Repository: mre/awesome-dynamic-analysis Branch: master Commit: 0a4c55aaf55a Files: 77 Total size: 115.0 KB Directory structure: gitextract__falec0u/ ├── .gitattributes ├── .github/ │ ├── FUNDING.yml │ ├── dependabot.yml │ ├── pull_request_template.md │ └── workflows/ │ ├── auto-merge.yml │ ├── ci.yml │ ├── links.yml │ ├── render.yml │ └── stale.yml ├── .lycheeignore ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md └── data/ ├── .gitignore ├── README.md ├── api/ │ ├── tags.json │ └── tools.json ├── render/ │ ├── .gitignore │ ├── Cargo.toml │ ├── clippy.toml │ ├── src/ │ │ ├── bin/ │ │ │ └── main.rs │ │ ├── lib.rs │ │ ├── lints.rs │ │ ├── stats.rs │ │ └── types.rs │ └── templates/ │ └── README.md ├── tags.yml └── tools/ ├── allocscope.yml ├── angr.yml ├── appscan-standard.yml ├── bap.yaml ├── bolt.yml ├── bytehound.yml ├── cadvisor.yml ├── cargo-careful.yml ├── casr.yml ├── chap.yml ├── code-pulse.yml ├── crosshair.yml ├── daikon.yml ├── dr.-memory.yml ├── dynamorio.yml ├── dynapyt.yml ├── enlightn.yml ├── hyperfine.yml ├── icontract.yml ├── iroh.js.yml ├── jalangi2.yml ├── java-pathfinder.yml ├── klee.yml ├── ldra.yml ├── llvm-clang-sanitizers.yml ├── llvm-propeller.yml ├── loom.yml ├── microsoft-intellitest.yml ├── miri.yml ├── parasoft-jtest.yml ├── pex-and-moles.yml ├── pin-tools.yml ├── poop.yml ├── prowler.yml ├── puffin.yml ├── rust-san.yml ├── scalene.yml ├── smartbear.yml ├── souper.yml ├── statsviz.yml ├── stuck.yml ├── suture.yml ├── sydr.yml ├── triton.yml ├── typo.yml ├── valgrind.yml ├── vb-watch.yml ├── wasabi.yml └── whitehat-sentinel-dynamic.yml ================================================ FILE CONTENTS ================================================ ================================================ FILE: .gitattributes ================================================ *.md linguist-detectable=true *.md linguist-documentation=false *.yml linguist-detectable=true ================================================ FILE: .github/FUNDING.yml ================================================ github: analysis-tools-dev open_collective: analysis-tools ================================================ FILE: .github/dependabot.yml ================================================ version: 2 updates: - package-ecosystem: cargo directory: "/data/render" schedule: interval: daily time: "11:00" open-pull-requests-limit: 10 ignore: - dependency-name: tokio versions: - 1.1.1 - 1.2.0 ================================================ FILE: .github/pull_request_template.md ================================================ * [ ] I have not changed the `README.md` directly. ================================================ FILE: .github/workflows/auto-merge.yml ================================================ name: auto-merge on: pull_request: jobs: auto-merge: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: ahmadnassri/action-dependabot-auto-merge@v2 with: github-token: ${{ secrets.AUTOMERGE_TOKEN }} ================================================ FILE: .github/workflows/ci.yml ================================================ name: CI on: pull_request: branches: [master] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Render list run: make render-skip-deprecated ================================================ FILE: .github/workflows/links.yml ================================================ name: Links on: repository_dispatch: workflow_dispatch: schedule: - cron: "00 18 * * *" jobs: linkChecker: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Link Checker uses: lycheeverse/lychee-action@master with: # Only check README, which also ignores files in data/render/templates # See https://github.com/analysis-tools-dev/dynamic-analysis/issues/117 # Ideally we should exclude this path, but that is not supported by lychee yet. # See https://github.com/lycheeverse/lychee/issues/418 args: --verbose --no-progress README.md - name: Create Issue From File if: env.lychee_exit_code != 0 uses: peter-evans/create-issue-from-file@v4 with: title: Link Checker Report content-filepath: ./lychee/out.md labels: report, automated issue ================================================ FILE: .github/workflows/render.yml ================================================ name: Render on: push: branches: [master] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Render list run: make render - uses: stefanzweifel/git-auto-commit-action@v4.1.2 with: branch: ${{ github.head_ref }} commit_message: Commit list commit_user_name: Analysis Tools Bot commit_user_email: bot@analysis-tools.dev commit_author: Analysis Tools Bot ================================================ FILE: .github/workflows/stale.yml ================================================ name: "Close stale issues" on: schedule: - cron: "0 4 * * *" jobs: stale: runs-on: ubuntu-latest steps: - uses: actions/stale@v4.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: > This issue has been automatically marked as stale because it has not had recent activity in the last 60 days. It will be closed in 7 days if no further activity occurs. Thank you for your contributions. days-before-stale: 60 days-before-close: 7 stale-issue-label: stale ================================================ FILE: .lycheeignore ================================================ https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool https://www.intel.com/content/www/us/en/developer/articles/tool/pin-a-dynamic-binary-instrumentation-tool.html ================================================ FILE: CONTRIBUTING.md ================================================ # How to add a new tool to the list Please feel free to open a pull request if you know of a dynamic analysis tool that is not mentioned here. If you're in doubt if a tool is a good fit for the list, **don't open an issue, but create a pull request right away** because that's easier to handle. Thanks! :smiley: ### Requirements Each tool on the list should be - actively maintained (more than one contributor) - actively used (have **more than 20 stars on Github or similar impact**) - relatively mature (project exists for at least three months) ### Format The main `README.md` is just a rendered version of the data. To add a new tool, please create a file in the `data/tools` directory. - Make each tool description as precise as possible. Please limit the description to **500 characters**. - By default, we assume that the tool is open source. If a tool is proprietary, add `proprietary: true`. - Please add as many tags as possible. You can choose from the tags in `data/tags.yml` If a tool does not match any existing tag, feel free to add a new tag. Finally, create a pull request with all your changes. You can call `make render` to check for errors before. This is optional, because it will also be done when creating a pull request. # How to mark a tool as unmaintained/deprecated Sometimes a tool becomes unmaintained and there's nothing wrong with that. After all, a tool can still be very valuable to the community - even without frequent updates. However, since it is one of the goals of this project to allow people to make an informed decision on what is the best tool for the job, we are marking unmaintained or deprecated tools. [Here](https://github.com/mre/awesome-static-analysis/issues/223) is a nice discussion about why we think this is necessary. If you find a tool, which is unmaintained, please add `deprecated: true` to the entry in `data/tools/` and create a pull request in which you provide an objective explanation as to why you think the tool should be marked deprecated. Every deprecation will be handled on a case-by-case basis. **Thanks for helping out!** :tada: ================================================ FILE: LICENSE ================================================ MIT License Copyright (c) 2021 The analysis tools developers Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ================================================ FILE: Makefile ================================================ # Dynamic Analysis Tools Repository Makefile .PHONY: render render-skip-deprecated check clippy fmt test clean help # Default target shows help help: @echo "Available targets:" @echo " render - Render README.md and JSON API from YAML sources" @echo " render-skip-deprecated - Render without deprecated tools" @echo " check - Run cargo check" @echo " clippy - Run clippy lints" @echo " fmt - Format Rust code" @echo " test - Run tests" @echo " clean - Clean build artifacts" @echo " help - Show this help" # Main rendering targets render: cargo run --manifest-path data/render/Cargo.toml -- --tags data/tags.yml --tools data/tools --md-out README.md --json-out data/api render-skip-deprecated: cargo run --manifest-path data/render/Cargo.toml -- --tags data/tags.yml --tools data/tools --md-out README.md --json-out data/api --skip-deprecated # Development targets check: cargo check --manifest-path data/render/Cargo.toml clippy: cargo clippy --manifest-path data/render/Cargo.toml -- -D warnings fmt: cargo fmt --manifest-path data/render/Cargo.toml test: cargo test --manifest-path data/render/Cargo.toml clean: cargo clean --manifest-path data/render/Cargo.toml ================================================ FILE: README.md ================================================ Analysis Tools Website This repository lists **dynamic analysis tools** for all programming languages, build tools, config files and more. The focus is on tools which improve code quality such as linters and formatters. The official website, [analysis-tools.dev](https://analysis-tools.dev/) is based on this repository and adds rankings, user comments, and additional resources like videos for each tool. [![Website](https://img.shields.io/badge/Website-Online-2B5BAE)](https://analysis-tools.dev) ![CI](https://github.com/analysis-tools-dev/dynamic-analysis/workflows/CI/badge.svg) ## Sponsors This project would not be possible without the generous support of our sponsors.
BugProve Betterscan Pixee
If you also want to support this project, head over to our [Github sponsors page](https://github.com/sponsors/analysis-tools-dev). ## Meaning of Symbols: - :copyright: stands for proprietary software. All other tools are Open Source. - :information_source: indicates that the community does not recommend to use this tool for new projects anymore. The icon links to the discussion issue. - :warning: means that this tool was not updated for more than 1 year, or the repo was archived. Pull requests are very welcome! Also check out the sister project, [awesome-static-analysis](https://github.com/mre/awesome-static-analysis). ## Table of Contents #### [Programming Languages](#programming-languages-1)
Show languages
#### [Multiple languages](#multiple-languages-1) #### [Other](#other-1) - [API](#api) - [Binaries](#binary) - [Bytecode/IR](#bytecode) - [Cloud](#cloud) - [Containers](#container) - [Laravel](#laravel) - [Security/DAST](#security) - [Web](#web) - [WebAssembly](#webassembly) - [XML](#xml) --- ## Programming Languages

.NET

- [Microsoft IntelliTest](https://docs.microsoft.com/en-us/visualstudio/test/intellitest-manual/getting-started?view=vs-2019) — Generate a candidate suite of tests for your .NET code. - [Pex and Moles](https://www.microsoft.com/en-us/research/project/pex-and-moles-isolation-and-white-box-unit-testing-for-net/) — Pex automatically generates test suites with high code coverage using automated white box analysis.

C

- [CHAP](https://github.com/vmware/chap) — Analyzes un-instrumented ELF core files for leaks, memory growth, and corruption. It helps explain memory growth, can identify some forms of corruption, and supplements a debugger by giving the status of various memory locations. - [KLEE](https://github.com/klee/klee) — Symbolic virtual machine built on top of the LLVM compiler infrastructure. - [LDRA](https://ldra.com) :copyright: — A tool suite including dynamic analysis and test to various standards can ensure test coverage to 100% op-code, branch & decsion coverage. - [LLVM/Clang Sanitizers](https://github.com/google/sanitizers) — - [Valgrind](https://valgrind.org/) — An instrumentation framework for building dynamic analysis tools.

