linter tags: - go deprecated: true license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/mvdan/interfacer' homepage: 'https://github.com/mvdan/interfacer' description: Suggest narrower interfaces that can be used. ================================================ FILE: data/tools/ionide-analyzers.yml ================================================ name: ionide-analyzers categories: - linter tags: - fsharp license: "MIT License" types: - cli source: 'https://github.com/ionide/ionide-analyzers' homepage: 'https://ionide.io/ionide-analyzers/' description: A collection of F# analyzers, built with the FSharp.Analyzers.SDK. ================================================ FILE: data/tools/iverilog.yml ================================================ name: Icarus Verilog categories: - linter tags: - verilog license: GNU General Public License v2.0 types: - cli deprecated: true source: 'http://iverilog.icarus.com/' homepage: 'https://github.com/steveicarus/iverilog' description: >- A Verilog simulation and synthesis tool that operates by compiling source code written in IEEE-1364 Verilog into some target format ================================================ FILE: data/tools/jakstab.yml ================================================ name: Jakstab categories: - linter tags: - binary license: GNU General Public License v2.0 types: - cli source: 'https://github.com/jkinder/jakstab' homepage: 'https://github.com/jkinder/jakstab' description: >- Jakstab is an Abstract Interpretation-based, integrated disassembly and static analysis framework for designing analyses on executables and recovering reliable control flow graphs. ================================================ FILE: data/tools/jarchitect.yml ================================================ name: JArchitect categories: - linter tags: - java license: proprietary types: - cli homepage: https://www.jarchitect.com description: >- Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity. pricing: https://www.jarchitect.com/purchase ================================================ FILE: data/tools/jbmc.yml ================================================ name: JBMC categories: - linter tags: - java license: BSD-4-Clause-UC (original text) types: - cli source: 'https://github.com/peterschrammel/cbmc/releases/tag/jbmc-5.8-cav18' homepage: 'https://www.cprover.org/jbmc' description: >- Bounded model-checker for Java (bytecode), verifies user-defined assertions, standard assertions, several coverage metric analyses. ================================================ FILE: data/tools/jeb-decomplier.yml ================================================ name: JEB Decompiler categories: - linter tags: - binary license: proprietary types: - cli homepage: 'https://www.pnfsoftware.com/' description: >- Decompile and debug binary code. Break down and analyze document files. Android Dalvik, MIPS, ARM, Intel x86, Java, WebAssembly & Ethereum Decompilers. ================================================ FILE: data/tools/jedi.yml ================================================ name: jedi categories: - linter tags: - python license: Other types: - cli source: 'https://github.com/davidhalter/jedi' homepage: 'https://jedi.readthedocs.io/en/latest' description: Autocompletion/static analysis library for Python. resources: - title: Choosing an Autocomplete for Python url: https://www.youtube.com/watch?v=Qa-5mYCqPto ================================================ FILE: data/tools/jet.yml ================================================ name: JET categories: - linter tags: - julia license: MIT types: - cli source: 'https://github.com/aviatesk/JET.jl' homepage: 'https://github.com/aviatesk/JET.jl' description: Static type inference system to detect bugs and type instabilities. ================================================ FILE: data/tools/jlisa.yml ================================================ name: JLiSA categories: - linter tags: - java license: MIT license types: - cli source: 'https://github.com/lisa-analyzer/jlisa' homepage: 'https://github.com/lisa-analyzer/jlisa' description: An abstract interpretation-based static analyzer for Java build upon the [LiSA](https://github.com/lisa-analyzer/lisa) framekwork. ================================================ FILE: data/tools/joern.yml ================================================ name: Joern categories: - linter tags: - security - java - javascript - typescript - csharp - c - cpp - ghidra - go - jimple - kotlin - php - python - ruby - swift license: Apache License 2.0 types: - cli source: 'https://github.com/joernio/joern' homepage: 'https://joern.io' description: >- Joern is a platform for analyzing source code, bytecode, and binary executables. It generates code property graphs (CPGs), a graph representation of code for cross-language code analysis. Code property graphs are stored in a custom graph database. This allows code to be mined using search queries formulated in a Scala-based domain-specific query language. Joern is developed with the goal of providing a useful tool for vulnerability discovery and research in static program analysis. resources: - title: Documentation url: https://docs.joern.io - title: CPG Specification url: https://cpg.joern.io ================================================ FILE: data/tools/jqassistant.yml ================================================ name: jQAssistant categories: - linter tags: - java - kotlin - typescript - xml - json - yaml - git - spring - nodejs license: GNU General Public License v3.0 types: - cli source: 'https://github.com/jqassistant/jqassistant' homepage: 'https://jqassistant.org/' description: >- jQAssistant is a plugin based software analytics platform which allows scanning code structures and metadata from repositories into a Neo4j graph database. The gathered data can be used for ad-hoc exploration using queries, visualization or defining rules for continuous architecture validation. resources: - title: Plugins url: https://github.com/jqassistant-plugin ================================================ FILE: data/tools/jshint.yml ================================================ name: jshint categories: - linter tags: - javascript license: MIT License types: - cli source: 'https://github.com/jshint/jshint' homepage: 'https://jshint.com/about' discussion: 'https://github.com/analysis-tools-dev/static-analysis/issues/223' description: >- Detect errors and potential problems in JavaScript code and enforce your team's coding conventions. ================================================ FILE: data/tools/jslint.yml ================================================ name: JSLint categories: - linter tags: - javascript license: Llvm release license types: - cli source: 'https://github.com/douglascrockford/JSLint' homepage: 'https://github.com/douglascrockford/JSLint' discussion: 'https://github.com/analysis-tools-dev/static-analysis/issues/223' description: The JavaScript Code Quality Tool. ================================================ FILE: data/tools/jsonlint.yml ================================================ name: jsonlint categories: - linter tags: - json license: MIT License types: - cli - service source: 'https://github.com/zaach/jsonlint' homepage: 'https://jsonlint.com/' description: >- A JSON parser and validator with a CLI. Standalone version of jsonlint.com ================================================ FILE: data/tools/jsprime.yml ================================================ name: JSPrime categories: - linter tags: - javascript deprecated: true license: Other types: - cli source: 'https://github.com/dpnishant/jsprime' homepage: 'https://dpnishant.github.io/jsprime' description: Static security analysis tool. ================================================ FILE: data/tools/kani.yml ================================================ name: kani categories: - linter types: - cli tags: - rust - security license: "MIT & Apache 2.0" source: "https://github.com/model-checking/kani" homepage: "https://github.com/model-checking/kani" description: | The Kani Rust Verifier is a bit-precise model checker for Rust. Kani is particularly useful for verifying unsafe code blocks in Rust, where the "unsafe superpowers" are unchecked by the compiler. Kani verifies: * Memory safety (e.g., null pointer dereferences) * User-specified assertions (i.e., assert!(...)) * The absence of panics (e.g., unwrap() on None values) * The absence of some types of unexpected behavior (e.g., arithmetic overflows) ================================================ FILE: data/tools/keploy.yml ================================================ name: keploy categories: - linter tags: - go - csharp - javascript - java - python - rust license: Apache-2.0 License types: - cli homepage: "https://keploy.io/" source: "https://github.com/keploy/" resources: - title: "Keploy PR Agent" url: https://github.com/apps/keploy - title: "Keploy Agent VSCode Extension" url: https://marketplace.visualstudio.com/items?itemName=Keploy.keployio - title: "Keploy Low code Integration Testing" url: "https://github.com/keploy/keploy" description: >- Keploy is an open-source testing platform that helps developers automate and streamline their testing process. It provides API, and integration testing agents, generating tests, mocks/stubs for APIs that actually work. Additionally, Keploy offers an AI-powered Unit Testing Agent that generates stable, useful unit tests directly in your GitHub PRs and in VSCode, helping catch errors and improve code quality. ================================================ FILE: data/tools/kics.yml ================================================ name: kics categories: - linter tags: - ansible - configmanagement - container - kubernetes - security - terraform license: Apache License 2.0 types: - cli source: 'https://github.com/Checkmarx/kics' homepage: 'https://kics.io/' description: 'Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible' ================================================ FILE: data/tools/kiuwan.yml ================================================ name: Kiuwan categories: - linter tags: - c - cpp - go - java - javascript - kotlin - php - python - scala - swift license: proprietary types: - service homepage: https://www.kiuwan.com/code-security-sast description: >- Identify and remediate cyber threats in a blazingly fast, collaborative environment, with seamless integration in your SDLC. Python, C\C++, Java, C#, PHP and more. pricing: https://www.kiuwan.com/pricing plans: free: false oss: false ================================================ FILE: data/tools/klee.yml ================================================ name: KLEE categories: - linter tags: - c - cpp license: UIUC open source license types: - cli source: "https://github.com/klee/klee" homepage: "http://klee.github.io/" resources: - title: "Introduction to symbolic execution with KLEE" url: "https://www.youtube.com/watch?v=z6bsk-lsk1Q" - title: "KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs [Original Paper]" url: "https://www.usenix.org/legacy/event/osdi08/tech/full_papers/cadar/cadar.pdf" description: >- A dynamic symbolic execution engine built on top of the LLVM compiler infrastructure. It can auto-generate test cases for programs such that the test cases exercise as much of the program as possible. ================================================ FILE: data/tools/klint.yml ================================================ name: klint categories: - linter tags: - kubernetes license: Apache-2.0 types: - cli source: 'https://github.com/uswitch/klint' homepage: 'https://github.com/uswitch/klint' description: >- A tool that listens to changes in Kubernetes resources and runs linting rules against them. Identify and debug erroneous objects and nudge objects in line with the policies as both change over time. Klint helps us encode checks and proactively alert teams when they need to take action. ================================================ FILE: data/tools/klocwork.yml ================================================ name: Klocwork categories: - linter tags: - c - cpp - csharp - java license: proprietary types: - service homepage: https://www.perforce.com/products/klocwork description: Quality and Security Static analysis for C/C++, Java and C#. pricing: https://www.perforce.com/purchase plans: free: false oss: false ================================================ FILE: data/tools/kmdr.yml ================================================ name: kmdr categories: - linter tags: - shell license: MIT License types: - cli source: 'https://github.com/ediardo/kmdr-cli' homepage: 'https://github.com/ediardo/kmdr-cli' description: >- CLI tool for learning commands from your terminal. kmdr delivers a break down of commands with every attribute explained. ================================================ FILE: data/tools/krane.yml ================================================ name: krane categories: - linter tags: - kubernetes - container license: Apache-2.0 types: - cli source: "https://github.com/appvia/krane" homepage: "https://github.com/appvia/krane" description: >- Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition. ================================================ FILE: data/tools/ktfmt.yml ================================================ name: ktfmt categories: - formatter tags: - kotlin license: Apache-2.0 types: - cli - ide-plugin source: "https://github.com/facebook/ktfmt" homepage: "https://facebook.github.io/ktfmt/" description: >- A program that reformats Kotlin source code to comply with the common community standard for Kotlin code conventions. A ktfmt IntelliJ plugin is available from the plugin repository. To install it, go to your IDE's settings and select the Plugins category. Click the Marketplace tab, search for the ktfmt plugin, and click the Install button. ================================================ FILE: data/tools/ktlint.yml ================================================ name: ktlint categories: - formatter - linter tags: - kotlin license: MIT License types: - cli source: 'https://github.com/shyiko/ktlint' homepage: 'https://ktlint.github.io' description: An anti-bikeshedding Kotlin linter with built-in formatter. ================================================ FILE: data/tools/kube-hunter.yml ================================================ name: kube-hunter categories: - linter tags: - kubernetes - security license: Apache-2.0 types: - cli source: 'https://github.com/aquasecurity/kube-hunter' homepage: 'https://aquasecurity.github.io/kube-hunter/' description: >- Hunt for security weaknesses in Kubernetes clusters. ================================================ FILE: data/tools/kube-lint.yml ================================================ name: kube-lint categories: - linter tags: - kubernetes license: Apache-2.0 License types: - cli source: "https://github.com/viglesiasce/kube-lint" homepage: "https://github.com/viglesiasce/kube-lint" description: >- A linter for Kubernetes resources with a customizable rule set. You define a list of rules that you would like to validate against your resources and kube-lint will evaluate those rules against them. ================================================ FILE: data/tools/kube-linter.yml ================================================ name: kube-linter categories: - linter tags: - kubernetes license: Apache-2.0 License types: - cli source: "https://github.com/stackrox/kube-linter" homepage: "https://github.com/stackrox/kube-linter" description: >- KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices. ================================================ FILE: data/tools/kube-score.yml ================================================ name: kube-score categories: - linter tags: - kubernetes license: MIT License types: - cli source: "https://github.com/zegl/kube-score" homepage: "https://kube-score.com" description: Static code analysis of your Kubernetes object definitions. ================================================ FILE: data/tools/kubeconform.yml ================================================ name: kubeconform categories: - linter tags: - kubernetes license: Apache 2.0 types: - cli source: "https://github.com/yannh/kubeconform" homepage: "https://github.com/yannh/kubeconform" resources: - title: Ensuring Kubernetes manifests validity & compliance - a tooling overview - Yann Hamon, Contentful url: https://youtu.be/YM7Wy_M7Lvw?t=657 description: | A fast Kubernetes manifests validator with support for custom resources. It is inspired by, contains code from and is designed to stay close to [Kubeval](https://analysis-tools.dev/tool/kubeval), but with the following improvements: * high performance: will validate & download manifests over multiple routines, caching downloaded files in memory * configurable list of remote, or local schemas locations, enabling validating Kubernetes custom resources (CRDs) and offline validation capabilities * uses by default a self-updating fork of the schemas registry maintained by the kubernetes-json-schema project - which guarantees up-to-date schemas for all recent versions of Kubernetes. ================================================ FILE: data/tools/kubelinter.yml ================================================ name: KubeLinter categories: - linter tags: - kubernetes license: Apache-2.0 License types: - cli source: "https://github.com/stackrox/kube-linter" homepage: "https://github.com/stackrox/kube-linter" description: "KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices." resources: - title: "KubeLinter: An open source linter for Kubernetes, from StackRox" url: https://www.youtube.com/watch?v=KWX0sWojV_0 - title: Announcement blog post url: https://www.stackrox.com/post/2020/10/introducing-kubelinter-an-open-source-linter-for-kubernetes ================================================ FILE: data/tools/kubeval.yml ================================================ name: kubeval categories: - linter tags: - kubernetes license: Other types: - cli deprecated: true source: "https://github.com/instrumenta/kubeval" homepage: "https://kubeval.instrumenta.dev" description: >- Validates your Kubernetes configuration files and supports multiple Kubernetes versions. ================================================ FILE: data/tools/lacheck.yml ================================================ name: lacheck categories: - linter tags: - latex license: GPL types: - cli source: 'https://www.ctan.org/tex-archive/support/lacheck' homepage: 'https://www.ctan.org/pkg/lacheck' description: A tool for finding common mistakes in LaTeX documents. ================================================ FILE: data/tools/langlint.yml ================================================ name: LangLint categories: - linter tags: - python - javascript - typescript - go - rust - java - cpp - markdown - json - yaml - translation license: MIT License types: - cli source: 'https://github.com/HzaCode/Langlint' homepage: 'https://github.com/HzaCode/Langlint' description: >- Automated translation platform for code comments and docstrings across 20+ file types. Eliminates language barriers in international software collaboration. Supports 100+ language pairs with syntax protection. Integrates into CI/CD pipelines like Ruff. 10-20x faster with concurrent processing. ================================================ FILE: data/tools/languagetool.yml ================================================ name: languagetool categories: - linter tags: - writing license: GNU Lesser General Public License v2.1 types: - cli source: 'https://github.com/languagetool-org/languagetool' homepage: 'https://languagetool.org' description: >- Style and grammar checker for 25+ languages. It finds many errors that a simple spell checker cannot detect. ================================================ FILE: data/tools/larastan.yml ================================================ name: larastan categories: - linter tags: - php - laravel license: MIT License types: - cli source: 'https://github.com/larastan/larastan' homepage: 'https://github.com/larastan/larastan' description: >- Adds static analysis to Laravel improving developer productivity and code quality. It is a wrapper around PHPStan. ================================================ FILE: data/tools/laser.yml ================================================ name: laser categories: - linter tags: - ruby deprecated: true license: GNU Affero General Public License v3.0 types: - cli source: 'https://github.com/michaeledgar/laser' homepage: 'https://github.com/michaeledgar/laser' description: Static analysis and style linter for Ruby code. ================================================ FILE: data/tools/ldra.yml ================================================ name: LDRA categories: - linter tags: - c - cpp license: proprietary types: - cli homepage: https://ldra.com description: >- A tool suite including static analysis (TBVISION) to various standards including MISRA C & C++, JSF++ AV, CWE, CERT C, CERT C++ & Custom Rules. pricing: https://ldra.com/register/ plans: free: false oss: false ================================================ FILE: data/tools/lgtm.yml ================================================ name: LGTM categories: - linter tags: - ci - security - java - python - javascript - typescript - go - c - cpp - csharp license: proprietary types: - service homepage: 'https://lgtm.com/' description: >- Find security vulnerabilities, variants, and critical code quality issues using CodeQL queries over source code. Automatic PR code review; free for open source. Formerly semmle. It supports public Git repositories hosted on Bitbucket Cloud, GitHub.com, GitLab.com. resources: - title: "Welcoming Semmle to GitHub" url: https://github.blog/2019-09-18-github-welcomes-semmle/ ================================================ FILE: data/tools/libvcs4j.yml ================================================ name: LibVCS4j categories: - linter tags: - support license: Other types: - cli source: 'https://github.com/uni-bremen-agst/libvcs4j' homepage: 'https://github.com/uni-bremen-agst/libvcs4j' description: >- A Java library that allows existing tools to analyse the evolution of software systems by providing a common API for different version control systems and issue trackers. ================================================ FILE: data/tools/lint.yml ================================================ name: lint categories: - linter tags: - dart license: Apache License 2.0 types: - cli source: 'https://github.com/passsy/dart-lint' homepage: 'https://github.com/passsy/dart-lint' description: >- An opinionated, community-driven set of lint rules for Dart and Flutter projects. Like pedantic but stricter ================================================ FILE: data/tools/linter-for-dart.yml ================================================ name: Linter for dart categories: - linter tags: - dart license: BSD 3-Clause "New" or "Revised" License types: - cli source: "https://github.com/dart-lang/linter" homepage: "https://github.com/dart-lang/linter" description: Style linter for Dart. ================================================ FILE: data/tools/linter-rust.yml ================================================ name: linter-rust categories: - linter tags: - rust license: MIT License types: - cli source: 'https://github.com/AtomLinter/linter-rust' homepage: 'https://github.com/AtomLinter/linter-rust' description: 'Linting your Rust-files in Atom, using rustc and cargo.' ================================================ FILE: data/tools/linter.yml ================================================ name: linter categories: - linter tags: - scala license: Apache License 2.0 types: - cli source: 'https://github.com/HairyFotr/linter' homepage: 'https://github.com/HairyFotr/linter' description: >- Linter is a Scala static analysis compiler plugin which adds compile-time checks for various possible bugs, inefficiencies, and style problems. ================================================ FILE: data/tools/lintian.yml ================================================ name: lintian categories: - linter tags: - package license: GNU General Public License v2.0 types: - cli source: "https://salsa.debian.org/lintian/lintian" homepage: "https://wiki.debian.org/Lintian" description: Static analysis tool for Debian packages. ================================================ FILE: data/tools/lintr.yml ================================================ name: lintr categories: - linter tags: - r license: Other types: - cli source: 'https://github.com/jimhester/lintr' homepage: 'https://github.com/jimhester/lintr' description: Static Code Analysis for R. ================================================ FILE: data/tools/linty-fresh.yml ================================================ name: linty fresh categories: - linter tags: - python license: Other types: - cli source: 'https://github.com/lyft/linty_fresh' homepage: 'https://github.com/lyft/linty_fresh' description: Parse lint errors and report them to Github as comments on a pull request. ================================================ FILE: data/tools/liquidhaskell.yml ================================================ name: Liquid Haskell categories: - linter tags: - haskell license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/ucsd-progsys/liquidhaskell' homepage: 'https://ucsd-progsys.github.io/liquidhaskell-blog/' description: Liquid Haskell is a refinement type checker for Haskell programs. ================================================ FILE: data/tools/lizard.yml ================================================ name: lizard categories: - linter tags: - c - cpp - java - csharp - javascript - typescript - objectivec - swift - python - ruby - php - scala - go - lua - rust license: MIT License types: - cli source: 'https://github.com/terryyin/lizard' homepage: 