C++

- [CHAP](https://github.com/vmware/chap) — Analyzes un-instrumented ELF core files for leaks, memory growth, and corruption. It helps explain memory growth, can identify some forms of corruption, and supplements a debugger by giving the status of various memory locations. - [KLEE](https://github.com/klee/klee) — Symbolic virtual machine built on top of the LLVM compiler infrastructure. - [LDRA](https://ldra.com) :copyright: — A tool suite including dynamic analysis and test to various standards can ensure test coverage to 100% op-code, branch & decsion coverage. - [LLVM/Clang Sanitizers](https://github.com/google/sanitizers) — - [Valgrind](https://valgrind.org/) — An instrumentation framework for building dynamic analysis tools.

Go

- [statsviz](https://github.com/arl/statsviz) — Instant live visualization of your Go application runtime statistics in the browser. It plots heap usage, MSpans/MCaches, Object counts, Goroutines and GC/CPU fraction.

Java

- [Java PathFinder](https://github.com/javapathfinder/jpf-core) — An extensible software model checking framework for Java bytecode programs. - [Parasoft Jtest](https://www.parasoft.com/products/jtest) :copyright: — Jtest is an automated Java software testing and static analysis product that is made by Parasoft. The product includes technology for Data-flow analysis Unit test-case generation and execution, static analysis, regression testing, code coverage, and runtime error detection.

JavaScript

- [Iroh.js](https://github.com/maierfelix/Iroh) — A dynamic code analysis tool for JavaScript. Iroh allows to record your code flow in realtime, intercept runtime informations and manipulate program behaviour on the fly. - [Jalangi2](https://github.com/Samsung/jalangi2) — Jalangi2 is a popular framework for writing dynamic analyses for JavaScript.

PHP

- [Enlightn](https://www.laravel-enlightn.com/) — A static and dynamic analysis tool for Laravel applications that provides recommendations to improve the performance, security and code reliability of Laravel apps. Contains 120 automated checks.

Python

- [CrossHair](https://github.com/pschanely/CrossHair) — Symbolic execution engine for testing Python contracts. - [DynaPyt](https://github.com/sola-st/DynaPyt) — DynaPyt is a framework for writing dynamic analyses for Python. The analyses can also modify runtime values to alter the execution. - [icontract](https://github.com/Parquery/icontract) — Design-by-contract library supporting behavioral subtyping There is also a wider tooling around the icontract library such as a linter (pyicontract-lint) and a plug-in for Sphinx (sphinx-icontract). - [Scalene](https://github.com/emeryberger/scalene) — A high-performance, high-precision CPU and memory profiler for Python - [typo](https://github.com/aldanor/typo) — Runtime Type Checking for Python 3.

Ruby

- [suture](https://github.com/testdouble/suture) — A Ruby gem that helps you refactor your legacy code by the result of some old behavior with a new version.

Rust

- [cargo-careful](https://github.com/RalfJung/cargo-careful) — Execute Rust code carefully, with extra checking along the way. It builds the standard library with debug assertions. Here are some of the checks this enables: * `get_unchecked` in slices performs bounds checks * `copy`, `copy_nonoverlapping`, and `write_bytes` check that pointers are aligned and non-null and (if applicable) non-overlapping `{NonNull,NonZero*,...}::new_unchecked` check that the value is valid * plenty of internal consistency checks in the collection types * mem::zeroed and the deprecated mem::uninitialized panic if the type does not allow that kind of initialization - [hyperfine](https://github.com/sharkdp/hyperfine) — A command-line benchmarking tool It features statistical analysis across multiple runs, support for arbitrary shell commands, constant feedback about the benchmark progress and current estimates, warmup runs, a simple and expressive syntax, and more. - [loom](https://github.com/tokio-rs/loom) — Concurrency permutation testing tool for Rust. It runs a test many times, permuting the possible concurrent executions of that test. - [MIRI](https://github.com/rust-lang/miri) — An interpreter for Rust's mid-level intermediate representation, which can detect certain classes of undefined behavior like out-of-bounds memory accesses and use-after-free. - [puffin](https://github.com/EmbarkStudios/puffin) — Instrumentation profiler for Rust. - [rust-san](https://github.com/japaric/rust-san) — How-to sanitize your Rust code with built-in Rust dynamic analyzers - [stuck](https://github.com/jonhoo/stuck) — provides a visualization for quickly identifying common bottlenecks in running, asynchronous, and concurrent applications.

SQL

- [WhiteHat Sentinel Dynamic](https://www.synopsys.com/software-integrity/security-testing/dast.html) :copyright: — Part of the WhiteHat Application Security Platform. Dynamic application security scanner that covers the OWASP Top 10.

Visual Basic

- [VB Watch](https://www.aivosto.com/vbwatch.html) :copyright: — Profiler, Protector and Debugger for VB6. Profiler measures performance and test coverage. Protector implements robust error handling. Debugger helps monitor your executables.

Zig

- [poop](https://github.com/andrewrk/poop) — Performance Optimizer Observation Platform This command line tool uses Linux's `perf_event_open` functionality to compare the performance of multiple commands with a colorful terminal user interface. It is similar to `hyperfine`. ## Multiple languages - [allocscope](https://github.com/matt-kimball/allocscope) — allocscope is a tool for tracking down where the most egregiously large allocations are occurring in a C, C++ or Rust codebase. It is particularly intendend to be useful for developers who want to get a handle on excessive allocations and are working in a large codebase with multiple contributors with allocations occuring in many modules or libraries. - [bytehound](https://github.com/koute/bytehound) — A memory profiler for Linux. Can be used to analyze memory leaks, see where exactly the memory is being consumed, identify temporary allocations and investigate excessive memory fragmentation. - [CASR](https://crates.io/crates/casr) — Crash Analysis and Severity Report. - [Code Pulse](http://code-pulse.com/) — Code Pulse is a free real-time code coverage tool for penetration testing activities by OWASP and Code Dx ([GitHub](https://github.com/codedx/codepulse)). - [Daikon](https://plse.cs.washington.edu/daikon/) — A dynamic detector of likely invariants. An invariant is a property that holds at a certain program point, often seen in assert statements, documentation, and formal specifications. - [Sydr](https://sydr-fuzz.github.io/) :copyright: — Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle. ## Other

API

- [Smartbear](https://smartbear.com/) :copyright: — Test automation and performance testing platform

Binaries

- [angr](https://github.com/angr/angr) — Platform agnostic binary analysis framework from UCSB. - [BOLT](https://github.com/facebookincubator/BOLT) — Binary Optimization and Layout Tool - A linux command-line utility used for optimizing performance of binaries with profile guided permutation of linking to improve cache efficiency - [Dr. Memory](https://drmemory.org/) — Dr. Memory is a memory monitoring tool capable of identifying memory-related programming errors ([Github](https://github.com/DynamoRIO/drmemory)). - [DynamoRIO](http://www.dynamorio.org/) — Is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. - [llvm-propeller](https://github.com/google/llvm-propeller) — Profile guided hot/cold function splitting to improve cache efficiency. An alternative to BOLT by Facebook - [Pin Tools](https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool) — A dynamic binary instrumentation tool and a platform for creating analysis tools. - [TRITON](https://triton.quarkslab.com/) — Dynamic Binary Analysis for x86 binaries.

Bytecode/IR

- [souper](https://github.com/google/souper) — optimize LLVM IR with SMT solvers

Cloud

- [prowler](https://prowler.pro) — Prowler is an Open Source security tool to perform AWS and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

Containers

- [cadvisor](https://github.com/google/cadvisor) — Analyzes resource usage and performance characteristics of running containers.

Laravel

- [Enlightn](https://www.laravel-enlightn.com/) — A static and dynamic analysis tool for Laravel applications that provides recommendations to improve the performance, security and code reliability of Laravel apps. Contains 120 automated checks.

Security/DAST

- [AppScan Standard](https://www.hcltechsw.com/products/appscan) :copyright: — HCL's AppScan is a dynamic application security testing suite (previously by IBM) - [Enlightn](https://www.laravel-enlightn.com/) — A static and dynamic analysis tool for Laravel applications that provides recommendations to improve the performance, security and code reliability of Laravel apps. Contains 120 automated checks. - [WhiteHat Sentinel Dynamic](https://www.synopsys.com/software-integrity/security-testing/dast.html) :copyright: — Part of the WhiteHat Application Security Platform. Dynamic application security scanner that covers the OWASP Top 10.

Web

- [Smartbear](https://smartbear.com/) :copyright: — Test automation and performance testing platform

WebAssembly

- [Wasabi](https://github.com/danleh/wasabi) — Wasabi is a framework for writing dynamic analyses for WebAssembly, written in JavaScript.

XML

- [WhiteHat Sentinel Dynamic](https://www.synopsys.com/software-integrity/security-testing/dast.html) :copyright: — Part of the WhiteHat Application Security Platform. Dynamic application security scanner that covers the OWASP Top 10. ## License [![CC0](https://i.creativecommons.org/p/zero/1.0/88x31.png)](https://creativecommons.org/publicdomain/zero/1.0/) To the extent possible under law, [Matthias Endler](https://endler.dev) has waived all copyright and related or neighboring rights to this work. The underlying source code used to format and display that content is licensed under the MIT license. Title image [Designed by Freepik](http://www.freepik.com). ================================================ FILE: data/.gitignore ================================================ /target/ **/*.rs.bk .env ================================================ FILE: data/README.md ================================================ This is the project's CI environment. Read more about the tooling [here](https://matthias-endler.de/2017/obsolete/). Want to add an entry to the list? Here's how to [contribute](https://github.com/analysis-tools-dev/static-analysis/blob/master/CONTRIBUTING.md). ================================================ FILE: data/api/tags.json ================================================ { "languages": [ { "name": ".NET", "value": "dotnet", "tag_type": "Language" }, { "name": "ABAP", "value": "abap", "tag_type": "Language" }, { "name": "ActionScript", "value": "actionscript", "tag_type": "Language" }, { "name": "Active Server Pages", "value": "asp", "tag_type": "Language" }, { "name": "Ada", "value": "ada", "tag_type": "Language" }, { "name": "Assembly", "value": "asm", "tag_type": "Language" }, { "name": "ASP.NET", "value": "aspnet", "tag_type": "Language" }, { "name": "Apex", "value": "apex", "tag_type": "Language" }, { "name": "Awk", "value": "awk", "tag_type": "Language" }, { "name": "C", "value": "c", "tag_type": "Language" }, { "name": "Clojure", "value": "clojure", "tag_type": "Language" }, { "name": "COBOL", "value": "cobol", "tag_type": "Language" }, { "name": "CoffeeScript", "value": "coffeescript", "tag_type": "Language" }, { "name": "ColdFusion", "value": "coldfusion", "tag_type": "Language" }, { "name": "C++", "value": "cpp", "tag_type": "Language" }, { "name": "C#", "value": "csharp", "tag_type": "Language" }, { "name": "Crystal", "value": "crystal", "tag_type": "Language" }, { "name": "Dart", "value": "dart", "tag_type": "Language" }, { "name": "Dlang", "value": "dlang", "tag_type": "Language" }, { "name": "Delphi", "value": "delphi", "tag_type": "Language" }, { "name": "Elixir", "value": "elixir", "tag_type": "Language" }, { "name": "Elm", "value": "elm", "tag_type": "Language" }, { "name": "Erlang", "value": "erlang", "tag_type": "Language" }, { "name": "F#", "value": "fsharp", "tag_type": "Language" }, { "name": "Fortran", "value": "fortran", "tag_type": "Language" }, { "name": "Go", "value": "go", "tag_type": "Language" }, { "name": "Groovy", "value": "groovy", "tag_type": "Language" }, { "name": "Haskell", "value": "haskell", "tag_type": "Language" }, { "name": "Haxe", "value": "haxe", "tag_type": "Language" }, { "name": "Java", "value": "java", "tag_type": "Language" }, { "name": "JavaServer Pages", "value": "jsp", "tag_type": "Language" }, { "name": "JavaScript", "value": "javascript", "tag_type": "Language" }, { "name": "JSX", "value": "jsx", "tag_type": "Language" }, { "name": "Julia", "value": "julia", "tag_type": "Language" }, { "name": "Kotlin", "value": "kotlin", "tag_type": "Language" }, { "name": "Lua", "value": "lua", "tag_type": "Language" }, { "name": "MATLAB", "value": "matlab", "tag_type": "Language" }, { "name": "Objective C", "value": "objectivec", "tag_type": "Language" }, { "name": "Obj-C", "value": "objectivec", "tag_type": "Language" }, { "name": "Perl", "value": "perl", "tag_type": "Language" }, { "name": "PHP", "value": "php", "tag_type": "Language" }, { "name": "PL/SQL", "value": "plsql", "tag_type": "Language" }, { "name": "Python", "value": "python", "tag_type": "Language" }, { "name": "R", "value": "r", "tag_type": "Language" }, { "name": "RPG", "value": "rpg", "tag_type": "Language" }, { "name": "Ruby", "value": "ruby", "tag_type": "Language" }, { "name": "Rust", "value": "rust", "tag_type": "Language" }, { "name": "Scala", "value": "scala", "tag_type": "Language" }, { "name": "Shell", "value": "shell", "tag_type": "Language" }, { "name": "SQL", "value": "sql", "tag_type": "Language" }, { "name": "TSQL", "value": "tsql", "tag_type": "Language" }, { "name": "Swift", "value": "swift", "tag_type": "Language" }, { "name": "Tcl", "value": "tcl", "tag_type": "Language" }, { "name": "TypeScript", "value": "typescript", "tag_type": "Language" }, { "name": "VBScript", "value": "vbscript", "tag_type": "Language" }, { "name": "Visual Basic for Applications (VBA)", "value": "vba", "tag_type": "Language" }, { "name": "Visual Basic .NET", "value": "vbnet", "tag_type": "Language" }, { "name": "Visual Basic", "value": "vbasic", "tag_type": "Language" }, { "name": "PowerShell", "value": "powershell", "tag_type": "Language" }, { "name": "Visualforce", "value": "visualforce", "tag_type": "Language" }, { "name": "Lightning Web Components", "value": "lwc", "tag_type": "Language" }, { "name": "Vim Script", "value": "vim-script", "tag_type": "Language" }, { "name": "Zig", "value": "zig", "tag_type": "Language" } ], "other": [ { "name": "Cloud", "value": "cloud", "tag_type": "Other" }, { "name": "Formatter", "value": "formatter", "tag_type": "Other" }, { "name": "Rails", "value": "rails", "tag_type": "Other" }, { "name": "Smart Contracts", "value": "smart-contracts", "tag_type": "Other" }, { "name": "API", "value": "api", "tag_type": "Other" }, { "name": "Build tools", "value": "buildtool", "tag_type": "Other" }, { "name": "Binaries", "value": "binary", "tag_type": "Other" }, { "name": "Bytecode/IR", "value": "bytecode", "tag_type": "Other" }, { "name": "More collections", "value": "collection", "tag_type": "Other" }, { "name": "Containers", "value": "container", "tag_type": "Other" }, { "name": "Config Files", "value": "configfile", "tag_type": "Other" }, { "name": "Configuration Management", "value": "configmanagement", "tag_type": "Other" }, { "name": "Continuous Integration", "value": "ci", "tag_type": "Other" }, { "name": "CSS/SASS/SCSS", "value": "css", "tag_type": "Other" }, { "name": "Deno", "value": "deno", "tag_type": "Other" }, { "name": "Gherkin", "value": "gherkin", "tag_type": "Other" }, { "name": "Haml", "value": "haml", "tag_type": "Other" }, { "name": "HTML", "value": "html", "tag_type": "Other" }, { "name": "IDE Plugins", "value": "ide", "tag_type": "Other" }, { "name": "JSON", "value": "json", "tag_type": "Other" }, { "name": "Laravel", "value": "laravel", "tag_type": "Other" }, { "name": "LaTeX", "value": "latex", "tag_type": "Other" }, { "name": "Less", "value": "less", "tag_type": "Other" }, { "name": "Makefiles", "value": "make", "tag_type": "Other" }, { "name": "Markdown", "value": "markdown", "tag_type": "Other" }, { "name": "Metalinter", "value": "meta", "tag_type": "Other" }, { "name": "Mobile", "value": "mobile", "tag_type": "Other" }, { "name": "Node.js", "value": "nodejs", "tag_type": "Other" }, { "name": "Packages", "value": "package", "tag_type": "Other" }, { "name": "PhoneGap", "value": "phonegap", "tag_type": "Other" }, { "name": "Protocol Buffers", "value": "protobuf", "tag_type": "Other" }, { "name": "Security/DAST", "value": "security", "tag_type": "Other" }, { "name": "Support", "value": "support", "tag_type": "Other" }, { "name": "Template-Languages", "value": "template", "tag_type": "Other" }, { "name": "Translation", "value": "translation", "tag_type": "Other" }, { "name": "Vue.js", "value": "vue", "tag_type": "Other" }, { "name": "Vyper (Smart contract)", "value": "vyper", "tag_type": "Other" }, { "name": "Writing", "value": "writing", "tag_type": "Other" }, { "name": "Web", "value": "web", "tag_type": "Other" }, { "name": "WebAssembly", "value": "webassembly", "tag_type": "Other" }, { "name": "XML", "value": "xml", "tag_type": "Other" }, { "name": "YAML", "value": "yaml", "tag_type": "Other" } ] } ================================================ FILE: data/api/tools.json ================================================ { "allocscope": { "name": "allocscope", "categories": [ "linter" ], "languages": [ "c", "cpp", "rust" ], "other": [], "licenses": [ "GPL-3.0" ], "types": [ "cli" ], "homepage": "https://github.com/matt-kimball/allocscope", "source": "https://github.com/matt-kimball/allocscope", "pricing": null, "plans": null, "description": "allocscope is a tool for tracking down where the most egregiously large allocations are occurring in a C, C++ or Rust codebase. It is particularly intendend to be useful for developers who want to get a handle on excessive allocations and are working in a large codebase with multiple contributors with allocations occuring in many modules or libraries.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "angr": { "name": "angr", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "BSD-2-Clause License" ], "types": [ "cli" ], "homepage": "https://github.com/angr/angr", "source": "https://github.com/angr/angr", "pricing": null, "plans": null, "description": "Platform agnostic binary analysis framework from UCSB.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "appscan-standard": { "name": "AppScan Standard", "categories": [ "linter" ], "languages": [], "other": [ "security" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.hcltechsw.com/products/appscan", "source": null, "pricing": null, "plans": null, "description": "HCL's AppScan is a dynamic application security testing suite (previously by IBM)", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "bolt": { "name": "BOLT", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "LLVM Release License" ], "types": [ "cli" ], "homepage": "https://github.com/facebookincubator/BOLT", "source": "https://github.com/facebookincubator/BOLT", "pricing": null, "plans": null, "description": "Binary Optimization and Layout Tool - A linux command-line utility used for optimizing performance of binaries with profile guided permutation of linking to improve cache efficiency", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "bytehound": { "name": "bytehound", "categories": [ "linter" ], "languages": [ "c", "cpp", "rust" ], "other": [], "licenses": [ "NOASSERTION" ], "types": [ "cli" ], "homepage": "https://github.com/koute/bytehound", "source": "https://github.com/koute/bytehound", "pricing": null, "plans": null, "description": "A memory profiler for Linux. Can be used to analyze memory leaks, see where exactly the memory is being consumed, identify temporary allocations and investigate excessive memory fragmentation.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cadvisor": { "name": "cadvisor", "categories": [ "linter" ], "languages": [], "other": [ "container" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/google/cadvisor", "source": "https://github.com/google/cadvisor", "pricing": null, "plans": null, "description": "Analyzes resource usage and performance characteristics of running containers.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "cargo-careful": { "name": "cargo-careful", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Apache-2.0" ], "types": [ "cli" ], "homepage": "https://github.com/RalfJung/cargo-careful", "source": "https://github.com/RalfJung/cargo-careful", "pricing": null, "plans": null, "description": "Execute Rust code carefully, with extra checking along the way. It builds the standard library with debug assertions.\nHere are some of the checks this enables:\n* `get_unchecked` in slices performs bounds checks * `copy`, `copy_nonoverlapping`, and `write_bytes` check that pointers are aligned and non-null and (if applicable) non-overlapping `{NonNull,NonZero*,...