'https://github.com/terryyin/lizard' description: >- Lizard is an extensible Cyclomatic Complexity Analyzer for many programming languages including C/C++ (doesn't require all the header files or Java imports). It also does copy-paste detection (code clone detection/code duplicate detection) and many other forms of static code analysis. Counts lines of code without comments, CCN (cyclomatic complexity number), token count of functions, parameter count of functions. ================================================ FILE: data/tools/lll.yml ================================================ name: lll categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/walle/lll' homepage: 'https://github.com/walle/lll' description: Report long lines. ================================================ FILE: data/tools/lockbud.yml ================================================ name: lockbud categories: - linter tags: - rust license: BSD-3-Clause types: - cli source: "https://github.com/BurtonQin/lockbud" homepage: "https://github.com/BurtonQin/lockbud" description: >- Statically detects Rust deadlocks bugs. It currently detects two common kinds of deadlock bugs: doublelock and locks in conflicting order. It will print bugs in JSON format together with the source code location and an explanation of each bug. ================================================ FILE: data/tools/lockfile-lint.yml ================================================ name: lockfile-lint categories: - linter tags: - security - nodejs license: Apache-2.0 License types: - cli source: 'https://github.com/lirantal/lockfile-lint' homepage: 'https://github.com/lirantal/lockfile-lint' description: >- Lint an npm or yarn lockfile to analyze and detect security issues ================================================ FILE: data/tools/luacheck.yml ================================================ name: luacheck categories: - linter tags: - lua license: MIT License types: - cli source: 'https://github.com/lunarmodules/luacheck' homepage: 'https://github.com/lunarmodules/luacheck' description: A tool for linting and static analysis of Lua code. ================================================ FILE: data/tools/lualint.yml ================================================ name: lualint categories: - linter tags: - lua license: MIT License types: - cli source: 'https://github.com/philips/lualint' homepage: 'https://github.com/philips/lualint' description: >- lualint performs luac-based static analysis of global variable usage in Lua source code. ================================================ FILE: data/tools/luanalysis.yml ================================================ name: Luanalysis categories: - linter tags: - lua license: Apache-2.0 License types: - ide-plugin source: 'https://github.com/Benjamin-Dobell/IntelliJ-Luanalysis' homepage: 'https://plugins.jetbrains.com/plugin/14698-luanalysis' description: 'An IDE for statically typed Lua development.' ================================================ FILE: data/tools/lunasec.yml ================================================ name: LunaSec categories: - linter tags: - security license: Apache License Version 2.0 types: - service homepage: "https://github.com/marketplace/lunatrace-by-lunasec/" source: "https://github.com/lunasec-io/lunasec" description: >- Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. ================================================ FILE: data/tools/mago.yml ================================================ name: mago categories: - linter - formatter tags: - php license: MIT License types: - cli source: 'https://github.com/carthage-software/mago' homepage: 'https://mago.carthage.software' description: >- Mago is a complete toolchain for PHP, written in Rust, designed from the ground up for maximum performance. - ✨ A blazing-fast formatter that automatically formats your code according to PER-CS, ending style debates forever. - 🔎 An intelligent linter that catches stylistic issues, inconsistencies, and code smells before they become problems. - 🔬 A powerful static analyzer that finds type errors and logical bugs in your code without you ever having to run it. - 🛡️ A robust architectural guard that enforces dependency rules and structural conventions. ================================================ FILE: data/tools/malcat.yml ================================================ name: Malcat categories: - linter tags: - binary - security license: proprietary types: - gui plans: free: true homepage: "https://malcat.fr/" description: >- Hexadecimal editor and disassembler for malware analysis and binary file inspection. Supports over 50 file formats and multiple CPU architectures (x86/x64, MIPS, .NET, Python, VB p-code). Features rapid analysis, embedded file extraction, Yara signature scanning, anomaly detection, and Python scripting. Designed for malware analysts, SOC operators, incident responders, and CTF players. ================================================ FILE: data/tools/maligned.yml ================================================ name: maligned categories: - linter tags: - go license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/mdempsky/maligned' homepage: 'https://github.com/mdempsky/maligned' description: Detect structs that would take less memory if their fields were sorted. ================================================ FILE: data/tools/manalyze.yml ================================================ name: Manalyze categories: - linter tags: - binary license: GNU General Public License v3.0 types: - cli source: 'https://github.com/JusticeRage/Manalyze' homepage: 'https://github.com/JusticeRage/Manalyze' description: 'A static analyzer, which checks portable executables for malicious content.' ================================================ FILE: data/tools/mariana-trench.yml ================================================ name: Mariana Trench categories: - linter tags: - java - mobile license: MIT types: - cli source: "https://github.com/facebook/mariana-trench" homepage: "https://mariana-tren.ch/" description: >- Our security focused static analysis tool for Android and Java applications. Mariana Trench analyzes Dalvik bytecode and is built to run fast on large codebases (10s of millions of lines of code). It can find vulnerabilities as code changes, before it ever lands in your repository. ================================================ FILE: data/tools/markdownlint.yml ================================================ name: markdownlint categories: - linter tags: - markdown license: MIT License types: - cli source: 'https://github.com/DavidAnson/markdownlint' homepage: 'https://github.com/DavidAnson/markdownlint' description: Node.js -based style checker and lint tool for Markdown/CommonMark files. ================================================ FILE: data/tools/mate.yml ================================================ name: MATE categories: - linter tags: - c - cpp license: BSD-3-Clause types: - cli source: "https://github.com/GaloisInc/MATE" homepage: "https://galoisinc.github.io/MATE/" description: >- A suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++ code. MATE unifies application-specific and low-level vulnerability analysis using code property graphs (CPGs), enabling the discovery of highly application-specific vulnerabilities that depend on both implementation details and the high-level semantics of target C/C++ programs. ================================================ FILE: data/tools/mbake.yml ================================================ name: mbake categories: - formatter - linter tags: - make - python license: MIT types: - cli source: 'https://github.com/EbodShojaei/bake' homepage: 'https://pypi.org/project/mbake/' description: mbake is a Makefile formatter and linter. It only took 50 years! ================================================ FILE: data/tools/mccabe.yml ================================================ name: mccabe categories: - linter tags: - python license: Other types: - cli source: 'https://github.com/PyCQA/mccabe' homepage: 'https://pypi.org/project/mccabe' description: Check McCabe complexity. ================================================ FILE: data/tools/mcsema.yml ================================================ name: mcsema categories: - linter tags: - binary license: AGPL-3.0 License types: - cli source: 'https://github.com/lifting-bits/mcsema' homepage: 'https://github.com/lifting-bits/mcsema' description: >- Framework for lifting x86, amd64, aarch64, sparc32, and sparc64 program binaries to LLVM bitcode. It translates ("lifts") executable binaries from native machine code to LLVM bitcode, which is very useful for performing program analysis methods. ================================================ FILE: data/tools/mdformat.yml ================================================ name: mdformat categories: - formatter tags: - markdown license: MIT License types: - cli source: "https://github.com/executablebooks/mdformat" homepage: "https://mdformat.rtfd.io" description: "CommonMark compliant Markdown formatter" ================================================ FILE: data/tools/mdl.yml ================================================ name: mdl categories: - linter tags: - markdown license: MIT License types: - cli source: 'https://github.com/mivok/markdownlint' homepage: 'https://github.com/mivok/markdownlint' description: A tool to check Markdown files and flag style issues. ================================================ FILE: data/tools/mdsf.yml ================================================ name: mdsf categories: - formatter tags: - markdown license: MIT License types: - cli deprecated: false homepage: "https://github.com/hougesen/mdsf" source: "https://github.com/hougesen/mdsf" description: Format markdown code blocks using your favorite code formatters. ================================================ FILE: data/tools/mega-linter.yml ================================================ name: Mega-Linter categories: - linter tags: - ansible - apex - arm - c - ci - clojure - cloudformation - coffeescript - configfile - configmanagement - container - cpp - css - csharp - dart - dockerfile - dotenv - dotnet - gherkin - go - groovy - html - java - javascript - json - jsx - kotlin - kubernetes - latex - lua - lwc - markdown - nodejs - perl - php - powershell - protobuf - puppet - python - r - raku - ruby - rust - scala - shell - sql - terraform - typescript - vbnet - vue - writing - xml - yaml license: MIT License types: - cli source: "https://github.com/nvuillam/mega-linter" homepage: "https://megalinter.io/" description: >- Mega-Linter can handle any type of project thanks to its 70+ embedded Linters, its advanced reporting, runnable on any CI system or locally, with assisted installation and configuration, able to apply formatting and fixes resources: - title: Hands on - Improving code standards with mega linter url: https://www.youtube.com/watch?v=3xgTU1GhRvs ================================================ FILE: data/tools/metadata-json-lint.yml ================================================ name: metadata-json-lint categories: - linter tags: - configmanagement - puppet license: Apache License 2.0 types: - cli source: 'https://github.com/voxpupuli/metadata-json-lint' homepage: 'https://github.com/voxpupuli/metadata-json-lint' description: Tool to check the validity of Puppet metadata.json files. ================================================ FILE: data/tools/metric_fu.yml ================================================ name: MetricFu categories: - linter tags: - ruby license: MIT License types: - cli source: "https://github.com/metricfu/metric_fu" homepage: "https://github.com/metricfu/metric_fu" description: >- MetricFu is a set of tools to provide reports that show which parts of your code might need extra work. ================================================ FILE: data/tools/mirai.yml ================================================ name: MIRAI categories: - linter tags: - rust license: MIT License types: - cli source: 'https://github.com/facebookexperimental/MIRAI' homepage: 'https://github.com/facebookexperimental/MIRAI' description: >- And abstract interpreter operating on Rust's mid-level intermediate language, and providing warnings based on taint analysis. ================================================ FILE: data/tools/misshit.yml ================================================ name: MISS_HIT categories: - linter - formatter tags: - matlab license: GPL-3.0 types: - cli source: "https://github.com/florianschanda/miss_hit" homepage: "https://misshit.org/" description: >- MISS_HIT is a free, open-source code quality toolset for MATLAB, Simulink, and Octave. It includes MH Style (style checker and formatter), MH Metrics (complexity metrics), MH Lint (static analysis), MH Trace (requirements traceability), and MH Copyright (copyright management). Designed to work standalone without requiring MATLAB/Octave installation. ================================================ FILE: data/tools/misspell-fixer.yml ================================================ name: misspell-fixer categories: - linter tags: - writing license: Other types: - cli source: 'https://github.com/vlajos/misspell-fixer' homepage: 'https://github.com/vlajos/misspell-fixer' description: 'Quick tool for fixing common misspellings, typos in source code.' ================================================ FILE: data/tools/misspell.yml ================================================ name: misspell categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/client9/misspell' homepage: 'https://github.com/client9/misspell' description: Finds commonly misspelled English words. ================================================ FILE: data/tools/misspelled-words-in-context.yml ================================================ name: Misspelled Words In Context categories: - linter tags: - writing license: MIT License types: - cli source: 'https://github.com/jwilk/mwic' homepage: 'https://jwilk.net/software/mwic' description: >- A spell-checker that groups possible misspellings and shows them in their contexts. ================================================ FILE: data/tools/mlint.yml ================================================ name: mlint categories: - linter tags: - matlab license: proprietary types: - cli homepage: 'https://www.mathworks.com/help/matlab/ref/mlint.html' description: Check MATLAB code files for possible problems. ================================================ FILE: data/tools/mobb.yml ================================================ name: Mobb categories: - formatter - linter tags: - ci - java - javascript - typescript - csharp license: proprietary types: - service - cli homepage: 'https://mobb.ai' description: >- Mobb is a trusted, automatic vulnerability fixer that secures applications, reduces security backlogs, and frees developers to focus on innovation. Mobb is free for open-source projects. ================================================ FILE: data/tools/mondrian.yml ================================================ name: Mondrian categories: - linter tags: - php license: CC-BY-SA-3.0 types: - cli source: 'https://github.com/Trismegiste/Mondrian' homepage: 'https://trismegiste.github.io/Mondrian' description: A set of static analysis and refactoring tools which use graph theory. ================================================ FILE: data/tools/mopsa.yml ================================================ name: MOPSA categories: - linter tags: - c - python license: GNU Lesser General Public License v3.0 types: - cli source: 'https://gitlab.com/mopsa/mopsa-analyzer' homepage: 'https://mopsa.lip6.fr' description: A static analyzer designed to easily reuse abstract domains across widely different languages (such as C and Python). ================================================ FILE: data/tools/multilint.yml ================================================ name: multilint categories: - meta tags: - meta - python license: ISC License types: - cli source: 'https://github.com/adamchainz/multilint' homepage: 'https://github.com/adamchainz/multilint' description: 'A wrapper around `flake8`, `isort` and `modernize`.' ================================================ FILE: data/tools/mypy.yml ================================================ name: mypy categories: - linter tags: - python license: Other types: - cli source: 'https://github.com/python/mypy' homepage: 'http://www.mypy-lang.org' resources: - title: Static type checking with mypy url: https://www.youtube.com/watch?v=9gNnhNxra3E - title: Introduction to python typing + mypy (beginner - intermediate) url: https://www.youtube.com/watch?v=H5CnZQDKfhU demos: - https://mypy-lang.org/examples.html description: >- A static type checker that aims to combine the benefits of duck typing and static typing, frequently used with [MonkeyType](https://github.com/Instagram/MonkeyType). ================================================ FILE: data/tools/mythril.yml ================================================ name: mythril categories: - linter tags: - smart-contracts license: MIT License types: - cli source: 'https://github.com/ConsenSys/mythril' homepage: 'https://github.com/ConsenSys/mythril' description: >- A symbolic execution framework with batteries included, can be used to find and exploit vulnerabilities in smart contracts automatically. resources: - title: "The Ether Wars: Exploits, counter exploits and honeypots - Bernhard Mueller, DEF CON 27 Conference" url: https://www.youtube.com/watch?v=Qd9ubry-c_M - title: "Smashing Ethereum Smart Contracts for Fun and ACTUAL Profit - Bernhard Mueller" url: https://www.youtube.com/watch?v=iqf6epACgds ================================================ FILE: data/tools/mythx.yml ================================================ name: MythX categories: - linter tags: - smart-contracts license: proprietary types: - cli - service - ide-plugin homepage: https://mythx.io description: >- MythX is an easy to use analysis platform which integrates several analysis methods like fuzzing, symbolic execution and static analysis to find vulnerabilities with high precision. It can be integrated with toolchains like Remix or VSCode or called from the command-line. resources: - title: What is MythX? url: https://www.youtube.com/watch?v=N-dAuqNztjA pricing: https://mythx.io/plans/ plans: free: false oss: false ================================================ FILE: data/tools/nagelfar.yml ================================================ name: Nagelfar categories: - linter tags: - tcl license: GPL v2 types: - cli source: 'https://sourceforge.net/p/nagelfar/code/ci/master/tree' homepage: 'https://sourceforge.net/projects/nagelfar' description: A static syntax checker for Tcl. ================================================ FILE: data/tools/nakedret.yml ================================================ name: nakedret categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/alexkohler/nakedret' homepage: 'https://github.com/alexkohler/nakedret' description: Finds naked returns. ================================================ FILE: data/tools/nargs.yml ================================================ name: nargs categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/alexkohler/nargs' homepage: 'https://github.com/alexkohler/nargs' description: Finds unused arguments in function declarations. ================================================ FILE: data/tools/nauz-file-detector.yml ================================================ name: Nauz File Detector categories: - linter tags: - binary license: MIT License types: - cli source: 'https://github.com/horsicq/Nauz-File-Detector' homepage: 'https://github.com/horsicq/Nauz-File-Detector' description: Static Linker/Compiler/Tool detector for Windows, Linux and MacOS. ================================================ FILE: data/tools/ndepend.yml ================================================ name: NDepend categories: - linter tags: - csharp license: proprietary types: - cli homepage: http://www.ndepend.com description: >- Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity. pricing: https://www.ndepend.com/purchase plans: free: false oss: false ================================================ FILE: data/tools/net-analyzers.yml ================================================ name: .NET Analyzers categories: - linter tags: - csharp license: MIT types: - cli source: 'https://github.com/DotNetAnalyzers' homepage: 'https://github.com/DotNetAnalyzers' description: >- An organization for the development of analyzers (diagnostics and code fixes) using the .NET Compiler Platform. ================================================ FILE: data/tools/neurolint-cli.yml ================================================ --- name: Neurolint-CLI categories: - linter tags: - javascript - typescript license: "Apache-2.0" types: - cli homepage: https://neurolint.dev source: https://github.com/Alcatecablee/Neurolint-CLI description: | Deterministic code transformation tool using AST parsing and rule-based transformations. Automatically fixes 50+ issues including accessibility violations, hydration errors, React 19/Next.js 16 migrations, and configuration updates. Features 5-step fail-safe orchestration to ensure zero breaking changes. Specialized for React, Next.js, and TypeScript projects. resources: - title: CLI Documentation url: https://neurolint.dev - title: GitHub Marketplace Action url: https://github.com/marketplace/actions/neurolint-deterministic-code-fixer ================================================ FILE: data/tools/nimfmt.yml ================================================ name: nimfmt categories: - linter tags: - nim license: GPL-3.0 License types: - cli source: 'https://github.com/FedericoCeratto/nimfmt' homepage: 'https://github.com/FedericoCeratto/nimfmt' description: 'Nim code formatter / linter / style checker' ================================================ FILE: data/tools/njsscan.yml ================================================ name: njsscan categories: - linter tags: - security - nodejs license: LGPL-2.1 License types: - cli source: 'https://github.com/ajinabraham/njsscan' homepage: 'https://opensecurity.in' description: >- A static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep. ================================================ FILE: data/tools/nodejsscan.yml ================================================ name: NodeJSScan categories: - linter tags: - javascript - nodejs - security license: GNU General Public License v3.0 types: - cli - service source: 'https://github.com/ajinabraham/NodeJsScan' homepage: 'https://opensecurity.in' description: >- A static security code scanner for Node.js applications powered by libsast and semgrep that builds on the njsscan cli tool. It features a UI with various dashboards about an application's security status. ================================================ FILE: data/tools/noir.yml ================================================ name: OWASP Noir categories: - linter tags: - security license: MIT License types: - cli source: "https://github.com/owasp-noir/noir" homepage: "https://owasp-noir.github.io/noir/" resources: - title: OWASP Project Noir url: https://owasp.org/www-project-noir/ description: Attack surface detector that identifies endpoints by static analysis. ================================================ FILE: data/tools/nu-html-checker.yml ================================================ name: Nu Html Checker categories: - linter tags: - css - html license: MIT License types: - cli source: 'https://github.com/validator/validator' homepage: 'https://validator.github.io/validator/' description: >- Helps you catch problems in your HTML/CSS/SVG ================================================ FILE: data/tools/nullaway.yml ================================================ name: NullAway categories: - linter tags: - java license: MIT License types: - cli source: 'https://github.com/uber/NullAway' homepage: 'https://github.com/uber/NullAway' description: >- Type-based null-pointer checker with low build-time overhead; an [Error Prone](http://errorprone.info/) plugin. ================================================ FILE: data/tools/o360.yml ================================================ name: Offensive 360 categories: - linter tags: - asp - csharp - html - java - javascript - mobile - nodejs - phonegap - php - security - vbasic - vbnet - vbscript - container - dotnet - typescript - xml - jsx license: proprietary types: - service homepage: "https://offensive360.com/" description: Commercial Static Code Analysis system doesn't require building the source code or pre-compilation. ================================================ FILE: data/tools/oclint.yml ================================================ name: oclint categories: - linter tags: - c - cpp - objectivec license: BSD-3-Clause (original text) types: - cli source: 'https://github.com/oclint/oclint' homepage: 'http://oclint.org' description: >- A static source code analysis tool to improve quality and reduce defects for C, C++ and Objective-C. ================================================ FILE: data/tools/oelint-adv.yml ================================================ name: oelint-adv categories: - linter tags: - embedded license: BSD 2-Clause "Simplified" License types: - cli source: 'https://github.com/priv-kweihmann/oelint-adv' homepage: 'https://github.com/priv-kweihmann/oelint-adv' description: Linter for bitbake recipes used in open-embedded and YOCTO ================================================ FILE: data/tools/open-static-analyzer.yml ================================================ name: OpenStaticAnalyzer categories: - linter tags: - c - cpp - java - csharp - python - javascript license: European Union Public Licence (EUPL) v1.2 types: - cli homepage: https://github.com/sed-inf-u-szeged/OpenStaticAnalyzer