}::new_unchecked` check that the value is valid * plenty of internal consistency checks in the collection types * mem::zeroed and the deprecated mem::uninitialized panic if the type does not allow that kind of initialization", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "casr": { "name": "CASR", "categories": [ "linter" ], "languages": [ "c", "cpp", "go", "rust", "swift" ], "other": [ "security" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://crates.io/crates/casr", "source": "https://github.com/ispras/casr", "pricing": null, "plans": null, "description": "Crash Analysis and Severity Report.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "chap": { "name": "CHAP", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "GPL v2" ], "types": [ "cli" ], "homepage": "https://github.com/vmware/chap", "source": "https://github.com/vmware/chap", "pricing": null, "plans": null, "description": "Analyzes un-instrumented ELF core files for leaks, memory growth, and corruption. It helps explain memory growth, can identify some forms of corruption, and supplements a debugger by giving the status of various memory locations.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "code-pulse": { "name": "Code Pulse", "categories": [ "linter" ], "languages": [ "dotnet", "java" ], "other": [], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "http://code-pulse.com/", "source": "https://github.com/codedx/codepulse", "pricing": null, "plans": null, "description": "Code Pulse is a free real-time code coverage tool for penetration testing activities by OWASP and Code Dx ([GitHub](https://github.com/codedx/codepulse)).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "crosshair": { "name": "CrossHair", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/pschanely/CrossHair", "source": "https://github.com/pschanely/CrossHair", "pricing": null, "plans": null, "description": "Symbolic execution engine for testing Python contracts.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "daikon": { "name": "Daikon", "categories": [ "linter" ], "languages": [ "c", "cpp", "java" ], "other": [], "licenses": [ "NOASSERTION" ], "types": [ "cli" ], "homepage": "https://plse.cs.washington.edu/daikon/", "source": "https://github.com/codespecs/daikon", "pricing": null, "plans": null, "description": "A dynamic detector of likely invariants. An invariant is a property that holds at a certain program point, often seen in assert statements, documentation, and formal specifications.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dr-memory": { "name": "Dr. Memory", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "LGPL License" ], "types": [ "cli" ], "homepage": "https://drmemory.org/", "source": "https://github.com/DynamoRIO/drmemory", "pricing": null, "plans": null, "description": "Dr. Memory is a memory monitoring tool capable of identifying memory-related programming errors ([Github](https://github.com/DynamoRIO/drmemory)).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dynamorio": { "name": "DynamoRIO", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "BSD License" ], "types": [ "cli" ], "homepage": "http://www.dynamorio.org/", "source": "https://github.com/DynamoRIO/dynamorio", "pricing": null, "plans": null, "description": "Is a runtime code manipulation system that supports code transformations on any part of a program, while it executes.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "dynapyt": { "name": "DynaPyt", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/sola-st/DynaPyt", "source": "https://github.com/sola-st/DynaPyt", "pricing": null, "plans": null, "description": "DynaPyt is a framework for writing dynamic analyses for Python. The analyses can also modify runtime values to alter the execution.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "enlightn": { "name": "Enlightn", "categories": [ "linter" ], "languages": [ "php" ], "other": [ "laravel", "security" ], "licenses": [ "LGPL-3.0 License" ], "types": [ "cli" ], "homepage": "https://www.laravel-enlightn.com/", "source": "https://github.com/enlightn/enlightn", "pricing": null, "plans": null, "description": "A static and dynamic analysis tool for Laravel applications that provides recommendations to improve the performance, security and code reliability of Laravel apps. Contains 120 automated checks.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "hyperfine": { "name": "hyperfine", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Apache-2.0" ], "types": [ "cli" ], "homepage": "https://github.com/sharkdp/hyperfine", "source": "https://github.com/sharkdp/hyperfine", "pricing": null, "plans": null, "description": "A command-line benchmarking tool It features statistical analysis across multiple runs, support for arbitrary shell commands, constant feedback about the benchmark progress and current estimates, warmup runs, a simple and expressive syntax, and more.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "icontract": { "name": "icontract", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/Parquery/icontract", "source": "https://github.com/Parquery/icontract", "pricing": null, "plans": null, "description": "Design-by-contract library supporting behavioral subtyping\nThere is also a wider tooling around the icontract library such as a linter (pyicontract-lint) and a plug-in for Sphinx (sphinx-icontract).", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "iroh-js": { "name": "Iroh.js", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/maierfelix/Iroh", "source": "https://github.com/maierfelix/Iroh", "pricing": null, "plans": null, "description": "A dynamic code analysis tool for JavaScript. Iroh allows to record your code flow in realtime, intercept runtime informations and manipulate program behaviour on the fly.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "jalangi2": { "name": "Jalangi2", "categories": [ "linter" ], "languages": [ "javascript" ], "other": [], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/Samsung/jalangi2", "source": "https://github.com/Samsung/jalangi2", "pricing": null, "plans": null, "description": "Jalangi2 is a popular framework for writing dynamic analyses for JavaScript.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "java-pathfinder": { "name": "Java PathFinder", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/javapathfinder/jpf-core", "source": "https://github.com/javapathfinder/jpf-core", "pricing": null, "plans": null, "description": "An extensible software model checking framework for Java bytecode programs.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "klee": { "name": "KLEE", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/klee/klee", "source": "https://github.com/klee/klee", "pricing": null, "plans": null, "description": "Symbolic virtual machine built on top of the LLVM compiler infrastructure.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "ldra": { "name": "LDRA", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://ldra.com", "source": null, "pricing": null, "plans": null, "description": "A tool suite including dynamic analysis and test to various standards can ensure test coverage to 100% op-code, branch & decsion coverage.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "llvm-clang-sanitizers": { "name": "LLVM/Clang Sanitizers", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/google/sanitizers", "source": "https://github.com/google/sanitizers", "pricing": null, "plans": null, "description": "", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "llvm-propeller": { "name": "llvm-propeller", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "Apache 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/google/llvm-propeller", "source": "https://github.com/google/llvm-propeller", "pricing": null, "plans": null, "description": "Profile guided hot/cold function splitting to improve cache efficiency. An alternative to BOLT by Facebook", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "loom": { "name": "loom", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/tokio-rs/loom", "source": "https://github.com/tokio-rs/loom", "pricing": null, "plans": null, "description": "Concurrency permutation testing tool for Rust. It runs a test many times, permuting the possible concurrent executions of that test.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "microsoft-intellitest": { "name": "Microsoft IntelliTest", "categories": [ "linter" ], "languages": [ "dotnet" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://docs.microsoft.com/en-us/visualstudio/test/intellitest-manual/getting-started?view=vs-2019", "source": null, "pricing": null, "plans": null, "description": "Generate a candidate suite of tests for your .NET code.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "miri": { "name": "MIRI", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/rust-lang/miri", "source": "https://github.com/rust-lang/miri", "pricing": null, "plans": null, "description": "An interpreter for Rust's mid-level intermediate representation, which can detect certain classes of undefined behavior like out-of-bounds memory accesses and use-after-free.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "parasoft-jtest": { "name": "Parasoft Jtest", "categories": [ "linter" ], "languages": [ "java" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.parasoft.com/products/jtest", "source": null, "pricing": null, "plans": null, "description": "Jtest is an automated Java software testing and static analysis product that is made by Parasoft. The product includes technology for Data-flow analysis Unit test-case generation and execution, static analysis, regression testing, code coverage, and runtime error detection.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pex-and-moles": { "name": "Pex and Moles", "categories": [ "linter" ], "languages": [ "dotnet" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://www.microsoft.com/en-us/research/project/pex-and-moles-isolation-and-white-box-unit-testing-for-net/", "source": null, "pricing": null, "plans": null, "description": "Pex automatically generates test suites with high code coverage using automated white box analysis.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "pin-tools": { "name": "Pin Tools", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool", "source": null, "pricing": null, "plans": null, "description": "A dynamic binary instrumentation tool and a platform for creating analysis tools.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "poop": { "name": "poop", "categories": [ "linter" ], "languages": [ "zig" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/andrewrk/poop", "source": "https://github.com/andrewrk/poop", "pricing": null, "plans": null, "description": "Performance Optimizer Observation Platform This command line tool uses Linux's `perf_event_open` functionality to compare the performance of multiple commands with a colorful terminal user interface. It is similar to `hyperfine`.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "prowler": { "name": "prowler", "categories": [ "linter" ], "languages": [], "other": [ "cloud" ], "licenses": [ "Apache-2.0 license" ], "types": [ "cli" ], "homepage": "https://prowler.pro", "source": "https://github.com/prowler-cloud/prowler", "pricing": null, "plans": null, "description": "Prowler is an Open Source security tool to perform AWS and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.\nIt contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.", "discussion": null, "deprecated": null, "resources": [ { "title": "Prowler Introduction", "url": "https://www.youtube.com/watch?v=Oo5e45NCKFw" } ], "reviews": null, "demos": null, "wrapper": null }, "puffin": { "name": "puffin", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/EmbarkStudios/puffin", "source": "https://github.com/EmbarkStudios/puffin", "pricing": null, "plans": null, "description": "Instrumentation profiler for Rust.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "rust-san": { "name": "rust-san", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "Apache 2.0 / MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/japaric/rust-san", "source": "https://github.com/japaric/rust-san", "pricing": null, "plans": null, "description": "How-to sanitize your Rust code with built-in Rust dynamic analyzers", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "scalene": { "name": "Scalene", "categories": [ "profiler" ], "languages": [ "python" ], "other": [], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://github.com/emeryberger/scalene", "source": "https://github.com/emeryberger/scalene", "pricing": null, "plans": null, "description": "A high-performance, high-precision CPU and memory profiler for Python", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "smartbear": { "name": "Smartbear", "categories": [ "linter" ], "languages": [], "other": [ "api", "web" ], "licenses": [ "proprietary" ], "types": [ "service" ], "homepage": "https://smartbear.com/", "source": null, "pricing": null, "plans": null, "description": "Test automation and performance testing platform", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "souper": { "name": "souper", "categories": [ "linter" ], "languages": [], "other": [ "bytecode" ], "licenses": [ "Apache 2.0" ], "types": [ "cli" ], "homepage": "https://github.com/google/souper", "source": "https://github.com/google/souper", "pricing": null, "plans": null, "description": "optimize LLVM IR with SMT solvers", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "statsviz": { "name": "statsviz", "categories": [ "linter" ], "languages": [ "go" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/arl/statsviz", "source": "https://github.com/arl/statsviz", "pricing": null, "plans": null, "description": "Instant live visualization of your Go application runtime statistics in the browser. It plots heap usage, MSpans/MCaches, Object counts, Goroutines and GC/CPU fraction.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "stuck": { "name": "stuck", "categories": [ "linter" ], "languages": [ "rust" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/jonhoo/stuck", "source": "https://github.com/jonhoo/stuck", "pricing": null, "plans": null, "description": "provides a visualization for quickly identifying common bottlenecks in running, asynchronous, and concurrent applications.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "suture": { "name": "suture", "categories": [ "linter" ], "languages": [ "ruby" ], "other": [], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/testdouble/suture", "source": "https://github.com/testdouble/suture", "pricing": null, "plans": null, "description": "A Ruby gem that helps you refactor your legacy code by the result of some old behavior with a new version.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "sydr": { "name": "Sydr", "categories": [ "linter", "fuzzer" ], "languages": [ "c", "cpp", "go", "rust", "swift" ], "other": [ "security" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://sydr-fuzz.github.io/", "source": null, "pricing": null, "plans": null, "description": "Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle.", "discussion": null, "deprecated": null, "resources": [ { "title": "Sydr - Cutting Dynamic Symbolic Execution", "url": "https://www.ispras.ru/conf/2020/video/compiler-technology-11-december.mp4#t=6021" } ], "reviews": null, "demos": null, "wrapper": null }, "triton": { "name": "TRITON", "categories": [ "linter" ], "languages": [], "other": [ "binary" ], "licenses": [ "Apache-2.0 License" ], "types": [ "cli" ], "homepage": "https://triton.quarkslab.com/", "source": "https://github.com/JonathanSalwan/Triton", "pricing": null, "plans": null, "description": "Dynamic Binary Analysis for x86 binaries.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "typo": { "name": "typo", "categories": [ "linter" ], "languages": [ "python" ], "other": [], "licenses": [ "MIT License" ], "types": [ "cli" ], "homepage": "https://github.com/aldanor/typo", "source": "https://github.com/aldanor/typo", "pricing": null, "plans": null, "description": "Runtime Type Checking for Python 3.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "valgrind": { "name": "Valgrind", "categories": [ "linter" ], "languages": [ "c", "cpp" ], "other": [], "licenses": [ "GNU General Public License v2" ], "types": [ "cli" ], "homepage": "https://valgrind.org/", "source": "https://sourceware.org/git/?p=valgrind.git", "pricing": null, "plans": null, "description": "An instrumentation framework for building dynamic analysis tools.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "vb-watch": { "name": "VB Watch", "categories": [ "linter" ], "languages": [ "vbasic" ], "other": [], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.aivosto.com/vbwatch.html", "source": null, "pricing": null, "plans": null, "description": "Profiler, Protector and Debugger for VB6. Profiler measures performance and test coverage. Protector implements robust error handling. Debugger helps monitor your executables.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "wasabi": { "name": "Wasabi", "categories": [ "linter" ], "languages": [], "other": [ "webassembly" ], "licenses": [ "MIT" ], "types": [ "cli" ], "homepage": "https://github.com/danleh/wasabi", "source": "https://github.com/danleh/wasabi", "pricing": null, "plans": null, "description": "Wasabi is a framework for writing dynamic analyses for WebAssembly, written in JavaScript.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null }, "whitehat-sentinel-dynamic": { "name": "WhiteHat Sentinel Dynamic", "categories": [ "linter" ], "languages": [ "sql" ], "other": [ "security", "xml" ], "licenses": [ "proprietary" ], "types": [ "cli" ], "homepage": "https://www.synopsys.com/software-integrity/security-testing/dast.html", "source": null, "pricing": null, "plans": null, "description": "Part of the WhiteHat Application Security Platform. Dynamic application security scanner that covers the OWASP Top 10.", "discussion": null, "deprecated": null, "resources": null, "reviews": null, "demos": null, "wrapper": null } } ================================================ FILE: data/render/.gitignore ================================================ target ================================================ FILE: data/render/Cargo.toml ================================================ [package] name = "render" version = "0.2.0" authors = ["Matthias Endler "] edition = "2018" [dependencies] serde = "1.0.228" serde_derive = "1.0.136" serde_yaml = "0.9.34" askama = "0.12.1" # Switch back to crates as soon as a new release with tokio 1.x support is # released. See https://github.com/softprops/hubcaps/pull/285 hubcaps = { git="https://github.com/softprops/hubcaps" } tokio = { version = "1.26.0", features = ["rt-multi-thread", "macros"] } chrono = "0.4.43" anyhow = "1.0.102" pico-args = "0.5.0" serde_json = "1.0.149" slug = "0.1.6" ================================================ FILE: data/render/clippy.toml ================================================ # Clippy configuration for stricter linting # https://rust-lang.github.io/rust-clippy/master/index.html # Set the threshold for too many arguments too-many-arguments-threshold = 4 # Set the threshold for too many lines too-many-lines-threshold = 100 # Set the threshold for type complexity type-complexity-threshold = 250 # Avoid suggesting wildcard imports avoid-breaking-exported-api = false ================================================ FILE: data/render/src/bin/main.rs ================================================ use anyhow::{Context, Result}; use askama::Template; use pico_args::Arguments; use render::types::{Entry, ParsedEntry, Tag, Tags, Type}; use render::{check_deprecated, create_api, create_catalog}; use std::collections::BTreeMap; use std::env; use std::ffi::OsStr; use std::fs; use std::io; use std::path::PathBuf; struct Args { tags: PathBuf, tools: PathBuf, md_out: PathBuf, json_out: PathBuf, skip_deprecated: bool, } fn parse_path(s: &OsStr) -> Result { Ok(s.into()) } fn read_tags(path: PathBuf) -> Result { let f = std::fs::File::open(path)?; Ok(serde_yaml::from_reader(f)?) } fn read_tools(path: PathBuf) -> Result> { let dir: std::fs::ReadDir = std::fs::read_dir(path)?; let files = dir .map(|res| res.map(|e| e.path())) .filter(|x| match x { Ok(pb) => pb.extension().and_then(OsStr::to_str) == Some("yml"), Err(_) => false, }) .collect::, io::Error>>()?; files .iter() .inspect(|p| println!("Checking {}", p.display())) .map(|p| { let file = std::fs::File::open(p)?; let entry: ParsedEntry = serde_yaml::from_reader(file)?; Ok(entry) }) .collect::, _>>() } fn main() -> Result<()> { let mut args = Arguments::from_env(); let args = Args { tags: args.value_from_os_str("--tags", parse_path)?, tools: args.value_from_os_str("--tools", parse_path)?, md_out: args.value_from_os_str("--md-out", parse_path)?, json_out: args.value_from_os_str("--json-out", parse_path)?, skip_deprecated: args.contains("--skip-deprecated"), }; let tags = read_tags(args.tags)?; let parsed_tools = read_tools(args.tools)?; let tools: Result> = parsed_tools .into_iter() .map(|t| Entry::from_parsed(t, &tags)) .collect(); let mut tools = tools?; tools.sort(); if !args.skip_deprecated { if let Ok(token) = env::var("GITHUB_TOKEN") { check_deprecated(token, &mut tools)?; } } let languages: Vec = tags .clone() .into_iter() .filter(|t| t.tag_type == Type::Language) .collect(); let other_tags: Vec = tags .clone() .into_iter() .filter(|t| t.tag_type == Type::Other) .collect(); let catalog = create_catalog(&tools, &languages, &other_tags)?; fs::write(&args.md_out, catalog.render()?).context(format!( "Cannot write Markdown output to {}", args.md_out.display() ))?; let api = create_api(catalog, &languages, &other_tags)?; let json = serde_json::to_string_pretty(&api)?; let tools_out = args.json_out.join("tools.json"); fs::write(&tools_out, json).context(format!( "Cannot write tools JSON output to {}", args.json_out.display() ))?; let mut tags_json = BTreeMap::new(); tags_json.insert("languages", languages); tags_json.insert("other", other_tags); let json = serde_json::to_string_pretty(&tags_json)?; let tags_out = args.json_out.join("tags.json"); fs::write(&tags_out, json).context(format!( "Cannot write tags JSON output to {}", args.json_out.display() ))?; // let stats_raw = fs::read_to_string("data/api/stats_raw.json")?; // let stats: StatsRaw = serde_json::from_str(&stats_raw)?; // let stats = format_stats(stats); // let json = serde_json::to_string(&stats)?; // let stats_out = args.json_out.join("stats.json"); // fs::write(&stats_out, json).context(format!( // "Cannot write stats JSON output to {}", // args.json_out.display() // ))?; Ok(()) } ================================================ FILE: data/render/src/lib.rs ================================================ #[macro_use] extern crate serde_derive; use anyhow::Result; use chrono::{DateTime, Local, NaiveDateTime, Utc}; use hubcaps::{Credentials, Github}; use slug::slugify; use stats::StatsRaw; mod lints; pub mod stats; pub mod types; use std::{collections::BTreeMap, iter::FromIterator}; use types::{Api, ApiEntry, Catalog, Entry, ParsedEntry, Tag, Type}; fn valid(entry: &ParsedEntry, tags: &[Tag]) -> Result<()> { let lints = [lints::name, lints::min_one_tag]; lints.iter().try_for_each(|lint| lint(entry, tags)) } #[tokio::main] pub async fn check_deprecated(token: String, entries: &mut Vec) -> Result<()> { println!("Checking for deprecated entries on Github. This might take a while..."); let github = Github::new( String::from("analysis tools bot"), Credentials::Token(token), )?; for entry in entries { if entry.source.is_none() { continue; } let components: Vec<&str> = entry .source .as_ref() .unwrap() .trim_end_matches('/') .split('/') .collect(); if !