description: >- OpenStaticAnalyzer is a source code analyzer tool, which can perform deep static analysis of the source code of complex systems. plans: free: true oss: true ================================================ FILE: data/tools/openrewrite.yml ================================================ name: OpenRewrite categories: - linter - formatter tags: - git - groovy - java - json - kotlin - python - sql - xml - yaml license: Apache-2.0 types: - cli source: 'https://github.com/openrewrite/rewrite' homepage: 'https://docs.openrewrite.org/' description: >- OpenRewrite [fixes common static analysis issues](https://docs.openrewrite.org/running-recipes/popular-recipe-guides/common-static-analysis-issue-remediation) reported through Sonar and other tools using a Maven and Gradle plugin or the Moderne CLI. ================================================ FILE: data/tools/openscap.yml ================================================ name: OpenSCAP categories: - linter tags: - container license: LGPL-2.1 License types: - cli source: 'https://github.com/OpenSCAP/openscap' homepage: 'https://www.open-scap.org/' description: >- Suite of automated audit tools to examine the configuration and known vulnerabilities following the NIST-certified Security Content Automation Protocol (SCAP). ================================================ FILE: data/tools/osv-scanner.yml ================================================ name: OSV-Scanner categories: - linter tags: - security - go license: Apache License 2.0 types: - cli source: "https://github.com/google/osv-scanner" homepage: "https://osv.dev/" description: >- Vulnerability scanner written in Go which uses the data provided by OSV.dev. Developed by Google to scan dependencies across multiple languages and package managers for known vulnerabilities. Supports container scanning, license scanning, and guided remediation. Works with lockfiles, SBOMs, and container images to identify security issues. ================================================ FILE: data/tools/oversecured.yml ================================================ name: Oversecured categories: - linter tags: - mobile - security license: proprietary types: - cli homepage: https://oversecured.com description: >- Enterprise vulnerability scanner for Android and iOS apps. It allows app owners and developers to secure each new version of a mobile app by integrating Oversecured into the development process. ================================================ FILE: data/tools/owasp-dependency-check.yml ================================================ name: OWASP Dependency Check categories: - linter tags: - java license: Apache License 2.0 types: - cli source: 'https://github.com/jeremylong/DependencyCheck' homepage: 'https://owasp.org/www-project-dependency-check' description: 'Checks dependencies for known, publicly disclosed, vulnerabilities.' ================================================ FILE: data/tools/oxc.yml ================================================ name: oxc categories: - linter - formatter tags: - javascript - typescript license: MIT License types: - cli source: "https://github.com/web-infra-dev/oxc" homepage: "https://github.com/web-infra-dev/oxc" description: >- The Oxidation Compiler is creating a suite of high-performance tools for the JavaScript / TypeScript language re-written in Rust. demos: - https://web-infra-dev.github.io/oxc/playground ================================================ FILE: data/tools/pa11y.yml ================================================ name: Pa11y categories: - linter tags: - html license: LGPL-3.0 types: - cli source: 'https://github.com/pa11y/pa11y' homepage: 'https://pa11y.org/' description: >- Automated accessibility testing tool that runs HTML CodeSniffer or axe-core from the command line. Supports CI/CD integration, multiple reporters, and testing against WCAG 2.1 AA standards. ================================================ FILE: data/tools/packj.yml ================================================ name: packj categories: - linter tags: - archive license: AGPL-3.0 types: - cli source: "https://github.com/ossillate-inc/packj" homepage: "https://github.com/ossillate-inc/packj" description: >- Packj (pronounced package) is a command line (CLI) tool to vet open-source software packages for "risky" attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports. ================================================ FILE: data/tools/paprika.yml ================================================ name: paprika categories: - linter tags: - mobile license: GNU Affero General Public License v3.0 types: - cli source: 'https://github.com/GeoffreyHecht/paprika' homepage: 'https://github.com/GeoffreyHecht/paprika' description: A toolkit to detect some code smells in analyzed Android applications. ================================================ FILE: data/tools/parallel-lint.yml ================================================ name: parallel-lint categories: - linter tags: - php license: Other types: - cli source: 'https://github.com/php-parallel-lint/PHP-Parallel-Lint' homepage: 'https://github.com/php-parallel-lint/PHP-Parallel-Lint' description: >- This tool checks syntax of PHP files faster than serial check with a fancier output. ================================================ FILE: data/tools/parasoft.yml ================================================ name: parasoft categories: - linter tags: - c - cpp - csharp - javascript license: proprietary types: - service homepage: 'https://www.parasoft.com/' pricing: https://www.parasoft.com/contact/ plans: free: false oss: false description: >- Automated Software Testing Solutions for unit-, API-, and web UI testing. Complies with MISRA, OWASP, and others. ================================================ FILE: data/tools/parker.yml ================================================ name: Parker categories: - linter tags: - css license: Other types: - cli source: 'https://github.com/katiefenn/parker' homepage: 'https://github.com/katiefenn/parker' description: Stylesheet analysis tool. ================================================ FILE: data/tools/parse.yml ================================================ name: Parse categories: - linter tags: - php license: MIT types: - cli source: 'https://github.com/psecio/parse' homepage: 'https://github.com/psecio/parse' description: A Static Security Scanner. ================================================ FILE: data/tools/pascal-analyzer.yml ================================================ name: Pascal Analyzer categories: - linter tags: - delphi license: proprietary types: - cli homepage: https://peganza.com/products_pal.html description: >- A static code analysis tool with numerous reports. A free _Lite_ version is available with limited reporting. pricing: https://peganza.com/orders.html ================================================ FILE: data/tools/pascal-expert.yml ================================================ name: Pascal Expert categories: - linter tags: - delphi license: proprietary types: - cli homepage: 'https://peganza.com/products_pex.html' description: >- IDE plugin for code analysis. Includes a subset of Pascal Analyzer reporting capabilities and is available for Delphi versions 2007 and later. ================================================ FILE: data/tools/pc-lint.yml ================================================ name: PC-lint categories: - linter tags: - c - cpp license: proprietary types: - cli homepage: https://pclintplus.com/ description: >- Static analysis for C/C++. Runs natively under Windows/Linux/MacOS. Analyzes code for virtually any platform, supporting C11/C18 and C++17. pricing: https://pclintplus.com/pricing/ ================================================ FILE: data/tools/pdepend.yml ================================================ name: pdepend categories: - linter tags: - php license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/pdepend/pdepend' homepage: 'https://pdepend.org' description: Calculates software metrics like cyclomatic complexity for PHP code. ================================================ FILE: data/tools/pelusa.yml ================================================ name: pelusa categories: - linter tags: - ruby license: MIT types: - cli source: 'https://github.com/codegram/pelusa' homepage: 'https://github.com/codegram/pelusa' description: Static analysis Lint-type tool to improve your OO Ruby code. ================================================ FILE: data/tools/perlanalyzer.yml ================================================ name: Perl::Analyzer categories: - linter tags: - perl license: Artistic License (2.0) types: - cli - service - ide-plugin source: 'https://github.com/technix/Perl-Analyzer' homepage: 'https://technix.github.io/Perl-Analyzer/' description: >- Perl-Analyzer is a set of programs and modules that allow users to analyze and visualize Perl codebases by providing information about namespaces and their relations, dependencies, inheritance, and methods implemented, inherited, and redefined in packages, as well as calls to methods from parent packages via SUPER. ================================================ FILE: data/tools/perlcritic.yml ================================================ name: 'Perl::Critic' categories: - linter tags: - perl license: GPL v2 types: - cli source: 'https://metacpan.org/release/Perl-Critic/source/lib/Perl/Critic.pm' homepage: 'https://metacpan.org/pod/Perl::Critic' description: Critique Perl source code for best-practices. ================================================ FILE: data/tools/perltidy.yml ================================================ name: perltidy tags: - perl categories: - formatter license: GPL-2.0 license types: - cli source: "https://github.com/perltidy/perltidy" homepage: "https://perltidy.sourceforge.net/" description: >- Perltidy is a Perl script which indents and reformats Perl scripts to make them easier to read. The formatting can be controlled with command line parameters. The default parameter settings approximately follow the suggestions in the Perl Style Guide. Besides reformatting scripts, Perltidy can be a great help in tracking down errors with missing or extra braces, parentheses, and square brackets because it is very good at localizing errors. ================================================ FILE: data/tools/pfff.yml ================================================ name: pfff categories: - formatter tags: - c - cpp - csharp - css - erlang - haskell - html - java - javascript - php - python - rust deprecated: true license: Other types: - cli source: 'https://github.com/returntocorp/pfff' homepage: 'https://github.com/facebookarchive/pfff/wiki/Main' description: >- Facebook's tools for code analysis, visualizations, or style-preserving source transformation for many languages. ================================================ FILE: data/tools/pgspot.yml ================================================ name: pgspot categories: - linter tags: - sql license: PostgreSQL License types: - cli source: 'https://github.com/timescale/pgspot' homepage: 'https://github.com/timescale/pgspot' description: >- Spot vulnerabilities in postgres extension scripts. Finds unsafe search_path usage and unsafe object creation in PostgreSQL extension scripts or any other PostgreSQL SQL code. ================================================ FILE: data/tools/phan.yml ================================================ name: phan categories: - linter tags: - php license: Other types: - cli source: 'https://github.com/etsy/phan' homepage: 'https://github.com/phan/phan/wiki' description: A modern static analyzer from etsy. ================================================ FILE: data/tools/phasar.yml ================================================ name: Phasar categories: - linter tags: - c - cpp license: Other types: - cli source: 'https://github.com/secure-software-engineering/phasar' homepage: 'https://phasar.org' description: >- A LLVM-based static analysis framework which comes with a taint and type state analysis. ================================================ FILE: data/tools/php-architecture-tester.yml ================================================ name: PHP Architecture Tester categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/carlosas/phpat' homepage: 'https://github.com/carlosas/phpat' description: Easy to use architecture testing tool for PHP. ================================================ FILE: data/tools/php-assumptions.yml ================================================ name: PHP Assumptions categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/rskuipers/php-assumptions' homepage: 'https://github.com/rskuipers/php-assumptions' description: Checks for weak assumptions. ================================================ FILE: data/tools/php-coding-standards-fixer.yml ================================================ name: PHP Coding Standards Fixer categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/FriendsOfPHP/PHP-CS-Fixer' homepage: 'https://cs.symfony.com' description: >- Fixes your code according to standards like PSR-1, PSR-2, and the Symfony standard. ================================================ FILE: data/tools/php-insights.yml ================================================ name: PHP Insights categories: - linter tags: - php license: MIT License types: - cli source: "https://github.com/nunomaduro/phpinsights" homepage: "https://github.com/nunomaduro/phpinsights" description: >- Instant PHP quality checks from your console. Analysis of code quality and coding style as well as overview of code architecture and its complexity. ================================================ FILE: data/tools/php-inspections-ea-extended.yml ================================================ name: Php Inspections (EA Extended) categories: - linter tags: - php license: Other types: - cli source: 'https://github.com/kalessil/phpinspectionsea' homepage: 'https://plugins.jetbrains.com/plugin/7622-php-inspections-ea-extended-' description: A Static Code Analyzer for PHP. ================================================ FILE: data/tools/php-parser.yml ================================================ name: PHP-Parser categories: - linter tags: - php license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/nikic/PHP-Parser' homepage: 'https://github.com/nikic/PHP-Parser' description: A PHP parser written in PHP. ================================================ FILE: data/tools/php-refactoring-browser.yml ================================================ name: PHP Refactoring Browser categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/QafooLabs/php-refactoring-browser' homepage: 'https://qafoolabs.github.io/php-refactoring-browser' description: Refactoring helper. ================================================ FILE: data/tools/php-semantic-versioning-checker.yml ================================================ name: PHP Semantic Versioning Checker categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/tomzx/php-semver-checker' homepage: 'https://github.com/tomzx/php-semver-checker' description: Suggests a next version according to semantic versioning. ================================================ FILE: data/tools/php-speller.yml ================================================ name: php-speller categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/mekras/php-speller' homepage: 'https://github.com/mekras/php-speller' description: PHP spell check library. ================================================ FILE: data/tools/php-token-reflection.yml ================================================ name: PHP-Token-Reflection categories: - linter tags: - php license: Other types: - cli source: 'https://github.com/Andrewsville/PHP-Token-Reflection' homepage: 'https://github.com/Andrewsville/PHP-Token-Reflection' description: Library emulating the PHP internal reflection. ================================================ FILE: data/tools/php7cc.yml ================================================ name: php7cc categories: - linter tags: - php deprecated: true license: MIT License types: - cli source: 'https://github.com/sstalle/php7cc' homepage: 'https://github.com/sstalle/php7cc' description: PHP 7 Compatibility Checker. ================================================ FILE: data/tools/php7mar.yml ================================================ name: php7mar categories: - linter tags: - php deprecated: true license: GNU General Public License v3.0 types: - cli source: 'https://github.com/Alexia/php7mar' homepage: 'https://github.com/Alexia/php7mar' description: Assist developers in porting their code quickly to PHP 7. ================================================ FILE: data/tools/php_codesniffer.yml ================================================ name: PHP_CodeSniffer categories: - linter tags: - php license: Other types: - cli source: "https://github.com/squizlabs/PHP_CodeSniffer" homepage: "https://pear.php.net/package/PHP_CodeSniffer" description: Detects violations of a defined set of coding standards. ================================================ FILE: data/tools/phpca.yml ================================================ name: phpca categories: - linter tags: - php license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/wapmorgan/PhpCodeAnalyzer' homepage: 'https://github.com/wapmorgan/PhpCodeAnalyzer' description: Finds usage of non-built-in extensions. ================================================ FILE: data/tools/phpcpd.yml ================================================ name: phpcpd categories: - linter tags: - php license: Other types: - cli source: 'https://github.com/sebastianbergmann/phpcpd' homepage: 'https://github.com/sebastianbergmann/phpcpd' description: Copy/Paste Detector for PHP code. ================================================ FILE: data/tools/phpdcd.yml ================================================ name: phpdcd categories: - linter tags: - php deprecated: true license: Other types: - cli source: 'https://github.com/sebastianbergmann/phpdcd' homepage: 'https://github.com/sebastianbergmann/phpdcd' description: Dead Code Detector (DCD) for PHP code. ================================================ FILE: data/tools/phpdependencyanalysis.yml ================================================ name: PhpDependencyAnalysis categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/mamuz/PhpDependencyAnalysis' homepage: 'https://mamuz.github.io/PhpDependencyAnalysis' description: Builds a dependency graph for a project. ================================================ FILE: data/tools/phpdeprecationdetector.yml ================================================ name: PhpDeprecationDetector categories: - linter tags: - php license: BSD-3-Clause types: - cli source: 'https://github.com/wapmorgan/PhpDeprecationDetector' homepage: 'https://github.com/wapmorgan/PhpDeprecationDetector' description: >- Analyzer of PHP code to search issues with deprecated functionality in newer interpreter versions. It finds removed objects (functions, variables, constants and ini-directives), deprecated functions functionality, and usage of forbidden names or tricks (e.g. reserved identifiers in newer versions). ================================================ FILE: data/tools/phpdoc-to-typehint.yml ================================================ name: phpdoc-to-typehint categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/dunglas/phpdoc-to-typehint' homepage: 'https://github.com/dunglas/phpdoc-to-typehint' description: >- Add scalar type hints and return types to existing PHP projects using PHPDoc annotations. ================================================ FILE: data/tools/phpdocumentor.yml ================================================ name: phpDocumentor categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/phpDocumentor/phpDocumentor' homepage: 'https://www.phpdoc.org' description: Analyzes PHP source code to generate documentation. ================================================ FILE: data/tools/phploc.yml ================================================ name: phploc categories: - linter tags: - php license: Other types: - cli source: 'https://github.com/sebastianbergmann/phploc' homepage: 'https://github.com/sebastianbergmann/phploc' description: >- A tool for quickly measuring the size and analyzing the structure of a PHP project. ================================================ FILE: data/tools/phpmd.yml ================================================ name: PHPMD categories: - linter tags: - php license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/phpmd/phpmd' homepage: 'https://phpmd.org' description: Finds possible bugs in your code. ================================================ FILE: data/tools/phpmetrics.yml ================================================ name: PhpMetrics categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/phpmetrics/PhpMetrics' homepage: 'http://www.phpmetrics.org' description: Calculates and visualizes various code quality metrics. ================================================ FILE: data/tools/phpmnd.yml ================================================ name: phpmnd categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/povils/phpmnd' homepage: 'https://github.com/povils/phpmnd' description: Helps to detect magic numbers. ================================================ FILE: data/tools/phpqa-jakzal.yml ================================================ name: phpqa - jakzal categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/jakzal/phpqa' homepage: 'https://github.com/jakzal/phpqa' description: Many tools for PHP static analysis in one container. ================================================ FILE: data/tools/phpqa-jmolivas.yml ================================================ name: phpqa - jmolivas categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/jmolivas/phpqa' homepage: 'https://github.com/jmolivas/phpqa' description: PHPQA all-in-one Analyzer CLI tool. ================================================ FILE: data/tools/phpqa.yml ================================================ name: PHPQA categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/EdgedesignCZ/phpqa' homepage: 'https://edgedesigncz.github.io/phpqa' description: >- A tool for running QA tools (phploc, phpcpd, phpcs, pdepend, phpmd, phpmetrics). ================================================ FILE: data/tools/phpsa.yml ================================================ name: phpsa categories: - linter tags: - php license: Other types: - cli source: 'https://github.com/ovr/phpsa' homepage: 'https://github.com/ovr/phpsa' description: Static analysis tool for PHP. ================================================ FILE: data/tools/phpstan.yml ================================================ name: PHPStan categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/phpstan/phpstan' homepage: 'https://phpstan.org' resources: - title: Measure PHP Code Quality With Static Analysis Using PHPStan url: https://www.youtube.com/watch?v=OiS2xGVWEa0 demos: - https://phpstan.org/try description: PHP Static Analysis Tool - discover bugs in your code without running it! ================================================ FILE: data/tools/pip-audit.yml ================================================ name: pip-audit categories: - linter tags: - python - security license: Apache License 2.0 types: - cli source: "https://github.com/pypa/pip-audit" homepage: "https://github.com/pypa/pip-audit" description: >- Tool for scanning Python packages for known vulnerabilities. Developed by the Python Packaging Authority (PyPA) and supported by Trail of Bits and Google. Scans Python environments and requirements files to identify vulnerable packages and suggests remediation. Supports GitHub Actions, pre-commit hooks, and multiple vulnerability service integrations. ================================================ FILE: data/tools/pixee.yml ================================================ name: Pixee categories: tags: - java - python license: proprietary types: - service homepage: 'https://pixee.ai' description: >- Pixeebot finds security and code quality issues in your code and creates merge-ready pull requests with recommended fixes. pricing: 'https://www.pixee.ai/pricing' plans: free: true oss: false ================================================ FILE: data/tools/plato.yml ================================================ name: plato categories: - linter tags: - javascript deprecated: true license: MIT License types: - cli source: 'https://github.com/es-analysis/plato' homepage: 'https://github.com/es-analysis/plato' description: Visualize JavaScript source complexity. ================================================ FILE: data/tools/pmd.yml ================================================ name: PMD categories: - linter tags: - apex - java - javascript - plsql - scala - xml - visualforce license: Other types: - cli source: "https://github.com/pmd/pmd" homepage: "https://pmd.github.io" description: "A source code analyzer for Java, Salesforce Apex, Javascript, PLSQL, XML, XSL and others." ================================================ FILE: data/tools/polymer-analyzer.yml ================================================ name: Polymer-analyzer categories: - linter tags: - html - javascript license: BSD-3-Clause (original text) types: - cli source: 'https://github.com/Polymer/tools/tree/master/packages/analyzer' homepage: 'https://github.com/Polymer/tools/tree/master/packages/analyzer' description: A static analysis framework for Web Components. ================================================ FILE: data/tools/polyspace-bug-finder.yml ================================================ name: Polyspace Bug Finder categories: - linter tags: - c - cpp license: proprietary types: - cli homepage: https://www.mathworks.com/products/polyspace-bug-finder.html