(components.contains(&"github.com") && components.len() == 5) { // valid github source must have 5 elements - anything longer and they are probably a // reference to a path inside a repo, rather than a repo itself. continue; } let owner = components[3]; let repo = components[4]; if let Ok(commit_list) = github.repo(owner, repo).commits().list("").await { let date = &commit_list[0].commit.author.date; let last_commit = NaiveDateTime::parse_from_str(date, "%Y-%m-%dT%H:%M:%SZ")?; let last_commit_utc: DateTime = DateTime::from_naive_utc_and_offset(last_commit, Utc); let duration = Local::now().date_naive().signed_duration_since(last_commit_utc.date_naive()); if duration.num_days() > 365 { entry.deprecated = Some(true); } else { entry.deprecated = None; } } } Ok(()) } pub fn create_catalog(entries: &[Entry], languages: &[Tag], other_tags: &[Tag]) -> Result { // Move tools that support multiple programming languages into their own category let (multi, entries): (Vec, Vec) = entries.iter().cloned().partition(|entry| { let language_tags = entry .tags .iter() .filter(|t| t.tag_type == Type::Language) .count(); language_tags > 1 && !entry.is_c_cpp() }); let mut linters = BTreeMap::new(); for language in languages { let list: Vec = entries .iter() .filter(|e| e.tags.contains(language)) .cloned() .collect(); if !list.is_empty() { linters.insert(language.clone(), list); } } let mut others = BTreeMap::new(); for other in other_tags { let list: Vec = entries .iter() .filter(|e| e.tags.contains(other)) .cloned() .collect(); if !list.is_empty() { others.insert(other.clone(), list); } } Ok(Catalog { linters, others, multi, }) } pub fn create_api(catalog: Catalog, languages: &[Tag], other_tags: &[Tag]) -> Result { let mut api_entries = BTreeMap::new(); // Concatenate all entries into one vector let mut entries: Vec = Vec::from_iter(catalog.linters.into_values().flatten()); entries.extend(Vec::from_iter(catalog.others.into_values().flatten())); entries.extend(catalog.multi); for entry in entries { // Get the language data for the entry. We iterate over all languages // and look up each language in the entry tags This is an O(n) operation // as we iterate over the language list only once while the lookup is an // O(1) operation thanks to the tag hash set. let entry_languages = languages .iter() .filter_map(|lang| { if entry.tags.contains(lang) { entry.tags.get(lang).map(|tag| tag.value.clone()) } else { None } }) .collect(); // ...same for the non-language tags let entry_other = other_tags .iter() .filter_map(|other| { if entry.tags.contains(other) { entry.tags.get(other).map(|tag| tag.value.clone()) } else { None } }) .collect(); // In the future we want to split up licenses in the YAML input files into a list. // Emulate the future data format by creating a list from the current string. // Note that this string could contain more than one license name for now, e.g. // MIT / Apache License let licenses = vec![entry.license]; let api_entry = ApiEntry { name: entry.name.clone(), categories: entry.categories, languages: entry_languages, other: entry_other, licenses, types: entry.types, homepage: entry.homepage, source: entry.source, pricing: entry.pricing, plans: entry.plans, description: entry.description, discussion: entry.discussion, deprecated: entry.deprecated, resources: entry.resources, reviews: entry.reviews, demos: entry.demos, wrapper: entry.wrapper, }; api_entries.insert(slugify(&entry.name), api_entry); } Ok(api_entries) } #[cfg(test)] mod tests { use super::*; #[test] fn test_slugify() { assert_eq!(slugify("this is a test"), "this-is-a-test".to_string()); assert_eq!(slugify("Big"), "big".to_string()); assert_eq!(slugify(" Big"), "big".to_string()); assert_eq!(slugify("Astrée"), "astree".to_string()); assert_eq!(slugify("non word 1234"), "non-word-1234".to_string()); assert_eq!(slugify("it-has-dashes"), "it-has-dashes".to_string()); assert_eq!( slugify(" - - it-has-dashes - -"), "it-has-dashes".to_string() ); } } pub fn format_stats(stats: StatsRaw) -> BTreeMap { stats .data .result .into_iter() .map(|r| { ( r.metric.path.trim_start_matches("/tool/").to_string(), r.value.1, ) }) .collect() } ================================================ FILE: data/render/src/lints.rs ================================================ use anyhow::{anyhow, Result}; use crate::types::ParsedEntry; use crate::types::Tag; pub fn name(entry: &ParsedEntry, _: &[Tag]) -> Result<()> { match entry.name.len() <= 50 { true => Ok(()), false => Err(anyhow!( "Name of entry may be at most 50 characters long, but {} is {} long", entry.name, entry.name.len() )), } } pub fn min_one_tag(entry: &ParsedEntry, _: &[Tag]) -> Result<()> { match entry.tags.is_empty() { true => Err(anyhow!( "{} must have at least one tag from `tags.yml`.", entry.name )), false => Ok(()), } } ================================================ FILE: data/render/src/stats.rs ================================================ use serde_derive::Deserialize; use serde_derive::Serialize; #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct StatsRaw { pub status: String, pub data: Data, } #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct Data { pub result_type: String, pub result: Vec, pub stats: Stats, } #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct Result { pub metric: Metric, pub value: (f64, String), } #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct Metric { pub path: String, } #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct Stats { pub summary: Summary, pub store: Store, pub ingester: Ingester, } #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct Summary { pub bytes_processed_per_second: i64, pub lines_processed_per_second: i64, pub total_bytes_processed: i64, pub total_lines_processed: i64, pub exec_time: f64, } #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct Store { pub total_chunks_ref: i64, pub total_chunks_downloaded: i64, pub chunks_download_time: f64, pub head_chunk_bytes: i64, pub head_chunk_lines: i64, pub decompressed_bytes: i64, pub decompressed_lines: i64, pub compressed_bytes: i64, pub total_duplicates: i64, } #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)] #[serde(rename_all = "camelCase")] pub struct Ingester { pub total_reached: i64, pub total_chunks_matched: i64, pub total_batches: i64, pub total_lines_sent: i64, pub head_chunk_bytes: i64, pub head_chunk_lines: i64, pub decompressed_bytes: i64, pub decompressed_lines: i64, pub compressed_bytes: i64, pub total_duplicates: i64, } ================================================ FILE: data/render/src/types.rs ================================================ use anyhow::{bail, Result}; use askama::Template; use serde::Deserialize; use std::cmp::Ordering; use std::collections::{BTreeMap, BTreeSet}; use crate::valid; #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, Hash, Ord, PartialOrd)] pub enum Type { #[serde(alias = "language")] Language, #[serde(alias = "other")] Other, } #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, Hash, Ord, PartialOrd)] pub struct Tag { pub name: String, pub value: String, #[serde(alias = "type")] pub tag_type: Type, } impl Tag { fn new(name: &str, value: &str, tag_type: Type) -> Tag { Tag { name: name.into(), value: value.into(), tag_type, } } } // The tags from tags.yml. Note that this is a `Vector` and not a // `BTreeSet` because we like to keep the sorting between renders. pub type Tags = Vec; pub type EntryTags = BTreeSet; #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)] pub struct Resource { title: String, url: String, } #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)] pub struct Review { url: String, } #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)] pub struct Demo { url: String, } #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, Hash, Ord, PartialOrd)] #[serde(rename = "category")] pub enum Category { #[serde(rename = "linter")] Linter, #[serde(rename = "formatter")] Formatter, #[serde(rename = "fuzzer")] Fuzzer, #[serde(rename = "profiler")] Profiler, #[serde(rename = "meta")] Meta, } #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)] pub struct ParsedEntry { pub name: String, pub categories: BTreeSet, pub tags: BTreeSet, pub license: String, pub types: BTreeSet, pub homepage: String, pub source: Option, pub pricing: Option, pub plans: Option>, pub description: String, pub discussion: Option, pub deprecated: Option, pub resources: Option>, pub reviews: Option>, pub demos: Option>, pub wrapper: Option, } #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, Ord, PartialOrd)] pub enum ToolType { #[serde(rename = "cli")] Commandline, #[serde(rename = "service")] Service, #[serde(rename = "ide-plugin")] IdePlugin, } #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)] pub struct Entry { pub name: String, pub categories: BTreeSet, pub tags: BTreeSet, pub license: String, pub types: BTreeSet, pub homepage: String, pub source: Option, pub pricing: Option, pub plans: Option>, pub description: String, pub discussion: Option, pub deprecated: Option, pub resources: Option>, pub reviews: Option>, pub demos: Option>, pub wrapper: Option, } impl Entry { pub fn is_c_cpp(&self) -> bool { self.tags == [ Tag::new("C", "c", Type::Language), Tag::new("C++", "cpp", Type::Language), ] .iter() .cloned() .collect::>() } pub fn from_parsed(p: ParsedEntry, tags: &[Tag]) -> Result { valid(&p, tags)?; let entry_tags: Result> = p.tags.iter().map(|t| get_tag(t, tags)).collect(); let types: Result> = p .types .iter() .map(|t| { serde_json::from_value::(serde_json::to_value(t).unwrap()) .map_err(|e| e.into()) }) .collect(); Ok(Entry { name: p.name, categories: p.categories, tags: entry_tags?, license: p.license, types: types?, homepage: p.homepage, source: p.source, pricing: p.pricing, plans: p.plans, description: p.description, discussion: p.discussion, deprecated: p.deprecated, resources: p.resources, reviews: p.reviews, demos: p.demos, wrapper: p.wrapper, }) } } fn get_tag(t: &str, tags: &[Tag]) -> Result { for tag in tags { if tag.value == t { return Ok(tag.clone()); } } bail!("Invalid tag: {}", t) } impl PartialOrd for Entry { fn partial_cmp(&self, other: &Entry) -> Option { Some(self.cmp(other)) } } impl Ord for Entry { fn cmp(&self, other: &Entry) -> Ordering { self.name.to_lowercase().cmp(&other.name.to_lowercase()) } } pub type EntryMap = BTreeMap>; #[derive(Debug, Serialize, Deserialize, Template)] #[template(path = "README.md")] pub struct Catalog { pub linters: EntryMap, pub others: EntryMap, pub multi: Vec, } /// An entry of the machine-readable JSON out from the tool. /// /// We use a different, de-normalized data format instead of the catalog, which /// keeps the information for each tool in a struct instead of grouping tools by /// tags. #[derive(Debug, Serialize, Deserialize)] pub struct ApiEntry { /// The original entry name (not slugified) pub name: String, pub categories: BTreeSet, pub languages: Vec, pub other: Vec, pub licenses: Vec, pub types: BTreeSet, pub homepage: String, pub source: Option, pub pricing: Option, pub plans: Option>, pub description: String, pub discussion: Option, pub deprecated: Option, pub resources: Option>, pub reviews: Option>, pub demos: Option>, pub wrapper: Option, } /// The final API dataformat is a map where the key is the entry name and the /// value is the entry data, which makes searching for a tool's data easier pub type Api = BTreeMap; ================================================ FILE: data/render/templates/README.md ================================================ Analysis Tools Website This repository lists **dynamic analysis tools** for all programming languages, build tools, config files and more. The focus is on tools which improve code quality such as linters and formatters. The official website, [analysis-tools.dev](https://analysis-tools.dev/) is based on this repository and adds rankings, user comments, and additional resources like videos for each tool. [![Website](https://img.shields.io/badge/Website-Online-2B5BAE)](https://analysis-tools.dev) ![CI](https://github.com/analysis-tools-dev/dynamic-analysis/workflows/CI/badge.svg) ## Sponsors This project would not be possible without the generous support of our sponsors.
BugProve Betterscan Pixee
If you also want to support this project, head over to our [Github sponsors page](https://github.com/sponsors/analysis-tools-dev). ## Meaning of Symbols: - :copyright: stands for proprietary software. All other tools are Open Source. - :information_source: indicates that the community does not recommend to use this tool for new projects anymore. The icon links to the discussion issue. - :warning: means that this tool was not updated for more than 1 year, or the repo was archived. Pull requests are very welcome! Also check out the sister project, [awesome-static-analysis](https://github.com/mre/awesome-static-analysis). ## Table of Contents #### [Programming Languages](#programming-languages-1)
Show languages
#### [Multiple languages](#multiple-languages-1) #### [Other](#other-1) {% for (tag, _) in others %} - [{{ tag.name }}](#{{ tag.value }}) {% endfor %} --- ## Programming Languages {%- for (language, linters) in linters %}