description: >- Identifies run-time errors, concurrency issues, security vulnerabilities, and other defects in C and C++ embedded software. pricing: https://www.mathworks.com/company/aboutus/contact_us/req_quote.html ================================================ FILE: data/tools/polyspace-code-prover.yml ================================================ name: Polyspace Code Prover categories: - linter tags: - c - cpp license: proprietary types: - cli homepage: 'https://www.mathworks.com/products/polyspace-code-prover.html' description: >- Provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in C and C++ source code. ================================================ FILE: data/tools/polyspace-for-ada.yml ================================================ name: Polyspace for Ada categories: - linter tags: - ada license: proprietary types: - cli homepage: 'https://www.mathworks.com/products/polyspace-ada.html' description: >- Provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in source code. ================================================ FILE: data/tools/portlint.yml ================================================ name: portlint categories: - linter tags: - buildtool - make license: BSD License types: - cli source: >- https://www.freebsd.org/cgi/man.cgi?query=portlint&sektion=1&manpath=FreeBSD+8.1-RELEASE+and+Ports homepage: >- https://www.freebsd.org/cgi/man.cgi?query=portlint&sektion=1&manpath=FreeBSD+8.1-RELEASE+and+Ports description: A verifier for FreeBSD and DragonFlyBSD port directories. ================================================ FILE: data/tools/postcss.yml ================================================ name: PostCSS categories: - linter tags: - css license: MIT License types: - cli source: 'https://github.com/postcss/postcss' homepage: 'https://postcss.org' description: >- A tool for transforming styles with JS plugins. These plugins can lint your CSS, support variables and mixins, transpile future CSS syntax, inline images, and more. ================================================ FILE: data/tools/prae.yml ================================================ name: prae categories: - linter tags: - rust license: MIT License types: - cli source: 'https://github.com/teenjuna/prae' homepage: 'https://github.com/teenjuna/prae' description: >- Provides a convenient macro that allows you to generate type wrappers that promise to always uphold arbitrary invariants that you specified. ================================================ FILE: data/tools/pre-commit.yml ================================================ name: pre-commit categories: - linter tags: - c - cpp - java - php license: MIT License types: - cli source: 'https://github.com/pre-commit/pre-commit' homepage: 'https://pre-commit.com' description: A framework for managing and maintaining multi-language pre-commit hooks. ================================================ FILE: data/tools/prealloc.yml ================================================ name: prealloc categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/alexkohler/prealloc' homepage: 'https://github.com/alexkohler/prealloc' description: Finds slice declarations that could potentially be preallocated. ================================================ FILE: data/tools/precaution.yml ================================================ name: Precaution categories: - linter tags: - ci - go - java - python - security license: Business Source License 1.1 types: - cli - service source: 'https://github.com/securesauce/precli' homepage: 'https://www.securesauce.dev/' resources: - title: Introducing Precaution url: https://blog.securesauce.dev/introducing-precaution plans: oss: true free: true pricing: https://www.securesauce.dev/ description: >- Precaution is a static analysis security tool (SAST) designed to find potentially critical vulnerabilities in source code prior to production. It is available as a CLI, GitHub Action, and GitHub App. ================================================ FILE: data/tools/prettier.yml ================================================ name: Prettier categories: - formatter tags: - html - javascript - typescript license: MIT License types: - cli source: "https://github.com/prettier/prettier" homepage: "https://prettier.io" description: An opinionated code formatter. resources: - title: Code Formatting with Prettier in Visual Studio Code url: https://www.youtube.com/watch?v=h3PJjP0nE98 - title: VSCode ESLint, Prettier & Airbnb Style Guide Setup url: https://www.youtube.com/watch?v=SydnKbGc7W8 demos: - https://prettier.io/playground reviews: - https://plugins.jetbrains.com/plugin/10456-prettier/reviews - https://www.producthunt.com/products/prettier/reviews - https://stackshare.io/prettier ================================================ FILE: data/tools/primitive-erlang-security-tool-pest.yml ================================================ name: Primitive Erlang Security Tool (PEST) categories: - linter tags: - erlang license: MIT License types: - cli source: 'https://github.com/okeuday/pest' homepage: 'https://github.com/okeuday/pest' description: >- A tool to do a basic scan of Erlang source code and report any function calls that may cause Erlang source code to be insecure. ================================================ FILE: data/tools/progpilot.yml ================================================ name: Progpilot categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/designsecurity/progpilot' homepage: 'https://github.com/designsecurity/progpilot' description: A static analysis tool for security purposes. ================================================ FILE: data/tools/project-wallace-css-analyzer.yml ================================================ name: Project Wallace CSS Analyzer categories: - linter tags: - css license: MIT License types: - cli source: 'https://github.com/projectwallace/css-analyzer' homepage: 'https://www.projectwallace.com' description: 'Analytics for CSS, part of [Project Wallace](https://www.projectwallace.com).' ================================================ FILE: data/tools/promformat.yml ================================================ name: promformat categories: - formatter tags: - prometheus license: GPL-3.0 types: - cli source: "https://github.com/facetoe/promformat" homepage: "https://github.com/facetoe/promformat" description: >- Promformat is a PromQL formatter written in Python. ================================================ FILE: data/tools/promval.yml ================================================ name: promval categories: - linter tags: - prometheus license: MIT types: - cli source: "https://github.com/facetoe/promval" homepage: "https://github.com/facetoe/promval" description: >- PromQL validator written in Python. It can be used to validate that PromQL expressions are written as expected. ================================================ FILE: data/tools/pronto.yml ================================================ name: Pronto categories: - linter tags: - c - ci - cpp - elixir - java - javascript - php - ruby license: MIT License types: - cli source: 'https://github.com/prontolabs/pronto' homepage: 'https://github.com/prontolabs/pronto' description: >- Quick automated code review of your changes. Supports more than 40 runners for various languages, including Clang, Elixir, JavaScript, PHP, Ruby and more. ================================================ FILE: data/tools/proselint.yml ================================================ name: proselint categories: - linter tags: - writing license: BSD-3-Clause types: - cli source: 'https://github.com/amperser/proselint' homepage: 'https://github.com/amperser/proselint' description: A linter for English prose with a focus on writing style instead of grammar. ================================================ FILE: data/tools/prospector.yml ================================================ name: prospector categories: - meta tags: - meta - python license: GNU General Public License v2.0 types: - cli source: 'https://github.com/PyCQA/prospector' homepage: 'https://github.com/PyCQA/prospector' description: 'A wrapper around `pylint`, `pep8`, `mccabe` and others.' ================================================ FILE: data/tools/protolint.yml ================================================ name: protolint categories: - linter tags: - protobuf license: MIT License types: - cli source: 'https://github.com/yoheimuta/protolint' homepage: 'https://github.com/yoheimuta/protolint' description: Pluggable linter and fixer to enforce Protocol Buffer style and conventions. ================================================ FILE: data/tools/prusti.yml ================================================ name: Prusti categories: - linter tags: - rust license: Other types: - cli source: 'https://github.com/viperproject/prusti-dev' homepage: 'https://www.pm.inf.ethz.ch/research/prusti.html' description: >- A static verifier for Rust, based on the Viper verification infrastructure. By default Prusti verifies absence of panics by proving that statements such as unreachable!() and panic!() are unreachable. ================================================ FILE: data/tools/psalm.yml ================================================ name: Psalm categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/vimeo/psalm' homepage: 'https://psalm.dev' resources: - title: Try it Tuesday - PHP Static Analysis Tool Psalm url: https://www.youtube.com/watch?v=ZxXw5Fkp9R8 demos: - https://psalm.dev/r/dcb13e702f description: Static analysis tool for finding type errors in PHP applications. ================================================ FILE: data/tools/ptpm.yml ================================================ name: PT.PM categories: - linter tags: - csharp - java - javascript - php - plsql - tsql deprecated: true license: Other types: - cli source: 'https://github.com/PositiveTechnologies/PT.PM' homepage: 'https://github.com/PositiveTechnologies/PT.PM' description: >- An engine for searching patterns in the source code, based on Unified AST or UST. At present time C#, Java, PHP, PL/SQL, T-SQL, and JavaScript are supported. Patterns can be described within the code or using a DSL. ================================================ FILE: data/tools/ptsecurity.yml ================================================ name: PT Application Inspector categories: - linter tags: - security license: proprietary types: - service homepage: 'https://www.ptsecurity.com' description: >- Identifies code flaws and detects vulnerabilities to prevent web attacks. Demonstrates remote code execution by presenting possible exploits. resources: - title: Introduction video url: https://www.youtube.com/watch?v=gtFH6tV2dlM ================================================ FILE: data/tools/pullrequest.yml ================================================ name: PullRequest categories: - linter tags: - ci license: proprietary types: - service homepage: https://www.hackerone.com/product/code description: >- Code review as a service with built-in static analysis. Increase velocity and reduce technical debt through quality code review by expert engineers backed by best-in-class automation. ================================================ FILE: data/tools/puma-scan.yml ================================================ name: Puma Scan categories: - linter tags: - csharp license: Mozilla Public License 2.0 types: - ide-plugin source: 'https://github.com/pumasecurity/puma-scan' homepage: 'https://pumasecurity.io' description: >- Puma Scan provides real time secure code analysis for common vulnerabilities (XSS, SQLi, CSRF, LDAPi, crypto, deserialization, etc.) as development teams write code in Visual Studio. ================================================ FILE: data/tools/puppet-lint.yml ================================================ name: Puppet Lint categories: - linter tags: - configmanagement license: MIT License types: - cli source: 'https://github.com/rodjek/puppet-lint' homepage: 'https://github.com/rodjek/puppet-lint' description: Check that your Puppet manifests conform to the style guide. ================================================ FILE: data/tools/pure.yml ================================================ name: pure categories: - linter tags: - archive license: MIT License types: - cli source: 'https://github.com/ronomon/pure' homepage: 'https://github.com/ronomon/pure' description: >- Pure is a static analysis file format checker that checks ZIP files for dangerous compression ratios, spec deviations, malicious archive signatures, mismatching local and central directory headers, ambiguous UTF-8 filenames, directory and symlink traversals, invalid MS-DOS dates, overlapping headers, overflow, underflow, sparseness, accidental buffer bleeds etc. ================================================ FILE: data/tools/putout.yml ================================================ name: Putout categories: - linter tags: - javascript - typescript - jsx - css - json - markdown - yaml license: MIT License types: - cli source: "https://github.com/coderaiser/putout" homepage: "https://github.com/coderaiser/putout" description: Pluggable and configurable code transformer with built-in eslint, babel plugins support for js, jsx typescript, flow, markdown, yaml and json. ================================================ FILE: data/tools/pvs-studio.yml ================================================ name: PVS-Studio categories: - linter tags: - c - cpp - csharp - java license: proprietary types: - service homepage: https://pvs-studio.com description: >- A ([conditionally free](https://pvs-studio.com/en/order/open-source-license) for FOSS and individual developers) static analysis of C, C++, C# and Java code. For advertising purposes [you can propose a large FOSS project for analysis by PVS employees](https://github.com/viva64/pvs-studio-check-list). Supports CWE mapping, OWASP ASVS, MISRA, AUTOSAR and SEI CERT coding standards. resources: - title: PVS-Studio is now in Compiler Explorer! url: https://www.youtube.com/watch?v=hw5npZqB3b8 - title: PVS-Studio in 2019 url: https://www.youtube.com/watch?v=FkfMGqxIR-I - title: Static Analysis in C++ (mostly about PVS-Studio) url: https://www.youtube.com/watch?v=vYW6TOwFK2M pricing: https://pvs-studio.com/en/order/license/ reviews: - https://www.gartner.com/reviews/market/application-security-testing/vendor/pvs-studio/product/pvs-studio - https://www.g2.com/products/pvs-studio/reviews ================================================ FILE: data/tools/py-find-injection.yml ================================================ name: py-find-injection categories: - linter tags: - python deprecated: true license: Other types: - cli source: 'https://github.com/uber/py-find-injection' homepage: 'https://github.com/uber/py-find-injection' description: Find SQL injection vulnerabilities in Python code. ================================================ FILE: data/tools/pyanalyze.yml ================================================ name: pyanalyze categories: - linter tags: - python license: Apache License 2.0 types: - cli source: 'https://github.com/quora/pyanalyze' homepage: 'https://pyanalyze.readthedocs.io/en/latest/' description: >- A tool for programmatically detecting common mistakes in Python code, such as references to undefined variables and type errors. It can be extended to add additional rules and perform checks specific to particular functions. ================================================ FILE: data/tools/pycodestyle.yml ================================================ name: pycodestyle categories: - linter tags: - python license: Other types: - cli source: 'https://github.com/PyCQA/pycodestyle' homepage: 'https://pycodestyle.pycqa.org/en/latest' description: >- (Formerly `pep8`) Check Python code against some of the style conventions in PEP 8. ================================================ FILE: data/tools/pydocstyle.yml ================================================ name: pydocstyle categories: - linter tags: - python license: MIT License types: - cli source: 'https://github.com/PyCQA/pydocstyle' homepage: 'http://www.pydocstyle.org' description: Check compliance with Python docstring conventions. ================================================ FILE: data/tools/pyflakes.yml ================================================ name: pyflakes categories: - linter tags: - python license: MIT License types: - cli source: 'https://github.com/pyflakes/pyflakes' homepage: 'https://pypi.org/project/pyflakes' description: Check Python source files for errors. ================================================ FILE: data/tools/pylama.yml ================================================ name: pylama categories: - linter tags: - meta - python - javascript license: LGPL-3.0 License types: - cli source: 'https://github.com/klen/pylama' homepage: 'https://klen.github.io/pylama/' description: 'Code audit tool for Python and JavaScript. Wraps pycodestyle, pydocstyle, PyFlakes, Mccabe, Pylint, and more' ================================================ FILE: data/tools/pylint.yml ================================================ name: pylint categories: - linter tags: - python license: GNU General Public License v2.0 types: - cli source: 'https://github.com/PyCQA/pylint' homepage: 'http://pylint.pycqa.org/en/latest' description: >- Looks for programming errors, helps enforcing a coding standard and sniffs for some code smells. It additionally includes `pyreverse` (an UML diagram generator) and `symilar` (a similarities checker). resources: - title: Pylint Tutorial – How to Write Clean Python url: https://www.youtube.com/watch?v=fFY5103p5-c ================================================ FILE: data/tools/pylyzer.yml ================================================ name: pylyzers categories: - linter tags: - python license: MIT types: - cli source: 'https://github.com/mtshiba/pylyzer' homepage: 'https://mtshiba.github.io/pylyzer/' resources: ~ demos: ~ description: >- A static code analyzer / language server for Python, written in Rust, focused on type checking and readable output. ================================================ FILE: data/tools/pyra.yml ================================================ name: Pyra categories: - linter tags: - python license: MPL-2.0 license types: - cli source: 'https://github.com/spangea/Pyra' homepage: 'https://github.com/spangea/Pyra' description: Pyra is a high-level linter static analyzer for data science applications written in Python, that helps developers identify potential issues in their data science code written in Python, as an extension of [Lyra](https://github.com/caterinaurban/Lyra). resources: - title: Demo url: https://www.youtube.com/watch?v=D-AsyuhsTyo ================================================ FILE: data/tools/pyre-check.yml ================================================ name: pyre-check categories: - linter tags: - python license: MIT License types: - cli source: 'https://github.com/facebook/pyre-check' homepage: 'https://pyre-check.org' description: >- A fast, scalable type checker for large Python codebases. Pyre-check has been superseded by Pyrefly, its next iteration. deprecated: true ================================================ FILE: data/tools/pyrefly.yml ================================================ name: pyrefly categories: - linter tags: - python license: MIT License types: - cli source: 'https://github.com/facebook/pyrefly' homepage: 'https://pyrefly.org/' description: 'A fast, incremental type checker and language server for Python, providing IDE features like code navigation, semantic highlighting, and code completion.' ================================================ FILE: data/tools/pyright.yml ================================================ name: pyright categories: - linter tags: - python license: Other types: - cli source: 'https://github.com/Microsoft/pyright' homepage: 'https://github.com/Microsoft/pyright' description: >- Static type checker for Python, created to address gaps in existing tools like mypy. ================================================ FILE: data/tools/pyroma.yml ================================================ name: pyroma categories: - linter tags: - python license: MIT License types: - cli source: 'https://github.com/regebro/pyroma' homepage: 'https://github.com/regebro/pyroma' description: >- Rate how well a Python project complies with the best practices of the Python packaging ecosystem, and list issues that could be improved. ================================================ FILE: data/tools/pysa.yml ================================================ name: Pysa categories: - linter tags: - python license: MIT License types: - cli source: "https://github.com/facebook/pyre-check" homepage: "https://pyre-check.org/docs/pysa-basics.html" description: >- A tool based on Facebook's pyre-check to identify potential security issues in Python code identified with taint analysis. resources: - title: "Workshop: Graham Bleaney - Pysa to Identify Python Vulnerabilities - DEF CON 28SM AppSec Village" url: https://www.youtube.com/watch?v=8I3zlvtpOww ================================================ FILE: data/tools/pyt-python-taint.yml ================================================ name: PyT - Python Taint categories: - linter tags: - python deprecated: true license: GNU General Public License v2.0 types: - cli source: 'https://github.com/python-security/pyt' homepage: 'https://github.com/python-security/pyt' description: >- A static analysis tool for detecting security vulnerabilities in Python web applications. ================================================ FILE: data/tools/pytype.yml ================================================ name: pytype categories: - linter tags: - python license: Other types: - cli source: 'https://github.com/google/pytype' homepage: 'https://google.github.io/pytype' description: A static type analyzer for Python code. ================================================ FILE: data/tools/pyupgrade.yml ================================================ name: pyupgrade categories: - linter tags: - python license: MIT License types: - cli source: "https://github.com/asottile/pyupgrade" homepage: "https://pypi.org/project/pyupgrade-docs/" description: A tool (and pre-commit hook) to automatically upgrade syntax for newer versions of the language. resources: - title: Python linter comparison 2022. url: https://inventwithpython.com/blog/2022/11/19/python-linter-comparison-2022-pylint-vs-pyflakes-vs-flake8-vs-autopep8-vs-bandit-vs-prospector-vs-pylama-vs-pyroma-vs-black-vs-mypy-vs-radon-vs-mccabe/ ================================================ FILE: data/tools/qafoo-quality-analyzer.yml ================================================ name: Qafoo Quality Analyzer categories: - linter tags: - php license: GNU Affero General Public License v3.0 types: - cli source: 'https://github.com/Qafoo/QualityAnalyzer' homepage: 'https://github.com/Qafoo/QualityAnalyzer' description: Visualizes metrics and source code. ================================================ FILE: data/tools/qark.yml ================================================ name: qark categories: - linter tags: - mobile license: Other types: - cli source: 'https://github.com/linkedin/qark' homepage: 'https://github.com/linkedin/qark' description: Tool to look for several security related Android application vulnerabilities. ================================================ FILE: data/tools/quality.yml ================================================ name: quality categories: - linter tags: - ci - ruby license: MIT License types: - cli source: 'https://github.com/apiology/quality' homepage: 'https://github.com/apiology/quality' description: >- Runs quality checks on your code using community tools, and makes sure your numbers don't get any worse over time. ================================================ FILE: data/tools/qualys-container-security.yml ================================================ name: Qualys Container Security categories: - linter tags: - container - security license: proprietary types: - service homepage: https://www.qualys.com/apps/container-security description: >- Container native application protection to provide visibility and control of containerized applications. pricing: https://www.qualys.com/free-trial/ ================================================ FILE: data/tools/quantifiedcode.yml ================================================ name: QuantifiedCode categories: - linter tags: - ci - security - python deprecated: true license: BSD 3-Clause "New" or "Revised" License types: - service source: "https://github.com/quantifiedcode/quantifiedcode" homepage: "https://github.com/quantifiedcode/quantifiedcode" description: >- Automated code review & repair. It helps you to keep track of issues and metrics in your software projects, and can be easily extended to support new types of analyses. ================================================ FILE: data/tools/querly.yml ================================================ name: Querly categories: - linter tags: - ruby license: MIT License types: - cli source: 'https://github.com/soutaro/querly' homepage: 'https://github.com/soutaro/querly' description: Pattern Based Checking Tool for Ruby. ================================================ FILE: data/tools/qulice.yml ================================================ name: qulice categories: - linter tags: - java license: Other types: - cli source: 'https://github.com/teamed/qulice' homepage: 'https://www.qulice.com' description: >- Combines a few (pre-configured) static analysis tools (checkstyle, PMD, Findbugs, ...). ================================================ FILE: data/tools/qwiet.yml ================================================ name: Qwiet AI categories: - linter tags: - java - javascript - jsp - csharp - python - scala - go - configmanagement - security license: proprietary types: - service homepage: https://qwiet.ai/ description: >- Identify vulnerabilities that are unique to your code base before they reach production. Leverages the Code Property Graph (CPG) to run its analyses concurrently in a single graph of graphs. Automatically finds business logic flaws in dev like hardcoded secrets and logic bombs resources: - title: Securing Every Pull Request with ShiftLeft url: https://vimeo.com/383381584 - title: ShiftLeft Intro url: https://vimeo.com/233423863 pricing: https://www.shiftleft.io/pricing ================================================ FILE: data/tools/r-language-server.yml ================================================ name: R Language Server categories: - linter tags: - r license: MIT + file LICENSE types: - ide-plugin source: 'https://github.com/REditorSupport/languageserver/' homepage: 'https://github.com/REditorSupport/languageserver/' description: >- Provides code completion, refactoring, folding, diagnostics (with lintr), and more for R. ================================================ FILE: data/tools/radon.yml ================================================ name: radon categories: - linter tags: - python license: MIT License types: - cli source: 'https://github.com/rubik/radon' homepage: 'https://radon.readthedocs.io/en/latest' description: A Python tool that computes various metrics from the source code. ================================================ FILE: data/tools/railroader.yml ================================================ name: Railroader categories: - linter tags: - ruby license: MIT License types: - cli source: 'https://github.com/david-a-wheeler/railroader' homepage: 'https://railroader.org' description: >- An open source static analysis security vulnerability scanner for Ruby on Rails applications. ================================================ FILE: data/tools/rails_best_practices.yml ================================================ name: rails_best_practices categories: - linter tags: - ruby license: MIT License types: - cli source: 'https://github.com/flyerhzm/rails_best_practices' homepage: 'https://rails-bestpractices.com' description: 'A code metric tool for Rails projects' ================================================ FILE: data/tools/rco.yml ================================================ name: rco categories: - performance tags: - r license: GPL-3 types: - cli source: "https://github.com/jcrodriguez1989/rco" homepage: "https://jcrodriguez1989.github.io/rco/" description: Performance optimizer for R code (with GUI). ================================================ FILE: data/tools/rector.yml ================================================ name: rector categories: - linter tags: - php license: MIT types: - cli source: 'https://github.com/rectorphp/rector' homepage: 'https://getrector.org' resources: - title: "Rector: Install & Setup " url: https://www.youtube.com/watch?v=_Uk95vG3ezQ demos: - https://getrector.com/demo description: >- Instant Upgrades and Automated Refactoring of any PHP 5.3+ code. It upgrades your code for PHP 7.4, 8.0 and beyond. Rector promises a low false-positive rate because it looks for narrowly defined AST (abstract syntax tree) patterns. The main use-case are tackling technical debt in your legacy code and removing dead code. Rector provides a set of special rules for Symfony, Doctrine, PHPUnit, and many more. ================================================ FILE: data/tools/redex.yml ================================================ name: redex categories: - linter tags: - mobile license: MIT License types: - cli source: "https://github.com/facebook/redex" homepage: "https://fbredex.com" description: >- Redex provides a framework for reading, writing, and analyzing .dex files, and a set of optimization passes that use this framework to improve the bytecode. An APK optimized by Redex should be smaller and faster. resources: - title: droidcon SF 2017 - Redex, Your Build, And You url: https://www.youtube.com/watch?v=vtxJvJj6gSE - title: Optimizing Android bytecode with ReDex url: https://engineering.fb.com/android/optimizing-android-bytecode-with-redex/ - title: url: https://www.youtube.com/watch?v=h_Gkl5eAdc4 ================================================ FILE: data/tools/reek.yml ================================================ name: reek categories: - linter tags: - ruby license: MIT License types: - cli source: 'https://github.com/troessner/reek' homepage: 'https://github.com/troessner/reek' description: Code smell detector for Ruby. ================================================ FILE: data/tools/refactorfirst.yml ================================================ name: RefactorFirst categories: - linter tags: - ci - java - support license: Apache License 2.0 types: - cli source: 'https://github.com/jimbethancourt/RefactorFirst' homepage: 'https://github.com/jimbethancourt/RefactorFirst' description: >- Identifies and prioritizes God Classes and Highly Coupled classes in Java codebases you should refactor first. ================================================ FILE: data/tools/refactoring-essentials.yml ================================================ name: Refactoring Essentials categories: - linter tags: - csharp - vbnet license: MIT License types: - cli source: 'https://github.com/icsharpcode/RefactoringEssentials' homepage: >- https://marketplace.visualstudio.com/items?itemName=SharpDevelopTeam.RefactoringEssentialsforVisualStudio description: >- The free Visual Studio 2015 extension for C# and VB.NET refactorings, including code best practice analyzers. ================================================ FILE: data/tools/reflection.yml ================================================ name: Reflection categories: - linter tags: - php license: MIT types: - cli source: "https://github.com/phpDocumentor/Reflection" homepage: "https://github.com/phpDocumentor/Reflection" description: >- Reflection library to do Static Analysis for PHP Projects ================================================ FILE: data/tools/refurb.yml ================================================ name: refurb categories: - linter tags: - python license: GPL-3.0 types: - cli source: 'https://github.com/dosisod/refurb' homepage: 'https://github.com/dosisod/refurb' description: >- A tool for refurbishing and modernizing Python codebases. Refurb is heavily inspired by clippy, the built-in linter for Rust. ================================================ FILE: data/tools/regal.yml ================================================ name: Regal categories: - linter tags: - rego license: Apache License 2.0 types: - cli source: 'https://github.com/styrainc/regal' homepage: 'https://github.com/styrainc/regal' description: >- Regal is a linter for the policy language Rego. Regal aims to catch bugs and mistakes in policy code, while at the same time helping people learn the language, best practices and idiomatic constructs. resources: - title: 'Guarding the Guardrails — Introducing Regal, the Rego Linter' url: 'https://www.styra.com/blog/guarding-the-guardrails-introducing-regal-the-rego-linter' - title: 'Regal the Rego Linter, CNCF London meetup, June 2023 (video)' url: 'https://www.youtube.com/watch?v=Xx8npd2TQJ0&t=2567s' ================================================ FILE: data/tools/relint.yml ================================================ name: relint categories: - linter tags: - c - cpp - dotnet - java - javascript - jsx - python license: MIT License types: - cli source: 'https://github.com/codingjoe/relint' homepage: 'https://github.com/codingjoe/relint' description: >- A static file linter that allows you to write custom rules using regular expressions (RegEx). ================================================ FILE: data/tools/remark-lint.yml ================================================ name: remark-lint categories: - linter tags: - markdown license: MIT License types: - cli source: 'https://github.com/remarkjs/remark-lint' homepage: 'https://remark.js.org' description: Pluggable Markdown code style linter written in JavaScript. ================================================ FILE: data/tools/resharper.yml ================================================ name: ReSharper categories: - linter tags: - asp - csharp - javascript - typescript - vbnet license: proprietary types: - cli homepage: https://www.jetbrains.com/resharper description: >- Extends Visual Studio with on-the-fly code inspections for C#, VB.NET, ASP.NET, JavaScript, TypeScript and other technologies. pricing: https://www.jetbrains.com/buy ================================================ FILE: data/tools/retirejs.yml ================================================ name: retire.js categories: - linter tags: - javascript license: Other types: - cli source: 'https://github.com/RetireJS/retire.js' homepage: 'https://retirejs.github.io/retire.js' description: Scanner detecting the use of JavaScript libraries with known vulnerabilities. ================================================ FILE: data/tools/rev-dep.yml ================================================ name: Rev-dep categories: - linter tags: - typescript - javascript - jsx - ci license: MIT License types: - cli source: "https://github.com/jayu/rev-dep" homepage: "https://github.com/jayu/rev-dep" description: Dependency analysis and optimization toolkit for modern JavaScript and TypeScript projects. Trace imports, identify circular dependencies, find unused code, clean node modules. resources: - title: Install via NPM url: "https://www.npmjs.com/package/rev-dep" ================================================ FILE: data/tools/reviewdog.yml ================================================ name: Reviewdog categories: - linter tags: - ci - go license: MIT License types: - cli source: 'https://github.com/haya14busa/reviewdog' homepage: 'https://github.com/haya14busa/reviewdog' description: >- A tool for posting review comments from any linter in any code hosting service. ================================================ FILE: data/tools/revive.yml ================================================ name: revive categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/mgechev/revive' homepage: 'https://revive.run' description: >- Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint. ================================================ FILE: data/tools/rhabdomancer.yml ================================================ name: rhabdomancer categories: - linter tags: - binary license: MIT License types: - cli source: "https://github.com/0xdea/rhabdomancer" homepage: "https://crates.io/crates/rhabdomancer" resources: - title: Streamlining Vulnerability Research with the idalib Rust Bindings for IDA 9.2 url: https://hex-rays.com/blog/streamlining-vulnerability-research-idalib-rust-bindings - title: Streamlining vulnerability research with IDA Pro and Rust url: https://hnsecurity.it/blog/streamlining-vulnerability-research-with-ida-pro-and-rust description: IDA Pro headless plugin that locates calls to potentially insecure API functions in a binary file. ================================================ FILE: data/tools/rips.yml ================================================ name: RIPS categories: - linter tags: - java - nodejs - php license: proprietary types: - cli homepage: https://www.ripstech.com description: A static source code analyser for vulnerabilities in PHP scripts. pricing: https://sonarsource.com/plans-and-pricing/ ================================================ FILE: data/tools/roodi.yml ================================================ name: Roodi categories: - linter tags: - ruby license: MIT License types: - cli source: "https://github.com/roodi/roodi" homepage: "https://github.com/roodi/roodi" description: >- Roodi stands for Ruby Object Oriented Design Inferometer. It parses your Ruby code and warns you about design issues you have based on the checks that it has configured. ================================================ FILE: data/tools/roslyn-analyzers.yml ================================================ name: Roslyn Analyzers categories: - linter tags: - csharp - dotnet license: Apache License 2.0 types: - cli source: 'https://github.com/dotnet/roslyn-analyzers' homepage: 'https://github.com/dotnet/roslyn-analyzers' description: Roslyn-based implementation of FxCop analyzers. ================================================ FILE: data/tools/roslyn-security-guard.yml ================================================ name: Roslyn Security Guard categories: - linter tags: - csharp - vbnet license: GNU Lesser General Public License v3.0 types: - cli source: 'https://github.com/security-code-scan/security-code-scan' homepage: 'https://security-code-scan.github.io' description: >- Project that focuses on the identification of potential vulnerabilities such as SQL injection, cross-site scripting (XSS), CSRF, cryptography weaknesses, hardcoded passwords and many more. ================================================ FILE: data/tools/roslynator.yml ================================================ name: Roslynator categories: - linter tags: - csharp license: Apache License 2.0 types: - cli source: 'https://github.com/JosefPihrt/Roslynator' homepage: 'https://github.com/JosefPihrt/Roslynator' description: >- A collection of 190+ analyzers and 190+ refactorings for C#, powered by Roslyn. ================================================ FILE: data/tools/rpmlint.yml ================================================ name: rpmlint categories: - linter tags: - package license: GNU General Public License v2.0 types: - cli source: 'https://github.com/rpm-software-management/rpmlint' homepage: 'https://github.com/rpm-software-management/rpmlint' description: Tool for checking common errors in rpm packages. ================================================ FILE: data/tools/rslint.yml ================================================ name: RSLint categories: - linter tags: - javascript license: MIT License types: - cli source: 'https://github.com/RDambrosio016/RSLint' homepage: 'http://rslint.org/' description: >- A (WIP) JavaScript linter written in Rust designed to be as fast as possible, customizable, and easy to use. ================================================ FILE: data/tools/rubocop.yml ================================================ name: RuboCop categories: - linter tags: - ruby license: MIT License types: - cli source: 'https://github.com/rubocop-hq/rubocop' homepage: 'https://docs.rubocop.org/rubocop' resources: - title: Ruby Code Linting with RuboCop url: https://www.youtube.com/watch?v=sfOGjcMVQ9U description: 'A Ruby static code analyzer, based on the community Ruby style guide.' reviews: - https://stackshare.io/rubocop ================================================ FILE: data/tools/rubrowser.yml ================================================ name: Rubrowser categories: - linter tags: - ruby license: MIT License types: - cli source: 'https://github.com/blazeeboy/rubrowser' homepage: 'https://github.com/blazeeboy/rubrowser' description: Ruby classes interactive dependency graph generator. ================================================ FILE: data/tools/ruby-lint.yml ================================================ name: ruby-lint categories: - linter tags: - ruby deprecated: true license: "Mozilla Public License, version 2.0" types: - cli source: "https://gitlab.com/yorickpeterse/ruby-lint" homepage: "https://gitlab.com/yorickpeterse/ruby-lint" description: Static code analysis for Ruby. ================================================ FILE: data/tools/rubycritic.yml ================================================ name: rubycritic categories: - linter tags: - ruby license: MIT License types: - cli source: 'https://github.com/whitesmith/rubycritic' homepage: 'https://github.com/whitesmith/rubycritic' description: A Ruby code quality reporter. ================================================ FILE: data/tools/rudra.yml ================================================ name: Rudra categories: - linter tags: - rust license: Apache types: - cli source: https://github.com/sslab-gatech/Rudra homepage: https://github.com/sslab-gatech/Rudra description: >- Rust Memory Safety & Undefined Behavior Detection. It is capable of analyzing single Rust packages as well as all the packages on crates.io. ================================================ FILE: data/tools/ruff.yml ================================================ name: ruff categories: - linter tags: - python license: MIT License types: - cli source: 'https://github.com/charliermarsh/ruff' homepage: 'https://astral.sh/ruff' resources: - title: Python tooling could be much, much faster (announcement) url: https://notes.crmarsh.com/python-tooling-could-be-much-much-faster description: >- Fast Python linter, written in Rust. 10-100x faster than existing linters. Compatible with Python 3.10. Supports file watcher. ================================================ FILE: data/tools/rufo.yml ================================================ name: rufo categories: - formatter tags: - ruby license: MIT License types: - cli source: 'https://github.com/ruby-formatter/rufo' homepage: 'https://github.com/ruby-formatter/rufo' description: 'An opinionated ruby formatter, intended to be used via the command line as a text-editor plugin, to autoformat files on save or on demand.' ================================================ FILE: data/tools/rust-analyzer.yml ================================================ name: rust-analyzer categories: - formatter tags: - rust license: Other types: - ide-plugin source: "https://github.com/rust-analyzer/rust-analyzer" homepage: "https://rust-analyzer.github.io" description: >- Supports functionality such as 'goto definition', type inference, symbol search, reformatting, and code completion, and enables renaming and refactorings. ================================================ FILE: data/tools/rust-audit.yml ================================================ name: rust-audit categories: - linter tags: - rust - binary license: Other types: - cli source: 'https://github.com/Shnatsel/rust-audit' homepage: 'https://github.com/Shnatsel/rust-audit' description: >- Audit Rust binaries for known bugs or security vulnerabilities. This works by embedding data about the dependency tree (Cargo.lock) in JSON format into a dedicated linker section of the compiled executable. ================================================ FILE: data/tools/rust-language-server.yml ================================================ name: Rust Language Server categories: - formatter tags: - rust license: Other types: - ide-plugin source: "https://github.com/rust-lang-nursery/rls" homepage: "https://github.com/rust-lang-nursery/rls" description: >- Supports functionality such as 'goto definition', symbol search, reformatting, and code completion, and enables renaming and refactorings. ================================================ FILE: data/tools/rustfix.yml ================================================ name: rustfix categories: - linter tags: - rust license: Other types: - cli source: 'https://github.com/rust-lang/rustfix' homepage: 'https://github.com/rust-lang/rustfix' description: >- Read and apply the suggestions made by rustc (and third-party lints, like those offered by clippy). ================================================ FILE: data/tools/rustfmt.yml ================================================ name: rustfmt categories: - formatter tags: - rust license: Apache License types: - cli source: 'https://github.com/rust-lang/rustfmt' homepage: 'https://github.com/rust-lang/rustfmt' description: 'A tool for formatting Rust code according to style guidelines.' ================================================ FILE: data/tools/rustviz.yml ================================================ name: RustViz categories: - linter tags: - rust license: MIT License types: - cli source: 'https://github.com/rustviz/rustviz' homepage: 'https://github.com/rustviz/rustviz' description: >- RustViz is a tool that generates visualizations from simple Rust programs to assist users in better understanding the Rust Lifetime and Borrowing mechanism. It generates SVG files with graphical indicators that integrate with mdbook to render visualizations of data-flow in Rust programs. ================================================ FILE: data/tools/safeql.yml ================================================ name: SafeQL categories: - linter tags: - javascript - typescript - sql license: MIT types: - cli source: 'https://github.com/ts-safeql/safeql' homepage: 'https://safeql.dev' description: >- Validate and auto-generate TypeScript types from raw SQL queries in PostgreSQL. SafeQL is an ESLint plugin for writing SQL queries in a type-safe way. ================================================ FILE: data/tools/safesql.yml ================================================ name: safesql categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/stripe/safesql' homepage: 'https://github.com/stripe/safesql' description: Static analysis tool for Golang that protects against SQL injections. ================================================ FILE: data/tools/safety.yml ================================================ name: Safety categories: - linter tags: - python - security license: MIT License types: - cli source: "https://github.com/pyupio/safety" homepage: "https://safetycli.com/" description: >- Python dependency vulnerability scanner designed to enhance software supply chain security by detecting packages with known vulnerabilities. Checks Python dependencies against a database of known security vulnerabilities and provides detailed reports. Supports CI/CD integration and multiple output formats. ================================================ FILE: data/tools/saikuro.yml ================================================ name: Saikuro categories: - linter tags: - ruby license: BSD License types: - cli source: 'https://github.com/metricfu/Saikuro' homepage: 'https://metricfu.github.io/Saikuro' description: 'A Ruby cyclomatic complexity analyzer.' ================================================ FILE: data/tools/sandimeter.yml ================================================ name: SandiMeter categories: - linter tags: - ruby deprecated: true license: MIT License types: - cli source: 'https://github.com/makaroni4/sandi_meter' homepage: 'https://rubygems.org/gems/sandi_meter' description: Static analysis tool for checking Ruby code for Sandi Metz' rules. ================================================ FILE: data/tools/sass-lint.yml ================================================ name: sass-lint categories: - linter tags: - css deprecated: true license: MIT License types: - cli source: 'https://github.com/sasstools/sass-lint' homepage: 'https://github.com/sasstools/sass-lint' description: A Node-only Sass linter for both sass and scss syntax. ================================================ FILE: data/tools/sast-online.yml ================================================ name: SAST Online categories: - linter tags: - dart - java - kotlin - mobile - security license: proprietary types: - service pricing: https://sast.online/pricing plans: free: true source: "https://sast.online/" homepage: "https://sast.online/" description: >- Check the Android Source code thoroughly to uncover and address potential security concerns and vulnerabilities. Static application security testing (Static Code Analysis) tool Online ================================================ FILE: data/tools/scalastyle.yml ================================================ name: Scalastyle categories: - linter tags: - scala license: Apache License 2.0 types: - cli source: 'https://github.com/scalastyle/scalastyle' homepage: 'http://www.scalastyle.org' description: Scalastyle examines your Scala code and indicates potential problems with it. ================================================ FILE: data/tools/scan-build.yml ================================================ name: scan-build categories: - linter tags: - c - cpp license: Apache License v2.0 with LLVM Exceptions types: - cli source: 'https://clang-analyzer.llvm.org/scan-build.html' homepage: 'https://clang-analyzer.llvm.org/scan-build.html' description: Frontend to drive the Clang Static Analyzer built into Clang via a regular build. ================================================ FILE: data/tools/scapegoat.yml ================================================ name: scapegoat categories: - linter tags: - scala license: Apache License 2.0 types: - cli source: 'https://github.com/sksamuel/scapegoat' homepage: 'https://github.com/sksamuel/scapegoat' description: Scala compiler plugin for static code analysis. ================================================ FILE: data/tools/scorecard.yml ================================================ name: scorecard categories: - linter tags: - security license: Apache-2.0 License types: - cli source: 'https://github.com/ossf/scorecard' homepage: 'https://github.com/ossf/scorecard' description: >- Security Scorecards - Security health metrics for Open Source ================================================ FILE: data/tools/scrutinizer.yml ================================================ name: Scrutinizer categories: - linter tags: - ci - php - python - ruby - java - javascript - go - typescript license: proprietary types: - service deprecated: true homepage: https://scrutinizer-ci.com description: >- A proprietary code quality checker that can be integrated with GitHub. pricing: https://scrutinizer-ci.com/pricing plans: free: false oss: true ================================================ FILE: data/tools/scsslint.yml ================================================ name: scsslint categories: - linter tags: - css deprecated: true license: MIT License types: - cli source: 