{{ language.name }}

{% for linter in linters %} - [{{linter.name }}]({{linter.homepage }}){% if linter.discussion.is_some() %} [:information_source:](<{{linter.discussion.as_ref().unwrap()}}>){% endif %}{% if linter.deprecated.is_some() %} :warning:{% endif %}{% if linter.license == "proprietary" %} :copyright:{% endif %} — {{ linter.description }} {% endfor %} {%- endfor %} ## Multiple languages {% for linter in multi %} - [{{linter.name }}]({{linter.homepage }}){% if linter.discussion.is_some() %} [:information_source:](<{{linter.discussion.as_ref().unwrap()}}>){% endif %}{% if linter.deprecated.is_some() %} :warning:{% endif %}{% if linter.license == "proprietary" %} :copyright:{% endif %} — {{ linter.description }} {% endfor %} ## Other {% for (tag, others) in others %}

{{ tag.name }}

{% for other in others %} - [{{ other.name }}]({{ other.homepage }}){% if other.discussion.is_some() %} [:information_source:](<{{other.discussion.as_ref().unwrap()}}>){% endif %}{% if other.deprecated.is_some() %} :warning:{% endif %}{% if other.license == "proprietary" %} :copyright:{% endif %} — {{ other.description }} {% endfor %} {%- endfor %} ## License [![CC0](https://i.creativecommons.org/p/zero/1.0/88x31.png)](https://creativecommons.org/publicdomain/zero/1.0/) To the extent possible under law, [Matthias Endler](https://endler.dev) has waived all copyright and related or neighboring rights to this work. The underlying source code used to format and display that content is licensed under the MIT license. Title image [Designed by Freepik](http://www.freepik.com). ================================================ FILE: data/tags.yml ================================================ - name: .NET value: dotnet type: language - name: ABAP value: abap type: language - name: ActionScript value: actionscript type: language - name: Active Server Pages value: asp type: language - name: Ada value: ada type: language - name: Assembly value: asm type: language - name: ASP.NET value: aspnet type: language - name: Apex value: apex type: language - name: Awk value: awk type: language - name: C value: c type: language - name: Cloud value: cloud type: other - name: Clojure value: clojure type: language - name: COBOL value: cobol type: language - name: CoffeeScript value: coffeescript type: language - name: ColdFusion value: coldfusion type: language - name: C++ value: cpp type: language - name: "C#" value: csharp type: language - name: Crystal value: crystal type: language - name: Dart value: dart type: language - name: Dlang value: dlang type: language - name: Delphi value: delphi type: language - name: Elixir value: elixir type: language - name: Elm value: elm type: language - name: Erlang value: erlang type: language - name: "F#" value: fsharp type: language - name: Fortran value: fortran type: language - name: Formatter value: formatter type: other - name: Go value: go type: language - name: Groovy value: groovy type: language - name: Haskell value: haskell type: language - name: Haxe value: haxe type: language - name: Java value: java type: language - name: JavaServer Pages value: jsp type: language - name: JavaScript value: javascript type: language - name: JSX value: jsx type: language - name: Julia value: julia type: language - name: Kotlin value: kotlin type: language - name: Lua value: lua type: language - name: MATLAB value: matlab type: language - name: Objective C value: objectivec type: language - name: Obj-C value: objectivec type: language - name: Perl value: perl type: language - name: PHP value: php type: language - name: PL/SQL value: plsql type: language - name: Python value: python type: language - name: R value: r type: language - name: RPG value: rpg type: language - name: Rails value: rails type: other - name: Ruby value: ruby type: language - name: Rust value: rust type: language - name: Scala value: scala type: language - name: Shell value: shell type: language - name: Smart Contracts value: smart-contracts type: other - name: SQL value: sql type: language - name: TSQL value: tsql type: language - name: Swift value: swift type: language - name: Tcl value: tcl type: language - name: TypeScript value: typescript type: language - name: VBScript value: vbscript type: language - name: Visual Basic for Applications (VBA) value: vba type: language - name: Visual Basic .NET value: vbnet type: language - name: Visual Basic value: vbasic type: language - name: API value: api type: other - name: Build tools value: buildtool type: other - name: Binaries value: binary type: other - name: Bytecode/IR value: bytecode type: other - name: More collections value: collection type: other - name: Containers value: container type: other - name: Config Files value: configfile type: other - name: Configuration Management value: configmanagement type: other - name: Continuous Integration value: ci type: other - name: CSS/SASS/SCSS value: css type: other - name: Deno value: deno type: other - name: Gherkin value: gherkin type: other - name: Haml value: haml type: other - name: HTML value: html type: other - name: IDE Plugins value: ide type: other - name: JSON value: json type: other - name: Laravel value: laravel type: other - name: LaTeX value: latex type: other - name: Less value: less type: other - name: Makefiles value: make type: other - name: Markdown value: markdown type: other - name: Metalinter value: meta type: other - name: Mobile value: mobile type: other - name: Node.js value: nodejs type: other - name: Packages value: package type: other - name: PhoneGap value: phonegap type: other - name: PowerShell value: powershell type: language - name: Protocol Buffers value: protobuf type: other - name: Security/DAST value: security type: other - name: Support value: support type: other - name: Template-Languages value: template type: other - name: Translation value: translation type: other - name: Visualforce value: visualforce type: language - name: Lightning Web Components value: lwc type: language - name: Vim Script value: vim-script type: language - name: Vue.js value: vue type: other - name: Vyper (Smart contract) value: vyper type: other - name: Writing value: writing type: other - name: Web value: web type: other - name: WebAssembly value: webassembly type: other - name: XML value: xml type: other - name: YAML value: yaml type: other - name: Zig value: zig type: language ================================================ FILE: data/tools/allocscope.yml ================================================ name: allocscope categories: - linter tags: - c - cpp - rust license: GPL-3.0 types: - cli source: "https://github.com/matt-kimball/allocscope" homepage: "https://github.com/matt-kimball/allocscope" description: >- allocscope is a tool for tracking down where the most egregiously large allocations are occurring in a C, C++ or Rust codebase. It is particularly intendend to be useful for developers who want to get a handle on excessive allocations and are working in a large codebase with multiple contributors with allocations occuring in many modules or libraries. ================================================ FILE: data/tools/angr.yml ================================================ name: angr categories: - linter tags: - binary license: BSD-2-Clause License types: - cli source: 'https://github.com/angr/angr' homepage: 'https://github.com/angr/angr' description: Platform agnostic binary analysis framework from UCSB. ================================================ FILE: data/tools/appscan-standard.yml ================================================ name: AppScan Standard categories: - linter tags: - security license: proprietary types: - cli homepage: 'https://www.hcltechsw.com/products/appscan' description: >- HCL's AppScan is a dynamic application security testing suite (previously by IBM) ================================================ FILE: data/tools/bap.yaml ================================================ name: BAP categories: - linter tags: - binary license: MIT types: - cli source: 'https://github.com/BinaryAnalysisPlatform/bap' homepage: 'https://github.com/BinaryAnalysisPlatform/bap' description: The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a suite of utilities and libraries for the analysis of machine code. The included Primus microexecution interpreter enables dynamic analysis. ================================================ FILE: data/tools/bolt.yml ================================================ name: BOLT categories: - linter tags: - binary license: LLVM Release License types: - cli source: 'https://github.com/facebookincubator/BOLT' homepage: 'https://github.com/facebookincubator/BOLT' description: >- Binary Optimization and Layout Tool - A linux command-line utility used for optimizing performance of binaries with profile guided permutation of linking to improve cache efficiency ================================================ FILE: data/tools/bytehound.yml ================================================ name: bytehound categories: - linter tags: - c - cpp - rust license: NOASSERTION types: - cli source: 'https://github.com/koute/bytehound' homepage: 'https://github.com/koute/bytehound' description: >- A memory profiler for Linux. Can be used to analyze memory leaks, see where exactly the memory is being consumed, identify temporary allocations and investigate excessive memory fragmentation. ================================================ FILE: data/tools/cadvisor.yml ================================================ name: cadvisor categories: - linter tags: - container license: Apache-2.0 License types: - cli source: 'https://github.com/google/cadvisor' homepage: 'https://github.com/google/cadvisor' description: Analyzes resource usage and performance characteristics of running containers. ================================================ FILE: data/tools/cargo-careful.yml ================================================ name: cargo-careful categories: - linter tags: - rust license: Apache-2.0 types: - cli source: 'https://github.com/RalfJung/cargo-careful' homepage: 'https://github.com/RalfJung/cargo-careful' description: >- Execute Rust code carefully, with extra checking along the way. It builds the standard library with debug assertions. Here are some of the checks this enables: * `get_unchecked` in slices performs bounds checks * `copy`, `copy_nonoverlapping`, and `write_bytes` check that pointers are aligned and non-null and (if applicable) non-overlapping `{NonNull,NonZero*,...}::new_unchecked` check that the value is valid * plenty of internal consistency checks in the collection types * mem::zeroed and the deprecated mem::uninitialized panic if the type does not allow that kind of initialization ================================================ FILE: data/tools/casr.yml ================================================ name: CASR categories: - linter tags: - security - c - cpp - rust - swift - go license: Apache-2.0 License types: - cli source: 'https://github.com/ispras/casr' homepage: 'https://crates.io/crates/casr' description: Crash Analysis and Severity Report. ================================================ FILE: data/tools/chap.yml ================================================ name: CHAP categories: - linter tags: - c - cpp license: GPL v2 types: - cli source: 'https://github.com/vmware/chap' homepage: 'https://github.com/vmware/chap' description: >- Analyzes un-instrumented ELF core files for leaks, memory growth, and corruption. It helps explain memory growth, can identify some forms of corruption, and supplements a debugger by giving the status of various memory locations. ================================================ FILE: data/tools/code-pulse.yml ================================================ name: Code Pulse categories: - linter tags: - dotnet - java license: Apache-2.0 License types: - cli source: 'https://github.com/codedx/codepulse' homepage: 'http://code-pulse.com/' description: >- Code Pulse is a free real-time code coverage tool for penetration testing activities by OWASP and Code Dx ([GitHub](https://github.com/codedx/codepulse)). ================================================ FILE: data/tools/crosshair.yml ================================================ name: CrossHair categories: - linter tags: - python license: MIT License types: - cli source: 'https://github.com/pschanely/CrossHair' homepage: 'https://github.com/pschanely/CrossHair' description: Symbolic execution engine for testing Python contracts. ================================================ FILE: data/tools/daikon.yml ================================================ name: Daikon categories: - linter tags: - c - cpp - java license: NOASSERTION types: - cli source: 'https://github.com/codespecs/daikon' homepage: 'https://plse.cs.washington.edu/daikon/' description: >- A dynamic detector of likely invariants. An invariant is a property that holds at a certain program point, often seen in assert statements, documentation, and formal specifications. ================================================ FILE: data/tools/dr.