'https://github.com/brigade/scss-lint' homepage: 'https://github.com/brigade/scss-lint' description: Linter for SCSS files. ================================================ FILE: data/tools/security-code-scan.yml ================================================ name: Security Code Scan categories: - linter tags: - c - cpp - csharp - java - php - vbnet license: GNU Lesser General Public License v3.0 types: - ide-plugin source: 'https://github.com/security-code-scan/security-code-scan' homepage: 'https://security-code-scan.github.io' description: >- Security code analyzer for C# and VB.NET. Detects various security vulnerability patterns: SQLi, XSS, CSRF, XXE, Open Redirect, etc. Integrates into Visual Studio 2015 and newer. Detects various security vulnerability patterns: SQLi, XSS, CSRF, XXE, Open Redirect, etc. ================================================ FILE: data/tools/semgrep-supply-chain.yml ================================================ name: Semgrep Supply Chain categories: - linter tags: - go - java - javascript - python - ruby - typescript - security license: proprietary types: - service homepage: 'https://semgrep.dev/products/semgrep-supply-chain' resources: - title: Reachability analysis in Semgrep Supply Chain url: https://www.youtube.com/watch?v=dzmiQXhVMAw - title: "It's time to ignore 98% of dependency alerts" url: https://r2c.dev/blog/2022/introducing-semgrep-supply-chain/ description: >- Quickly find and remediate high-priority security issues. Semgrep Supply Chain prioritizes the 2% of vulnerabilities that are reachable from your code. ================================================ FILE: data/tools/semgrep.yml ================================================ name: Semgrep categories: - linter tags: - c - ci - configmanagement - csharp - dockerfile - go - java - javascript - json - jsx - kubernetes - nodejs - ocaml - php - python - rails - ruby - security - terraform - typescript - yaml license: GNU Lesser General Public License v2.1 types: - cli - service source: 'https://github.com/returntocorp/semgrep' homepage: 'https://semgrep.dev' resources: - title: Semgrep Quick Start Tutorial url: https://www.youtube.com/watch?v=8jyp8DkhmYo - title: Semgrep presentation by r2c at Bay Area OWASP Meetup url: https://www.youtube.com/watch?v=pul1bRIOYc8 description: >- A fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. Its rules look like the code you already write; no abstract syntax trees or regex wrestling. Supports 17+ languages. reviews: - https://stackshare.io/semgrep demos: - https://semgrep.dev/playground ================================================ FILE: data/tools/seqra.yml ================================================ name: Seqra categories: - linter tags: - security - java - spring - kotlin - ci - yaml license: MIT types: - cli source: 'https://github.com/seqra/seqra' homepage: 'https://seqra.dev' resources: - title: 'Static Analysis Showdown: How Semgrep, CodeQL, and Seqra Handle XSS Detection' url: https://seqra.dev/blog/semgrep-vs-codeql-vs-seqra description: >- Security-focused static analyzer for Java and Kotlin web applications. Analyzes bytecode with Semgrep-style YAML rules and CodeQL-grade dataflow (with first-class Spring support) to find vulnerabilities that source-only scanners miss. ================================================ FILE: data/tools/sh.yml ================================================ name: sh categories: - linter tags: - shell license: BSD-3-Clause License types: - cli source: 'https://github.com/mvdan/sh' homepage: 'https://pkg.go.dev/mvdan.cc/sh/v3' description: 'A shell parser, formatter, and interpreter with bash support; includes shfmt' ================================================ FILE: data/tools/shellcheck.yml ================================================ name: shellcheck categories: - linter tags: - shell license: GNU General Public License v3.0 types: - cli source: 'https://github.com/koalaman/shellcheck' homepage: 'https://www.shellcheck.net' description: >- ShellCheck, a static analysis tool that gives warnings and suggestions for bash/sh shell scripts. ================================================ FILE: data/tools/shellharden.yml ================================================ name: shellharden categories: - linter tags: - shell license: MPL-2.0 License types: - cli source: 'https://github.com/anordal/shellharden' homepage: 'https://github.com/anordal/shellharden' description: 'A syntax highlighter and a tool to semi-automate the rewriting of scripts to ShellCheck conformance, mainly focused on quoting.' ================================================ FILE: data/tools/shiftleft-scan.yml ================================================ name: ShiftLeft Scan categories: - linter tags: - apex - configmanagement - container - go - groovy - java - json - jsp - kotlin - nodejs - php - plsql - python - ruby - rust - scala - shell - vbasic - yaml license: Other deprecated: true types: - cli - service source: "https://github.com/ShiftLeftSecurity/sast-scan" homepage: "https://github.com/ShiftLeftSecurity/sast-scan" description: >- Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines. Note: ShiftLeft rebranded to Qwiet AI in 2023, which was subsequently acquired by Harness in September 2025. This open-source project is no longer maintained. ================================================ FILE: data/tools/shipshape.yml ================================================ name: shipshape categories: - linter tags: - c - cpp - java - php deprecated: true license: Apache License 2.0 types: - cli source: "https://github.com/google/shipshape" homepage: "https://github.com/google/shipshape" description: >- Static program analysis platform that allows custom analyzers to plug in through a common interface. ================================================ FILE: data/tools/shisho.yml ================================================ name: shisho categories: - linter tags: - go - terraform license: AGPL-3.0 types: - cli - service source: 'https://github.com/flatt-security/shisho' homepage: 'https://github.com/flatt-security/shisho' description: >- A lightweight static code analyzer designed for developers and security teams. It allows you to analyze and transform source code with an intuitive DSL similar to sed, but for code. ================================================ FILE: data/tools/sigrid.yml ================================================ name: Sigrid categories: - linter tags: - c - cpp - csharp - delphi - go - groovy - java - javascript - kotlin - lua - nodejs - objectivec - perl - php - plsql - powershell - python - r - ruby - rust - scala - shell - sql - swift - typescript - vbnet - vue license: proprietary types: - cli - service homepage: https://www.softwareimprovementgroup.com/solutions/sigrid-software-assurance-platform/ description: >- Sigrid helps you to improve your software by measuring your system's code quality, and then compares the results against a benchmark of thousands of industry systems to give you concrete advice on areas where you can improve. resources: - title: "Sigrid Security | Security without headache" url: https://www.youtube.com/watch?v=mpQxzdv4oc8 - title: Sigrid Open Source Health module url: https://www.youtube.com/watch?v=UvhV9dyXWIU pricing: https://www.softwareimprovementgroup.com/contact/ plans: free: false oss: false reviews: - https://www.capterra.com/p/219140/Sigrid/ ================================================ FILE: data/tools/similarity-tester.yml ================================================ name: Similarity Tester tags: - asm - c - cpp - java - pascal - lisp categories: - linter license: BSD 3-Clause Revised License types: - service homepage: 'https://dickgrune.com/Programs/similarity_tester/' description: A tool that finds similarities between or within files to support you encountering DRY principle violations. ================================================ FILE: data/tools/skunk.yml ================================================ name: Skunk categories: - linter tags: - ruby - rails license: MIT License types: - cli source: "https://github.com/fastruby/skunk" homepage: "https://github.com/fastruby/skunk" description: >- A SkunkScore Calculator for Ruby Code -- Find the most complicated code without test coverage! ================================================ FILE: data/tools/skylos.yml ================================================ name: Skylos categories: - linter tags: - python - typescript - go - security types: - cli homepage: https://github.com/duriantaco/skylos source: https://github.com/duriantaco/skylos license: Apache 2.0 description: 'Dead code detection, security scanning, secrets detection, and code quality analysis for Python, TypeScript, and Go. Framework-aware analysis with 98% recall. Includes CI/CD GitHub Action, VS Code extension, and MCP server for AI agent integration.' ================================================ FILE: data/tools/sleek.yml ================================================ name: sleek categories: - formatter tags: - sql license: MIT types: - cli source: "https://github.com/nrempel/sleek" homepage: "https://github.com/nrempel/sleek" description: >- Sleek is a CLI tool for formatting SQL. It helps you maintain a consistent style across your SQL code, enhancing readability and productivity. The heavy lifting is done by the sqlformat crate. ================================================ FILE: data/tools/slim-lint.yml ================================================ name: slim-lint categories: - linter tags: - template license: Other types: - cli source: 'https://github.com/sds/slim-lint' homepage: 'https://github.com/sds/slim-lint' description: Configurable tool for analyzing Slim templates. ================================================ FILE: data/tools/slither.yml ================================================ name: slither categories: - formatter tags: - smart-contracts license: GNU Affero General Public License v3.0 types: - cli source: 'https://github.com/trailofbits/slither' homepage: 'https://github.com/trailofbits/slither' description: >- Static analysis framework that runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. ================================================ FILE: data/tools/snyk.yml ================================================ name: Snyk Code categories: - linter tags: - ci - container - go - java - javascript - php - python - ruby - security - typescript - csharp license: proprietary types: - service homepage: 'https://snyk.io' pricing: https://snyk.io/plans/ plans: free: true oss: true description: >- Snyk Code finds security vulnerabilities based on AI. Its speed of analysis allow us to analyse your code in real time and deliver results when you hit the save button in your IDE. Supported languages are Java, JavaScript, Python, PHP, C#, Go and TypeScript. Integrations with GitHub, BitBucket and Gitlab. It is free to try and part of the Snyk platform also covering SCA, containers and IaC. resources: - title: Product homepage url: https://snyk.io/product/snyk-code/ - title: Intro to Snyk Code Video url: https://www.youtube.com/watch?v=fNYf0fgWOFQ ================================================ FILE: data/tools/sobelow.yml ================================================ name: sobelow categories: - linter tags: - elixir license: Apache License 2.0 types: - cli source: 'https://github.com/nccgroup/sobelow' homepage: 'https://github.com/nccgroup/sobelow' description: Security-focused static analysis for the Phoenix Framework. ================================================ FILE: data/tools/solhint.yml ================================================ name: solhint categories: - linter tags: - smart-contracts license: MIT License types: - cli source: 'https://github.com/protofire/solhint' homepage: 'https://protofire.github.io/solhint' description: >- Solhint is an open source project created by https://protofire.io. Its goal is to provide a linting utility for Solidity code. ================================================ FILE: data/tools/solium.yml ================================================ name: solium categories: - linter tags: - smart-contracts license: MIT License types: - cli source: 'https://github.com/duaraghav8/Solium' homepage: 'https://ethlint.readthedocs.io/en/latest' description: >- Solium is a linter to identify and fix style and security issues in Solidity smart contracts. ================================================ FILE: data/tools/sonar-delphi.yml ================================================ name: SonarDelphi categories: - linter tags: - delphi license: LGPL-3.0-only license types: - cli source: 'https://github.com/integrated-application-development/sonar-delphi' homepage: 'https://github.com/integrated-application-development/sonar-delphi' description: Delphi static analyzer for the SonarQube code quality platform. ================================================ FILE: data/tools/sonarqube-cloud.yml ================================================ name: SonarQube Cloud categories: - linter tags: - abap - apex - arm - c - cpp - cloudformation - cobol - csharp - css - dockerfile - go - html - java - javascript - kotlin - kubernetes - objectivec - php - plsql - python - ruby - scala - swift - terraform - typescript - tsql - vbnet - xml - ci - security license: proprietary types: - service homepage: https://sonarcloud.io description: >- SonarQube Cloud enables your team to deliver clean code consistently and efficiently with a code review tool that easily integrates into the cloud DevOps platforms and extend your CI/CD workflow. SonarQube Cloud provides a free plan. pricing: https://sonarcloud.io/pricing plans: free: false oss: true reviews: - https://www.gartner.com/reviews/market/application-security-testing/vendor/sonarsource/product/sonarcloud - https://www.peerspot.com/products/sonarcloud-reviews - https://www.g2.com/products/sonarcloud/reviews ================================================ FILE: data/tools/sonarqube-for-ide.yml ================================================ name: SonarQube for IDE categories: - linter tags: - c - cpp - cloudformation - cobol - csharp - css - dockerfile - go - html - java - javascript - kotlin - kubernetes - php - plsql - python - ruby - scala - swift - terraform - typescript - tsql - vbnet - xml - security license: GNU Lesser General Public License v3.0 types: - cli source: 'https://github.com/SonarSource/sonarlint-intellij' homepage: 'https://sonarlint.org' description: >- SonarQube for IDE (formerly SonarLint) is a free IDE extension available for IntelliJ, VS Code, Visual Studio, and Eclipse, to find and fix coding issues in real-time, flagging issues as you code, just like a spell-checker. More than a linter, it also delivers rich contextual guidance to help developers understand why there is an issue, assess the risk, and educate them on how to fix it. ================================================ FILE: data/tools/sonarqube-server.yml ================================================ name: SonarQube Server categories: - linter tags: - abap - apex - arm - c - cpp - cloudformation - cobol - csharp - css - dockerfile - go - html - java - javascript - kotlin - kubernetes - objectivec - php - plsql - python - ruby - scala - swift - terraform - typescript - tsql - vbnet - xml - ci - security license: GNU Lesser General Public License v3.0 types: - service source: "https://github.com/SonarSource/sonarqube" homepage: "https://sonarqube.org" description: SonarQube empowers development teams with a code quality and security solution that deeply integrates into your enterprise environment; enabling you to deploy clean code consistently and reliably. SonarQube provides a free and open source Community Build. pricing: "https://www.sonarsource.com/plans-and-pricing/" resources: - title: Write Cleaner, Safer, Modern C++ Code with SonarQube url: https://www.youtube.com/watch?v=WPHVPbxCAwE - title: Write cleaner, safer Python code with SonarQube url: https://www.youtube.com/watch?v=ow-yuIlCuHk demos: - https://next.sonarqube.com/sonarqube/projects reviews: - https://www.gartner.com/reviews/market/application-security-testing/vendor/sonarsource/product/sonarqube - https://www.capterra.com/p/210481/SonarQube/ - https://www.peerspot.com/products/sonarqube-reviews ================================================ FILE: data/tools/sonatype.yml ================================================ name: Sonatype categories: - linter tags: - ci - security - java - kotlin - go - scala - clojure - groovy - javascript - coffeescript - csharp - vbasic - fsharp - python - ruby - swift - php - objectivec - c - cpp - rust - r license: proprietary types: - service source: https://www.sonatype.com homepage: https://www.sonatype.com description: >- Reports known vulnerabilities in common dependencies and recommends updated packages to minimize breaking changes pricing: https://www.sonatype.com/products/pricing ================================================ FILE: data/tools/soot.yml ================================================ name: Soot categories: - linter tags: - java license: GNU Lesser General Public License v2.1 types: - cli source: 'https://github.com/soot-oss/soot' homepage: 'https://soot-oss.github.io/soot' description: A framework for analyzing and transforming Java and Android applications. ================================================ FILE: data/tools/sorbet.yml ================================================ name: Sorbet categories: - linter tags: - ruby license: Apache License 2.0 types: - cli source: 'https://github.com/sorbet/sorbet' homepage: 'https://sorbet.org' description: 'A fast, powerful type checker designed for Ruby.' ================================================ FILE: data/tools/soto.yml ================================================ name: Soto Platform categories: - linter tags: - abap - c - cpp - csharp - php - typescript - java license: proprietary types: - cli homepage: "https://www.hello2morrow.com/products/sotograph" description: >- Suite of static analysis tools consisting of the three components Sotoarc (Architecture Analysis), Sotograph (Quality Analysis), and Sotoreport (Quality report). Helps find differences between architecture and implementation, interface violations (e.g. external access of private parts of subsystems, detection of all classes, files, packages and subsystems which are strongly coupled by cyclical relationships and more. The Sotograph product family runs on Windows and Linux. ================================================ FILE: data/tools/sourcemeter.yml ================================================ name: SourceMeter categories: - linter tags: - c - cpp - java - csharp - python license: proprietary types: - cli homepage: https://www.sourcemeter.com/ description: >- Static Code Analysis for C/C++, Java, C#, Python, and RPG III and RPG IV versions (including free-form). pricing: https://www.sourcemeter.com/download plans: free: true oss: false ================================================ FILE: data/tools/spark.yml ================================================ name: SPARK categories: - linter tags: - ada license: proprietary types: - cli homepage: https://www.adacore.com/about-spark description: Static analysis and formal verification toolset for Ada. pricing: https://www.adacore.com/pricing ================================================ FILE: data/tools/specificity-graph.yml ================================================ name: Specificity Graph categories: - linter tags: - css license: MIT License types: - cli source: "https://github.com/pocketjoso/specificity-graph" homepage: "https://github.com/pocketjoso/specificity-graph" description: CSS Specificity Graph Generator. ================================================ FILE: data/tools/spectral.yml ================================================ name: Spectral categories: - linter tags: - json - yaml license: Apache License 2.0 types: - cli source: 'https://github.com/stoplightio/spectral' homepage: 'https://stoplight.io/open-source/spectral' description: >- A flexible JSON/YAML linter, with out-of-the-box support for OpenAPI v2/v3 and AsyncAPI v2. ================================================ FILE: data/tools/splint.yml ================================================ name: splint categories: - linter tags: - c - cpp license: Other types: - cli source: 'https://github.com/ravenexp/splint' homepage: 'http://splint.org' description: Annotation-assisted static program checker. ================================================ FILE: data/tools/spoon.yml ================================================ name: Spoon categories: - formatter tags: - java license: Other types: - cli source: 'https://github.com/INRIA/spoon' homepage: 'https://spoon.gforge.inria.fr' description: >- Spoon is a metaprogramming library to analyze and transform Java source code (incl Java 9, 10, 11, 12, 13, 14). It parses source files to build a well-designed AST with powerful analysis and transformation API. Can be integrated in Maven and Gradle. ================================================ FILE: data/tools/spotbugs.yml ================================================ name: SpotBugs categories: - linter tags: - java license: GNU Lesser General Public License v2.1 types: - cli source: 'https://github.com/spotbugs/spotbugs' homepage: 'https://spotbugs.github.io' description: >- SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code. ================================================ FILE: data/tools/sqlcheck.yml ================================================ name: sqlcheck categories: - linter tags: - sql license: Apache License 2.0 types: - cli source: 'https://github.com/jarulraj/sqlcheck' homepage: 'https://github.com/jarulraj/sqlcheck' resources: - title: "SQLCheck: Automated Detection and Diagnosis of SQL Anti-Patterns" url: https://www.youtube.com/watch?v=5vHhuuPy3FI description: Automatically identify anti-patterns in SQL queries. ================================================ FILE: data/tools/sqlfluff.yml ================================================ name: SQLFluff categories: - linter - formatter tags: - sql license: MIT License types: - cli source: 'https://github.com/sqlfluff/sqlfluff' homepage: 'https://www.sqlfluff.com/' description: Multiple dialect SQL linter and formatter. resources: - title: Official SQLFluff documentation url: https://docs.sqlfluff.com/en/stable/ ================================================ FILE: data/tools/sqlint.yml ================================================ name: sqlint categories: - linter tags: - sql license: MIT License types: - cli source: 'https://github.com/purcell/sqlint' homepage: 'https://github.com/purcell/sqlint' description: Simple SQL linter. ================================================ FILE: data/tools/sqlvet.yml ================================================ name: sqlvet categories: - linter tags: - go - sql license: MIT License types: - cli source: 'https://github.com/houqp/sqlvet' homepage: 'https://github.com/houqp/sqlvet' description: >- Performs static analysis on raw SQL queries in your Go code base to surface potential runtime errors. It checks for SQL syntax error, identifies unsafe queries that could potentially lead to SQL injections makes sure column count matches value count in INSERT statements and validates table- and column names. ================================================ FILE: data/tools/squawk.yml ================================================ name: squawk categories: - linter tags: - sql license: GPL-3.0 License types: - cli source: 'https://github.com/sbdchd/squawk' homepage: 'https://squawkhq.com' description: >- Linter for PostgreSQL, focused on migrations. Prevents unexpected downtime caused by database migrations and encourages best practices around Postgres schemas and SQL. ================================================ FILE: data/tools/stan.yml ================================================ name: Stan categories: - linter tags: - haskell license: Mozilla Public License 2.0 types: - cli source: 'https://github.com/kowainik/stan' homepage: 'https://kowainik.github.io/projects/stan' description: >- Stan is a command-line tool for analysing Haskell projects and outputting discovered vulnerabilities in a helpful way with possible solutions for detected problems. ================================================ FILE: data/tools/standard-ruby.yml ================================================ name: Standard Ruby categories: - linter tags: - ruby license: MIT License types: - cli source: 'https://github.com/testdouble/standard' homepage: 'https://github.com/testdouble/standard' description: >- Ruby Style Guide, with linter & automatic code fixer ================================================ FILE: data/tools/standard.yml ================================================ name: standard categories: - linter tags: - javascript - nodejs license: MIT License types: - cli source: 'https://github.com/standard/standard' homepage: 'http://standardjs.com' description: An npm module that checks for Javascript Styleguide issues. ================================================ FILE: data/tools/staticcheck.yml ================================================ name: staticcheck categories: - linter tags: - go license: Other types: - cli source: 'https://github.com/dominikh/go-tools' homepage: 'https://staticcheck.io' resources: - title: "GopherCon 2019: Denis Isaev - Go Linters: Myths and Best Practices" url: https://www.youtube.com/watch?v=1U-Gzz4TYP0 description: >- Go static analysis that specialises in finding bugs, simplifying code and improving performance. ================================================ FILE: data/tools/staticlint.yml ================================================ name: StaticLint categories: - linter tags: - julia license: Other types: - cli source: 'https://github.com/julia-vscode/StaticLint.jl' homepage: 'https://github.com/julia-vscode/StaticLint.jl' description: Static Code Analysis for Julia ================================================ FILE: data/tools/staticreviewer.yml ================================================ name: StaticReviewer categories: - linter tags: - csharp - vbnet - asp - aspnet - java - javascript - jsp - json - typescript - apex - python - r - go - kotlin - clojure - groovy - actionscript - powershell - rust - lua - xml - c - cpp - php - scala - objectivec - swift - shell - cobol - plsql - vba - abap - sql - tsql license: proprietary types: - cli homepage: >- https://securityreviewer.atlassian.net/wiki/spaces/KC/pages/196633/Static+Reviewer description: >- Static Reviewer executes code checks according to the most relevant Secure Coding Standards, OWASP, CWE, CVE, CVSS, MISRA, CERT, for 40+ programming languages, using 1000+ built-in validation rules for Security, Deadcode & Best Practices Available a module for Software Composition Analysis (SCA) to find vulnerabilities in open source and third party libraries. ================================================ FILE: data/tools/statix.yml ================================================ name: statix categories: - linter tags: - nix license: MIT types: - cli source: "https://github.com/nerdypepper/statix" homepage: "https://github.com/nerdypepper/statix" description: >- Lints and suggestions for the Nix programming language. "statix check" highlights antipatterns in Nix code. "statix fix" can fix several such occurrences. ================================================ FILE: data/tools/stc.yml ================================================ name: stc categories: - linter tags: - typescript license: Apache-2.0 types: - cli source: 'https://github.com/dudykr/stc' homepage: 'https://stc.dudy.dev' description: >- Speedy TypeScript type checker written in Rust ================================================ FILE: data/tools/steady.yml ================================================ name: steady categories: - linter tags: - java license: Apache-2.0 types: - cli deprecated: true source: "https://github.com/eclipse/steady" homepage: "https://eclipse.github.io/steady/" description: >- Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. ================================================ FILE: data/tools/steampunk-spotter.yml ================================================ name: Steampunk Spotter categories: - linter - formatter tags: - ansible - configmanagement - security license: proprietary types: - cli - gui - service - ide-plugin source: 'https://gitlab.com/xlab-steampunk/steampunk-spotter-client/spotter-cli' homepage: 'https://steampunk.si/spotter/' pricing: 'https://steampunk.si/spotter/pricing' plans: free: true oss: false resources: - title: 'Steampunk Spotter: Simplify and Speed up Ansible Upgrades' url: https://www.youtube.com/watch?v=JIzph_gqf08 - title: 'Steampunk Spotter: Demo' url: https://www.youtube.com/watch?v=yeggNPmtv04 description: 'Ansible Playbook Scanning Tool that analyzes and offers recommendations for your playbooks.' ================================================ FILE: data/tools/steep.yml ================================================ name: Steep categories: - linter tags: - ruby license: MIT License types: - cli source: 'https://github.com/soutaro/steep' homepage: 'https://github.com/soutaro/steep' description: 'Gradual Typing for Ruby.' ================================================ FILE: data/tools/stoke.yml ================================================ name: STOKE categories: - formatter tags: - asm license: Other types: - cli source: 'https://github.com/StanfordPL/stoke' homepage: 'https://github.com/StanfordPL/stoke' description: >- A programming-language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations. ================================================ FILE: data/tools/structcheck.yml ================================================ name: structcheck categories: - linter tags: - go license: GPL-3.0-only (original text) types: - cli source: 'https://gitlab.com/opennota/check' homepage: 'https://gitlab.com/opennota/check' description: Find unused struct fields. ================================================ FILE: data/tools/structslop.yml ================================================ name: structslop categories: - linter - formatter tags: - go license: Apache License 2.0 types: - cli source: 'https://github.com/orijtech/structslop' homepage: 'https://github.com/orijtech/structslop' description: Static analyzer for Go that recommends struct field rearrangements to provide for maximum space/allocation efficiency ================================================ FILE: data/tools/stylelint.yml ================================================ name: Stylelint categories: - linter tags: - css license: MIT License types: - cli source: 'https://github.com/stylelint/stylelint' homepage: 'http://stylelint.io' description: Linter for SCSS/CSS files. ================================================ FILE: data/tools/styler.yml ================================================ name: styler categories: - formatter tags: - r license: GPL-3 types: - cli source: 'https://github.com/r-lib/styler' homepage: 'https://styler.r-lib.org' description: Formatting of R source code files and pretty-printing of R code. ================================================ FILE: data/tools/super-linter.yml ================================================ name: Super-Linter categories: - linter tags: - coffeescript - configmanagement - container - go - javascript - json - markdown - perl - python - ruby - shell - typescript - xml - yaml license: MIT License types: - cli source: 'https://github.com/github/super-linter' homepage: 'https://github.com/github/super-linter' resources: - title: "The Easiest Way to Lint Your Code: GitHub Super Linter Deep Dive" url: https://www.youtube.com/watch?v=BCrtoZ04L1Y description: Combination of multiple linters to install as a GitHub Action. ================================================ FILE: data/tools/svace.yml ================================================ name: Svace categories: - linter tags: - c - cpp - csharp - java - go - security license: proprietary types: - cli homepage: https://www.ispras.ru/en/technologies/svace/ description: >- Static code analysis tool for Java,C,C++,C#,Go. ================================================ FILE: data/tools/svf.yml ================================================ name: SVF categories: - linter tags: - c - cpp license: Other types: - cli source: 'https://github.com/SVF-tools/SVF' homepage: 'https://svf-tools.github.io/SVF' description: >- A static tool that enables scalable and precise interprocedural dependence analysis for C and C++ programs. ================================================ FILE: data/tools/svls.yml ================================================ name: svls categories: - linter tags: - verilog license: MIT License types: - cli source: 'https://github.com/dalance/svls' homepage: 'https://github.com/dalance/svls' description: >- A Language Server Protocol implementation for Verilog and SystemVerilog, including lint capabilities. ================================================ FILE: data/tools/swiftformat.yml ================================================ name: SwiftFormat categories: - formatter tags: - swift license: MIT License types: - cli source: 'https://github.com/nicklockwood/SwiftFormat' homepage: 'https://github.com/nicklockwood/SwiftFormat' description: A library and command-line formatting tool for reformatting Swift code. ================================================ FILE: data/tools/swiftlint.yml ================================================ name: SwiftLint categories: - linter tags: - swift license: MIT License types: - cli - ide-plugin source: "https://github.com/realm/SwiftLint" homepage: "https://realm.github.io/SwiftLint" description: A tool to enforce Swift style and conventions. resources: - title: "Mastering SwiftLint for Code Readability" url: "https://www.youtube.com/watch?v=4YQ6DJ-xovY" - title: "The Road to Cleaner Code w/ SwiftLint" url: https://academy.realm.io/posts/slug-jp-simard-swiftlint/ reviews: - https://plugins.jetbrains.com/plugin/9175-swiftlint ================================================ FILE: data/tools/symfony-insight.yml ================================================ name: Symfony Insight categories: - linter tags: - php - ci - security license: proprietary types: - service homepage: https://insight.symfony.com/ description: >- Detect security risks, find bugs and provide actionable metrics for PHP projects. pricing: https://insight.symfony.com/pricing ================================================ FILE: data/tools/synopsys.yml ================================================ name: Synopsys categories: - linter tags: - c - ci - cpp - csharp - fortran - java - javascript - mobile - nodejs - php - python - ruby - swift license: proprietary types: - cli homepage: >- https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html pricing: https://www.blackduck.com/static-analysis-tools-sast/coverity/get-pricing.html plans: free: false oss: true description: >- A commercial static analysis platform that allows for scanning of multiple languages (C/C++, Android, C#, Java, JS, PHP, Python, Node.JS, Ruby, Fortran, and Swift). ================================================ FILE: data/tools/sys.yml ================================================ name: Sys categories: - linter tags: - ocaml license: GPL-2.0 License types: - cli source: 'https://github.com/PLSysSec/sys' homepage: 'https://github.com/PLSysSec/sys' description: >- A static/symbolic Tool for finding bugs in (browser) code. It uses the LLVM AST to find bugs like uninitialized memory access. ================================================ FILE: data/tools/sysdig.yml ================================================ name: sysdig categories: - linter tags: - container types: - service license: proprietary homepage: 'https://sysdig.com/' description: >- A secure DevOps platform for cloud and container forensics. Built on an open source stack, Sysdig provides Docker image scanning and created Falco, the open standard for runtime threat detection for containers, Kubernetes and cloud. resources: - title: "Run confidently with secure DevOps" url: "https://www.youtube.com/watch?v=KXfZWprVr0w" ================================================ FILE: data/tools/tailor.yml ================================================ name: Tailor categories: - linter tags: - swift deprecated: true license: MIT License types: - cli source: 'https://github.com/sleekbyte/tailor' homepage: 'https://sleekbyte.github.io/tailor' description: >- A static analysis and lint tool for source code written in Apple's Swift programming language. ================================================ FILE: data/tools/tangleguard.yml ================================================ name: TangleGuard categories: - linter - meta tags: - rust - ci license: proprietary plans: free: false oss: true types: - cli - service wrapper: false source: "https://github.com/TangleGuard" homepage: "https://tangleguard.com/" resources: - title: TangleGuard Cloud url: https://app.tangleguard.com/ - title: TangleGuard Preview url: https://youtu.be/whzbP1Hnsqs - title: TangleGuard Documentation url: https://docs.tangleguard.com/ demo: - https://app.tangleguard.com/project/github.com/TangleGuard/TangleGuard description: >- Helps you understand and maintain a scalable software architecture. To do so, it generates a interactive, nested dependency graph out of the source code. You can choose the level of details and get the portion of your codebase that matters to you. ================================================ FILE: data/tools/tca.yml ================================================ name: TencentCodeAnalysis categories: - linter tags: - ci - csharp - css - go - html - java - javascript - kotlin - php - python - scala - typescript - xml - c - cpp license: MIT License types: - service - cli source: 'https://github.com/Tencent/CodeAnalysis' deprecated: true homepage: 'https://tca.tencent.com/' description: >- Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It integrates of a number of self-developed tools, and also supports dynamic integration of code analysis tools in various programming languages. ================================================ FILE: data/tools/tclchecker.yml ================================================ name: tclchecker categories: - linter tags: - tcl license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/ActiveState/tdk/blob/master/docs/3.0/TDK_3.0_Checker.txt' homepage: 'https://github.com/ActiveState/tdk/blob/master/docs/3.0/TDK_3.0_Checker.txt' description: >- A static syntax analysis module (as part of [TDK](https://github.com/ActiveState/tdk)). ================================================ FILE: data/tools/teamscale.yml ================================================ name: Teamscale categories: - linter tags: - abap - c - ci - cpp - csharp - java license: proprietary types: - service - ide-plugin homepage: https://teamscale.com description: >- Static and dynamic analysis tool supporting more than 25 languages and direct IDE integration. Free hosting for Open Source projects available on request. Free academic licenses available. resources: - title: "CQSE Webinar: Architekturanalyse mit Teamscale (German)" url: https://www.youtube.com/watch?v=fJVjv0153-U - title: Teamscale Integration for Visual Studio url: https://marketplace.visualstudio.com/items?itemName=CQSEGmbH.Teamscale pricing: https://teamscale.com/pricing plans: free: false oss: false ================================================ FILE: data/tools/tern.yml ================================================ name: tern categories: - linter tags: - javascript license: MIT License types: - cli source: 'https://github.com/ternjs/tern' homepage: 'https://ternjs.net' description: 'A JavaScript code analyzer for deep, cross-editor language support.' ================================================ FILE: data/tools/terraform-compliance.yml ================================================ name: terraform-compliance categories: - linter tags: - configmanagement license: MIT License types: - cli source: 'https://github.com/eerkunt/terraform-compliance' homepage: 'https://terraform-compliance.com' description: >- A lightweight, compliance- and security focused, BDD test framework against Terraform. ================================================ FILE: data/tools/terrascan.yml ================================================ name: terrascan categories: - linter tags: - configmanagement license: Apache License 2.0 types: - cli source: 'https://github.com/cesar-rodriguez/terrascan' homepage: 'https://github.com/cesar-rodriguez/terrascan' description: >- Collection of security and best practice tests for static code analysis of Terraform templates. ================================================ FILE: data/tools/test.yml ================================================ name: test categories: - linter tags: - go license: BSD-3-Clause (original text) types: - cli source: 'https://pkg.go.dev/testing' homepage: 'https://pkg.go.dev/testing' description: Show location of test failures from the stdlib testing module. ================================================ FILE: data/tools/texlab.yml ================================================ name: TeXLab categories: - linter tags: - latex license: GNU General Public License v3.0 types: - cli source: 'https://github.com/latex-lsp/texlab' homepage: 'https://texlab.netlify.app' description: >- A Language Server Protocol implementation for TeX/LaTeX, including lint capabilities. ================================================ FILE: data/tools/textlint.yml ================================================ name: textlint categories: - linter tags: - markdown license: MIT Licence types: - cli source: "https://github.com/textlint/textlint" homepage: "https://textlint.github.io/" description: textlint is an open source text linting utility written in JavaScript. ================================================ FILE: data/tools/tflint.yml ================================================ name: tflint categories: - linter tags: - configmanagement license: Mozilla Public License 2.0 types: - cli source: 'https://github.com/wata727/tflint' homepage: 'https://github.com/wata727/tflint' description: >- A Terraform linter for detecting errors that can not be detected by `terraform plan`. ================================================ FILE: data/tools/tfsec.yml ================================================ name: tfsec categories: - linter tags: - configmanagement - security license: MIT License types: - cli source: 'https://github.com/tfsec/tfsec' homepage: 'https://github.com/tfsec/tfsec' description: >- Terraform static analysis tool that prevents potential security issues by checking cloud misconfigurations at build time and directly integrates with the HCL parser for better results. Checks for violations of AWS, Azure and GCP security best practice recommendations. ================================================ FILE: data/tools/threatmapper.yml ================================================ name: ThreatMapper categories: - linter tags: - container - ci - security - java - go - php - nodejs - javascript - ruby - dotnet - rust - python license: Apache-2.0 License types: - service source: "https://github.com/deepfence/ThreatMapper" homepage: "https://github.com/deepfence/ThreatMapper" description: >- Vulnerability Scanner and Risk Evaluation for containers, serverless and hosts at runtime. ThreatMapper generates runtime BOMs from dependencies and operating system packages, matches against multiple threat feeds, scans for unprotected secrets, and scores issues based on severity and risk-of-exploit. ================================================ FILE: data/tools/todocheck.yml ================================================ name: todocheck categories: - linter tags: - javascript - typescript - python - c - cpp - scala - java - rust - swift - go - groovy - csharp - shell - php - r license: MIT types: - cli source: 'https://github.com/preslavmihaylov/todocheck' homepage: 'https://github.com/preslavmihaylov/todocheck' description: Linter for integrating annotated TODOs with your issue trackers ================================================ FILE: data/tools/traceroute.yml ================================================ name: Traceroute categories: - linter tags: - ruby - rails license: MIT License types: - cli source: "https://github.com/amatsuda/traceroute" homepage: "https://github.com/amatsuda/traceroute" description: >- A Rake task gem that helps you find the unused routes and controller actions for your Rails 3+ app. ================================================ FILE: data/tools/trivy.yml ================================================ name: trivy categories: - linter tags: - container - ruby - php - nodejs - javascript - rust license: Apache-2.0 License types: - cli source: 'https://github.com/aquasecurity/trivy' homepage: 'https://github.com/aquasecurity/trivy' description: > A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Checks containers and filesystems. ================================================ FILE: data/tools/trufflehog.yml ================================================ name: trufflehog categories: - linter tags: - security license: AGPL-3.0 types: - cli source: 'https://github.com/trufflesecurity/trufflehog' homepage: 'https://trufflesecurity.com' description: >- Find credentials all over the place TruffleHog is an open source secret-scanning engine that resolves exposed secrets across your company’s entire tech stack. ================================================ FILE: data/tools/trunk.yml ================================================ name: trunk categories: - linter - formatter tags: - javascript - typescript - ansible - c - cpp - cloudformation - dockerfile - go - java - markdown - protobuf - python - ruby - rust - terraform license: proprietary types: - cli source: https://github.com/trunk-io/ homepage: https://trunk.io description: >- Modern repositories include many technologies, each with its own set of linters. With 30+ linters and counting, Trunk makes it dead-simple to identify, install, configure, and run the right linters, static analyzers, and formatters for all your repos. resources: - title: Trunk GitHub Action url: https://github.com/trunk-io/trunk-action - title: Community Slack Channel url: https://slack.trunk.io pricing: https://trunk.io/pricing plans: free: true oss: true ================================================ FILE: data/tools/trustinsoft.yml ================================================ name: TrustInSoft Analyzer categories: - linter tags: - c - cpp license: proprietary types: - cli homepage: 'https://trust-in-soft.com' description: >- Exhaustive detection of coding errors and their associated security vulnerabilities. This encompasses a sound undefined behavior detection (buffer overflows, out-of-bounds array accesses, null-pointer dereferences, use-after-free, divide-by-zeros, uninitialized memory accesses, signed overflows, invalid pointer arithmetic, etc.), data flow and control flow verification as well as full functional verification of formal specifications. All versions of C up to C18 and C++ up to C++20 are supported. TrustInSoft Analyzer will acquire ISO 26262 qualification in Q2'2023 (TCL3). A MISRA C checker is also bundled. resources: - title: TrustInSoft blog url: https://trust-in-soft.com/resources/news/ - title: TrustInSoft white papers url: https://trust-in-soft.com/resources/news/?_types=white-papers demos: - https://github.com/TrustInSoft/demos - https://github.com/TrustInSoft/jenkins-demos reviews: - https://www.gartner.com/reviews/market/application-security-testing/vendor/trustinsoft/reviews ================================================ FILE: data/tools/tscancode.yml ================================================ name: TscanCode categories: - linter tags: - c - cpp - csharp - lua license: Other types: - cli source: 'https://github.com/Tencent/TscanCode' homepage: 'https://github.com/Tencent/TscanCode' description: >- A fast and accurate static analysis solution for C/C++, C#, Lua codes provided by Tencent. Using GPLv3 license. ================================================ FILE: data/tools/tslint-clean-code.yml ================================================ name: tslint-clean-code categories: - linter tags: - typescript license: Other types: - cli source: 'https://github.com/Glavin001/tslint-clean-code' homepage: 'https://www.npmjs.com/package/tslint-clean-code' description: A set of TSLint rules inspired by the Clean Code handbook. ================================================ FILE: data/tools/tslint-microsoft-contrib.yml ================================================ name: tslint-microsoft-contrib categories: - linter tags: - typescript deprecated: true license: MIT License types: - cli source: 'https://github.com/Microsoft/tslint-microsoft-contrib' homepage: 'https://github.com/Microsoft/tslint-microsoft-contrib' description: >- A set of tslint rules for static code analysis of TypeScript projects maintained by Microsoft. ================================================ FILE: data/tools/tslint.yml ================================================ name: tslint categories: - linter tags: - typescript license: Apache-2.0 license deprecated: true types: - cli source: 'https://github.com/palantir/tslint' homepage: 'https://palantir.github.io/tslint/' resources: - title: "Nextjs: tslint to eslint" url: https://www.youtube.com/watch?v=qXzIW4CfpxA description: >- TSLint has been deprecated as of 2019. Please see [this issue](https://github.com/palantir/tslint/issues/4534) for more details. `typescript-eslint` is now your best option for linting TypeScript. TSLint is an extensible static analysis tool that checks TypeScript code for readability, maintainability, and functionality errors. It is widely supported across modern editors & build systems and can be customized with your own lint rules, configurations, and formatters. ================================================ FILE: data/tools/tsqllint.yml ================================================ name: tsqllint categories: - linter tags: - sql license: MIT License types: - cli source: 'https://github.com/tsqllint/tsqllint' homepage: 'https://github.com/tsqllint/tsqllint' description: T-SQL-specific linter. ================================================ FILE: data/tools/tsqlrules.yml ================================================ name: TSqlRules categories: - linter tags: - sql license: MIT License types: - cli source: 'https://github.com/ashleyglee/TSqlRules' homepage: 'https://github.com/ashleyglee/TSqlRules' description: TSQL Static Code Analysis Rules for SQL Server. ================================================ FILE: data/tools/tsunami.yml ================================================ name: Tsunami Security Scanner categories: - linter tags: - security license: Apache-2.0 License types: - cli source: 'https://github.com/google/tsunami-security-scanner' homepage: 'https://github.com/google/tsunami-security-scanner' description: >- A general purpose network security scanner with an extensible plugin system for detecting high severity RCE-like vulnerabilities with high confidence. Custom detectors for finding vulnerabilities (e.g. open APIs) can be added. resources: - title: "Tsunami Security Scanner from Google: Identify Critical vulnerabilities with high confidence - LAB" url: https://www.youtube.com/watch?v=SMlWes1XnWw ================================================ FILE: data/tools/tuli.yml ================================================ name: Tuli categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/ircmaxell/Tuli' homepage: 'https://github.com/ircmaxell/Tuli' description: A static analysis engine. ================================================ FILE: data/tools/twig-lint.yml ================================================ name: twig-lint categories: - linter tags: - php license: MIT License types: - cli source: 'https://github.com/asm89/twig-lint' homepage: 'https://github.com/asm89/twig-lint' description: twig-lint is a lint tool for your twig files. ================================================ FILE: data/tools/twiggy.yml ================================================ name: Twiggy categories: - linter tags: - binary - wasm license: Other types: - cli source: "https://github.com/rustwasm/twiggy" homepage: "https://github.com/rustwasm/twiggy" description: >- Analyzes a binary's call graph to profile code size. The goal is to slim down wasm binary size. ================================================ FILE: data/tools/ty.yml ================================================ name: ty categories: - linter tags: - python license: Other types: - cli source: 'https://github.com/astral-sh/ty' homepage: 'https://docs.astral.sh/ty/' description: >- An extremely fast Python type checker written in Rust. ================================================ FILE: data/tools/typescript-call-graph.yml ================================================ name: TypeScript Call Graph categories: - linter tags: - typescript license: MIT License types: - cli source: 'https://github.com/whyboris/TypeScript-Call-Graph' homepage: 'https://github.com/whyboris/TypeScript-Call-Graph' description: >- CLI to generate an interactive graph of functions and calls from your TypeScript files ================================================ FILE: data/tools/typescript-eslint.yml ================================================ name: TypeScript ESLint categories: - linter tags: - typescript license: Other types: - cli source: "https://github.com/typescript-eslint/typescript-eslint" homepage: "https://github.com/typescript-eslint/typescript-eslint" description: TypeScript language extension for eslint. resources: - title: VSCode ESLint, Prettier & Airbnb Style Guide Setup url: https://www.youtube.com/watch?v=SydnKbGc7W8 ================================================ FILE: data/tools/typl.yml ================================================ name: TypL categories: - linter tags: - javascript license: MIT License types: - cli source: 'https://github.com/getify/TypL' homepage: 'https://typl.dev' description: >- With TypL, you just write completely standard JS, and the tool figures out your types via powerful inferencing. ================================================ FILE: data/tools/typos ================================================ name: typos categories: - linter tags: - writing license: Apache License types: - cli source: 'https://github.com/crate-ci/typos' homepage: 'https://github.com/crate-ci/typos' description: >- Finds and corrects spelling mistakes in source code. Fast enough to run on monorepos and low false positives so you can run on PRs. ================================================ FILE: data/tools/unconvert.yml ================================================ name: unconvert categories: - linter tags: - go license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/mdempsky/unconvert' homepage: 'https://github.com/mdempsky/unconvert' description: Detect redundant type conversions. ================================================ FILE: data/tools/undebt.yml ================================================ name: Undebt categories: - linter tags: - c - cpp - java - php license: Other types: - cli source: 'https://github.com/Yelp/undebt' homepage: 'https://github.com/Yelp/undebt' description: >- Language-independent tool for massive, automatic, programmable refactoring based on simple pattern definitions. ================================================ FILE: data/tools/understand.yml ================================================ name: Understand categories: - linter tags: - ada - asm - c - cpp - csharp - cobol - css - fortran - html - java - javascript - delphi - php - python - vbnet - xml license: proprietary types: - cli homepage: https://www.scitools.com resources: - title: What is Understand? url: https://www.youtube.com/watch?v=QXxciTA1R4k - title: Basic Navigation in Understand url: https://www.youtube.com/watch?v=YDd9J2Fs5Ug - title: Tell a story about your code in just one image using Graphs url: https://www.youtube.com/watch?v=mZRWN6ukUig description: >- Code visualization tool that provides code analysis, standards testing, metrics, graphing, dependency analysis and more for Ada, VHDL, and others. pricing: https://www.scitools.com/pricing ================================================ FILE: data/tools/unibeautify.yml ================================================ name: Unibeautify categories: - formatter tags: - c - cpp - css - go - html - java - javascript - jsx - markdown - objectivec - php - python - typescript - vue license: MIT License types: - cli - service source: "https://github.com/unibeautify/unibeautify" homepage: "https://unibeautify.com" description: >- Universal code beautifier with a GitHub app. Supports HTML, CSS, JavaScript, TypeScript, JSX, Vue, C++, Go, Objective-C, Java, Python, PHP, GraphQL, Markdown, and more. ================================================ FILE: data/tools/unimport.yml ================================================ name: unimport categories: - formatter - linter tags: - python license: MIT License types: - cli source: 'https://github.com/hakancelikdev/unimport' homepage: 'https://unimport.hakancelik.dev' description: 'A linter, formatter for finding and removing unused import statements.' ================================================ FILE: data/tools/unparam.yml ================================================ name: unparam categories: - linter tags: - go license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/mvdan/unparam' homepage: 'https://github.com/mvdan/unparam' description: Find unused function parameters. ================================================ FILE: data/tools/upsource.yml ================================================ name: Upsource categories: - linter tags: - ci - java - javascript - kotlin - php license: proprietary types: - service homepage: https://www.jetbrains.com/upsource description: >- Code review tool with static code analysis and code-aware navigation for Java, PHP, JavaScript and Kotlin. resources: - title: Upsource - Code Review Best Practices url: https://www.youtube.com/watch?v=EjwD7Pi7J_0 pricing: https://www.jetbrains.com/buy ================================================ FILE: data/tools/vale.yml ================================================ name: vale categories: - linter tags: - writing license: MIT License types: - cli source: 'https://github.com/errata-ai/vale' homepage: 'https://vale.sh' description: 'A syntax-aware linter for prose built with speed and extensibility in mind.' ================================================ FILE: data/tools/varcheck.yml ================================================ name: varcheck categories: - linter tags: - go license: GPL-3.0-only (original text) types: - cli source: 'https://gitlab.com/opennota/check' homepage: 'https://gitlab.com/opennota/check' description: Find unused global variables and constants. ================================================ FILE: data/tools/vera.yml ================================================ name: vera++ categories: - formatter tags: - c - cpp deprecated: true license: BSL-1.0 (original text) types: - cli source: 'https://bitbucket.org/verateam/vera/src/master' homepage: 'https://bitbucket.org/verateam/vera/wiki/Introduction' description: >- Vera++ is a programmable tool for verification, analysis and transformation of C++ source code. ================================================ FILE: data/tools/veracode.yml ================================================ name: Veracode categories: - linter tags: - c - cpp - dotnet - java - javascript - objectivec - php - security - swift license: proprietary types: - cli homepage: "https://www.veracode.com/security/static-code-analysis" pricing: https://info.veracode.com/request-quote.html plans: free: false oss: false description: >- Find flaws in binaries and bytecode without requiring source. Support all major programming languages: Java, .NET, JavaScript, Swift, Objective-C, C, C++ and more. resources: - title: Veracode Overview url: https://www.youtube.com/watch?v=6Fq_UMgwX4I - title: Veracode SCA Scan for VS Code Plugin url: https://www.youtube.com/watch?v=hCl2H8Heqnw reviews: - https://www.peerspot.com/products/veracode-reviews ================================================ FILE: data/tools/verible-linter-action.yml ================================================ name: verible-linter-action categories: - linter tags: - verilog license: Apache-2.0 License types: - service source: 'https://github.com/chipsalliance/verible-linter-action' homepage: 'https://github.com/chipsalliance/verible-linter-action' description: >- Automatic SystemVerilog linting in github actions with the help of Verible Used to lint Verilog and SystemVerilog source files and comment erroneous lines of code in Pull Requests automatically. ================================================ FILE: data/tools/verifast.yml ================================================ name: VeriFast categories: - linter tags: - ocaml license: MIT License types: - cli source: 'https://github.com/verifast/verifast' homepage: 'https://github.com/verifast/verifast' description: >- A tool for modular formal verification of correctness properties of single-threaded and multithreaded C and Java programs annotated with preconditions and postconditions written in separation logic. To express rich specifications, the programmer can define inductive datatypes, primitive recursive pure functions over these datatypes, and abstract separation logic predicates. ================================================ FILE: data/tools/verilator.yml ================================================ name: Verilator categories: - linter tags: - verilog license: GPL v3 or Perl Artistic License Version 2.0 types: - cli source: 'https://github.com/verilator/verilator' homepage: 'https://www.veripool.org/verilator' description: >- A tool which converts Verilog to a cycle-accurate behavioral model in C++ or SystemC. Performs lint code-quality checks. ================================================ FILE: data/tools/vetur.yml ================================================ name: Vetur categories: - linter - formatter tags: - vue license: MIT License types: - cli - ide-plugin source: 'https://github.com/vuejs/vetur' homepage: 'https://marketplace.visualstudio.com/items?itemName=octref.vetur' description: >- Vue tooling for VS Code, powered by vls (vue language server). Vetur has support for formatting embedded HTML, CSS, SCSS, JS, TypeScript, and more. Vetur only has a "whole document formatter" and cannot format arbitrary ranges. resources: - title: Pine Wu - var vetur = vscode + vue; | VueConf 2017 url: https://www.youtube.com/watch?v=05tNXJ-Kric ================================================ FILE: data/tools/vint.yml ================================================ name: vint categories: - linter tags: - vim-script license: MIT License types: - ide-plugin source: 'https://github.com/Kuniwak/vint' homepage: 'https://github.com/Kuniwak/vint' description: Fast and Highly Extensible Vim script Language Lint implemented by Python. ================================================ FILE: data/tools/violations-lib.yml ================================================ name: Violations Lib categories: - linter tags: - ci - java - support license: Apache License 2.0 types: - cli source: 'https://github.com/tomasbjerre/violations-lib' homepage: 'https://github.com/tomasbjerre/violations-lib' description: >- Java library for parsing report files from static code analysis. Used by a bunch of Jenkins, Maven and Gradle plugins. ================================================ FILE: data/tools/visual-expert.yml ================================================ name: Visual Expert categories: - linter tags: - sql license: proprietary types: - service homepage: https://www.visual-expert.com description: "Code analysis for PowerBuilder, Oracle, and SQL Server Explores, analyzes,\ \ and documents Code " pricing: https://www.visual-expert.com/EN/visual-expert-price.html ================================================ FILE: data/tools/vscode-verilog-hdl-support.yml ================================================ name: vscode-verilog-hdl-support categories: - linter tags: - verilog license: MIT License types: - ide-plugin source: 'https://github.com/mshr-h/vscode-verilog-hdl-support' homepage: 'https://github.com/mshr-h/vscode-verilog-hdl-support' description: >- Verilog HDL/SystemVerilog/Bluespec SystemVerilog support for VS Code. Provides syntax highlighting and Linting support from Icarus Verilog, Vivado Logical Simulation, Modelsim and Verilator ================================================ FILE: data/tools/vsdiagnostics.yml ================================================ name: VSDiagnostics categories: - linter tags: - csharp license: GNU General Public License v2.0 types: - cli source: 'https://github.com/Vannevelj/VSDiagnostics' homepage: 'https://github.com/Vannevelj/VSDiagnostics' description: A collection of static analyzers based on Roslyn that integrates with VS. ================================================ FILE: data/tools/vuls.yml ================================================ name: Vuls categories: - linter tags: - container license: AGPL-3.0 License types: - cli source: 'https://github.com/future-architect/vuls' homepage: 'https://vuls.io/' description: >- Agent-less Linux vulnerability scanner based on information from NVD, OVAL, etc. It has some container image support, although is not a container specific tool. ================================================ FILE: data/tools/vulture.yml ================================================ name: vulture categories: - linter tags: - python license: MIT License types: - cli source: 'https://github.com/jendrikseipp/vulture' homepage: 'https://github.com/jendrikseipp/vulture' description: 'Find unused classes, functions and variables in Python code.' ================================================ FILE: data/tools/wala.yml ================================================ name: WALA categories: - linter tags: - java - javascript license: Eclipse Public License 2.0 types: - cli source: 'https://github.com/wala/WALA' homepage: 'https://github.com/wala/WALA' description: >- Static analysis capabilities for Java bytecode and related languages and for JavaScript. resources: - title: WALA Everywhere url: https://www.youtube.com/watch?v=QtrJEopSSuw ================================================ FILE: data/tools/wap.yml ================================================ name: WAP categories: - linter tags: - php license: GNU GPL types: - cli source: 'https://awap.sourceforge.io' homepage: 'https://securityonline.info/owasp-wap-web-application-protection-project' description: >- Tool to detect and correct input validation vulnerabilities in PHP (4.0 or higher) web applications and predicts false positives by combining static analysis and data mining. ================================================ FILE: data/tools/warnalyzer.yml ================================================ name: warnalyzer categories: - linter tags: - rust license: MIT / Apache 2.0 types: - cli source: 'https://github.com/est31/warnalyzer' homepage: 'https://github.com/est31/warnalyzer' description: 'Show unused code from multi-crate Rust projects' ================================================ FILE: data/tools/wartremover.yml ================================================ name: WartRemover categories: - linter tags: - scala license: Apache License 2.0 types: - cli source: 'https://github.com/puffnfresh/wartremover' homepage: 'https://www.wartremover.org' description: A flexible Scala code linting tool. ================================================ FILE: data/tools/wasm-language-tools.yml ================================================ name: wasm-language-tools categories: - formatter - linter tags: - wasm license: MIT License types: - ide-plugin source: "https://github.com/g-plane/wasm-language-tools" homepage: "https://github.com/g-plane/wasm-language-tools" description: >- WebAssembly Language Tools aims to provide and improve the editing experience of WebAssembly Text Format. It also provides an out-of-the-box formatter (a.k.a. pretty printer) for WebAssembly Text Format. ================================================ FILE: data/tools/weeder.yml ================================================ name: Weeder categories: - linter tags: - haskell license: BSD 3-Clause "New" or "Revised" License types: - cli source: 'https://github.com/ocharles/weeder' homepage: 'https://github.com/ocharles/weeder' description: A tool for detecting dead exports or package imports in Haskell code. ================================================ FILE: data/tools/weggli.yml ================================================ name: weggli categories: - linter tags: - security - c - cpp license: Apache License 2.0 types: - cli source: 'https://github.com/googleprojectzero/weggli' homepage: 'https://github.com/googleprojectzero/weggli' description: >- A fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases. ================================================ FILE: data/tools/wemake-python-styleguide.yml ================================================ name: wemake-python-styleguide categories: - linter tags: - python license: MIT License types: - cli source: 'https://github.com/wemake-services/wemake-python-styleguide' homepage: 'https://wemake-python-styleguide.rtfd.io/' description: The strictest and most opinionated python linter ever. ================================================ FILE: data/tools/whitehat-application-security-platform.yml ================================================ name: WhiteHat Application Security Platform categories: - linter tags: - aspnet - csharp - html - java - javascript - mobile - nodejs - objectivec - php - typescript license: proprietary types: - cli homepage: "https://source.whitehatsec.com/help/sentinel/sast-service-detail.html" description: >- WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10. ================================================ FILE: data/tools/wily.yml ================================================ name: wily categories: - linter tags: - python license: Apache License 2.0 types: - cli source: 'https://github.com/tonybaloney/wily' homepage: 'https://github.com/tonybaloney/wily' description: >- A command-line tool for archiving, exploring and graphing the complexity of Python source code. ================================================ FILE: data/tools/wintellectanalyzers.yml ================================================ name: Wintellect.Analyzers categories: - linter tags: - csharp license: Other types: - cli source: 'https://github.com/Wintellect/Wintellect.Analyzers' homepage: 'https://github.com/Wintellect/Wintellect.Analyzers' description: .NET Compiler Platform ("Roslyn") diagnostic analyzers and code fixes. ================================================ FILE: data/tools/wotan.yml ================================================ name: Wotan categories: - linter tags: - javascript - typescript license: Apache License 2.0 types: - cli source: 'https://github.com/fimbullinter/wotan' homepage: 'https://github.com/fimbullinter/wotan' description: Pluggable TypeScript and JavaScript linter. ================================================ FILE: data/tools/write-good.yml ================================================ name: write-good categories: - linter tags: - writing license: MIT License types: - cli source: 'https://github.com/btford/write-good' homepage: 'https://github.com/btford/write-good' description: A linter with a focus on eliminating "weasel words". ================================================ FILE: data/tools/wsl.yml ================================================ name: wsl categories: - linter tags: - go license: MIT License types: - cli source: 'https://github.com/bombsimon/wsl' homepage: 'https://github.com/bombsimon/wsl' description: Enforces empty lines at the right places. ================================================ FILE: data/tools/xcode.yml ================================================ name: XCode categories: - linter tags: - c - cpp - objectivec license: proprietary types: - cli homepage: 'https://developer.apple.com/xcode' description: >- XCode provides a pretty decent UI for [Clang's](https://clang-analyzer.llvm.org/xcode.html) static code analyzer (C/C++, Obj-C). ================================================ FILE: data/tools/xenon.yml ================================================ name: xenon categories: - linter tags: - python license: MIT License types: - cli source: 'https://github.com/rubik/xenon' homepage: 'https://xenon.readthedocs.io' description: 'Monitor code complexity using [`radon`](https://github.com/rubik/radon).' ================================================ FILE: data/tools/xo.yml ================================================ name: xo categories: - linter tags: - javascript license: MIT License types: - cli source: 'https://github.com/xojs/xo' homepage: 'https://github.com/xojs/xo' description: >- Opinionated but configurable ESLint wrapper with lots of goodies included. Enforces strict and readable code. ================================================ FILE: data/tools/xygeni.yml ================================================ name: Xygeni categories: - linter description: >- Xygeni is a comprehensive Software Supply Chain Security platform. It provides Advanced SAST with AI-powered remediation, Software Composition Analysis (SCA) with real-time malware detection, Infrastructure as Code (IaC) scanning, and Secrets detection to ensure end-to-end code security. homepage: https://xygeni.io/ license: proprietary tags: - csharp - dockerfile - go - java - javascript - kubernetes - python - terraform types: - service ================================================ FILE: data/tools/yamllint.yml ================================================ name: yamllint categories: - linter tags: - template - yaml license: GNU General Public License v3.0 types: - cli source: 'https://github.com/adrienverge/yamllint' homepage: 'https://yamllint.readthedocs.io' description: >- Checks YAML files for syntax validity, key repetition and cosmetic problems such as lines length, trailing spaces, and indentation. ================================================ FILE: data/tools/yapf.yml ================================================ name: yapf categories: - formatter tags: - python license: Apache-2.0 types: - cli source: "https://github.com/google/yapf" homepage: "https://github.com/google/yapf" description: >- A formatter for Python files created by Google YAPF follows a distinctive methodology, originating from the 'clang-format' tool created by Daniel Jasper. Essentially, the program reframes the code to the most suitable formatting that abides by the style guide, even if the original code already follows the style guide. This concept is similar to the Go programming language's 'gofmt' tool, which aims to put an end to debates about formatting by having the entire codebase of a project pass through YAPF whenever changes are made, thereby maintaining a consistent style throughout the project and eliminating the need to argue about style in every code review. ================================================ FILE: data/tools/yardstick.yml ================================================ name: yardstick categories: - linter tags: - javascript deprecated: true license: MIT License types: - cli source: 'https://github.com/calmh/yardstick' homepage: 'https://github.com/calmh/yardstick' description: Javascript code metrics. ================================================ FILE: data/tools/zarn.yml ================================================ name: zarn categories: - linter tags: - perl license: MIT License types: - cli source: 'https://github.com/htrgouvea/zarn' homepage: 'https://github.com/htrgouvea/zarn' description: >- A lightweight static security analysis tool for modern Perl Apps ================================================ FILE: data/tools/zod.yml ================================================ name: zod categories: - linter tags: - typescript license: MIT License types: - cli source: 'https://github.com/colinhacks/zod' homepage: 'https://zod.dev' description: >- TypeScript-first schema validation with static type inference. The goal is to eliminate duplicative type declarations. With Zod, you declare a validator once and Zod will automatically infer the static TypeScript type. It is easy to compose simpler types into complex data structures. ================================================ FILE: data/tools/zpa.yml ================================================ name: ZPA categories: - linter tags: - plsql license: LGPL-3.0 License types: - cli source: 'https://github.com/felipebz/zpa' homepage: 'https://zpa.felipebz.com' description: An open source parser and code analyzer for PL/SQL and Oracle SQL code. ================================================ FILE: data/tools/zydis.yml ================================================ name: zydis categories: - linter tags: - binary license: MIT License types: - cli source: 'https://github.com/zyantific/zydis' homepage: 'https://zydis.re' description: 'Fast and lightweight x86/x86-64 disassembler library'