-memory.yml ================================================ name: Dr. Memory categories: - linter tags: - binary license: LGPL License types: - cli source: 'https://github.com/DynamoRIO/drmemory' homepage: 'https://drmemory.org/' description: >- Dr. Memory is a memory monitoring tool capable of identifying memory-related programming errors ([Github](https://github.com/DynamoRIO/drmemory)). ================================================ FILE: data/tools/dynamorio.yml ================================================ name: DynamoRIO categories: - linter tags: - binary license: BSD License types: - cli source: 'https://github.com/DynamoRIO/dynamorio' homepage: 'http://www.dynamorio.org/' description: >- Is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. ================================================ FILE: data/tools/dynapyt.yml ================================================ name: DynaPyt categories: - linter tags: - python license: MIT types: - cli source: 'https://github.com/sola-st/DynaPyt' homepage: 'https://github.com/sola-st/DynaPyt' description: DynaPyt is a framework for writing dynamic analyses for Python. The analyses can also modify runtime values to alter the execution. ================================================ FILE: data/tools/enlightn.yml ================================================ name: Enlightn categories: - linter tags: - php - security - laravel license: LGPL-3.0 License types: - cli source: 'https://github.com/enlightn/enlightn' homepage: 'https://www.laravel-enlightn.com/' description: >- A static and dynamic analysis tool for Laravel applications that provides recommendations to improve the performance, security and code reliability of Laravel apps. Contains 120 automated checks. ================================================ FILE: data/tools/hyperfine.yml ================================================ name: hyperfine categories: - linter tags: - rust license: Apache-2.0 types: - cli source: "https://github.com/sharkdp/hyperfine" homepage: "https://github.com/sharkdp/hyperfine" description: >- A command-line benchmarking tool It features statistical analysis across multiple runs, support for arbitrary shell commands, constant feedback about the benchmark progress and current estimates, warmup runs, a simple and expressive syntax, and more. ================================================ FILE: data/tools/icontract.yml ================================================ name: icontract categories: - linter tags: - python license: MIT types: - cli source: "https://github.com/Parquery/icontract" homepage: "https://github.com/Parquery/icontract" description: >- Design-by-contract library supporting behavioral subtyping There is also a wider tooling around the icontract library such as a linter (pyicontract-lint) and a plug-in for Sphinx (sphinx-icontract). ================================================ FILE: data/tools/iroh.js.yml ================================================ name: Iroh.js categories: - linter tags: - javascript license: MIT License types: - cli source: 'https://github.com/maierfelix/Iroh' homepage: 'https://github.com/maierfelix/Iroh' description: >- A dynamic code analysis tool for JavaScript. Iroh allows to record your code flow in realtime, intercept runtime informations and manipulate program behaviour on the fly. ================================================ FILE: data/tools/jalangi2.yml ================================================ name: Jalangi2 categories: - linter tags: - javascript license: Apache-2.0 License types: - cli source: 'https://github.com/Samsung/jalangi2' homepage: 'https://github.com/Samsung/jalangi2' description: Jalangi2 is a popular framework for writing dynamic analyses for JavaScript. ================================================ FILE: data/tools/java-pathfinder.yml ================================================ name: Java PathFinder categories: - linter tags: - java license: Apache-2.0 License types: - cli source: 'https://github.com/javapathfinder/jpf-core' homepage: 'https://github.com/javapathfinder/jpf-core' description: An extensible software model checking framework for Java bytecode programs. ================================================ FILE: data/tools/klee.yml ================================================ name: KLEE categories: - linter tags: - c - cpp license: MIT License types: - cli source: 'https://github.com/klee/klee' homepage: 'https://github.com/klee/klee' description: Symbolic virtual machine built on top of the LLVM compiler infrastructure. ================================================ FILE: data/tools/ldra.yml ================================================ name: LDRA categories: - linter tags: - c - cpp license: proprietary types: - cli homepage: 'https://ldra.com' description: >- A tool suite including dynamic analysis and test to various standards can ensure test coverage to 100% op-code, branch & decsion coverage. ================================================ FILE: data/tools/llvm-clang-sanitizers.yml ================================================ name: LLVM/Clang Sanitizers categories: - linter tags: - c - cpp license: Apache-2.0 License types: - cli source: 'https://github.com/google/sanitizers' homepage: 'https://github.com/google/sanitizers' description: >- ================================================ FILE: data/tools/llvm-propeller.yml ================================================ name: llvm-propeller categories: - linter tags: - binary license: Apache 2.0 types: - cli source: 'https://github.com/google/llvm-propeller' homepage: 'https://github.com/google/llvm-propeller' description: >- Profile guided hot/cold function splitting to improve cache efficiency. An alternative to BOLT by Facebook ================================================ FILE: data/tools/loom.yml ================================================ name: loom categories: - linter tags: - rust license: MIT types: - cli source: 'https://github.com/tokio-rs/loom' homepage: 'https://github.com/tokio-rs/loom' description: >- Concurrency permutation testing tool for Rust. It runs a test many times, permuting the possible concurrent executions of that test. ================================================ FILE: data/tools/microsoft-intellitest.yml ================================================ name: Microsoft IntelliTest categories: - linter tags: - dotnet license: MIT License types: - cli homepage: 'https://docs.microsoft.com/en-us/visualstudio/test/intellitest-manual/getting-started?view=vs-2019' description: Generate a candidate suite of tests for your .NET code. ================================================ FILE: data/tools/miri.yml ================================================ name: MIRI categories: - linter tags: - rust license: MIT License types: - cli source: 'https://github.com/rust-lang/miri' homepage: 'https://github.com/rust-lang/miri' description: >- An interpreter for Rust's mid-level intermediate representation, which can detect certain classes of undefined behavior like out-of-bounds memory accesses and use-after-free. ================================================ FILE: data/tools/parasoft-jtest.yml ================================================ name: Parasoft Jtest categories: - linter tags: - java license: proprietary types: - cli homepage: 'https://www.parasoft.com/products/jtest' description: >- Jtest is an automated Java software testing and static analysis product that is made by Parasoft. The product includes technology for Data-flow analysis Unit test-case generation and execution, static analysis, regression testing, code coverage, and runtime error detection. ================================================ FILE: data/tools/pex-and-moles.yml ================================================ name: Pex and Moles categories: - linter tags: - dotnet license: MIT License types: - cli homepage: 'https://www.microsoft.com/en-us/research/project/pex-and-moles-isolation-and-white-box-unit-testing-for-net/' description: >- Pex automatically generates test suites with high code coverage using automated white box analysis. ================================================ FILE: data/tools/pin-tools.yml ================================================ name: Pin Tools categories: - linter tags: - binary license: MIT License types: - cli homepage: 'https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool' description: >- A dynamic binary instrumentation tool and a platform for creating analysis tools. ================================================ FILE: data/tools/poop.yml ================================================ name: poop categories: - linter tags: - zig license: MIT types: - cli source: "https://github.com/andrewrk/poop" homepage: "https://github.com/andrewrk/poop" description: >- Performance Optimizer Observation Platform This command line tool uses Linux's `perf_event_open` functionality to compare the performance of multiple commands with a colorful terminal user interface. It is similar to `hyperfine`. ================================================ FILE: data/tools/prowler.yml ================================================ name: prowler categories: - linter tags: - cloud license: Apache-2.0 license types: - cli source: 'https://github.com/prowler-cloud/prowler' homepage: 'https://prowler.pro' resources: - title: 'Prowler Introduction' url: 'https://www.youtube.com/watch?v=Oo5e45NCKFw' description: >- Prowler is an Open Source security tool to perform AWS and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks. ================================================ FILE: data/tools/puffin.yml ================================================ name: puffin categories: - linter tags: - rust license: MIT License types: - cli source: 'https://github.com/EmbarkStudios/puffin' homepage: 'https://github.com/EmbarkStudios/puffin' description: Instrumentation profiler for Rust. ================================================ FILE: data/tools/rust-san.yml ================================================ name: rust-san categories: - linter tags: - rust license: Apache 2.0 / MIT License types: - cli source: 'https://github.com/japaric/rust-san' homepage: 'https://github.com/japaric/rust-san' description: How-to sanitize your Rust code with built-in Rust dynamic analyzers ================================================ FILE: data/tools/scalene.yml ================================================ name: Scalene categories: - profiler tags: - python license: Apache-2.0 License types: - cli source: 'https://github.com/emeryberger/scalene' homepage: 'https://github.com/emeryberger/scalene' description: A high-performance, high-precision CPU and memory profiler for Python ================================================ FILE: data/tools/smartbear.yml ================================================ name: Smartbear categories: - linter tags: - api - web license: proprietary types: - service homepage: 'https://smartbear.com/' description: 'Test automation and performance testing platform' ================================================ FILE: data/tools/souper.yml ================================================ name: souper categories: - linter tags: - bytecode license: Apache 2.0 types: - cli source: 'https://github.com/google/souper' homepage: 'https://github.com/google/souper' description: optimize LLVM IR with SMT solvers ================================================ FILE: data/tools/statsviz.yml ================================================ name: statsviz categories: - linter tags: - go license: MIT types: - cli source: 'https://github.com/arl/statsviz' homepage: 'https://github.com/arl/statsviz' description: >- Instant live visualization of your Go application runtime statistics in the browser. It plots heap usage, MSpans/MCaches, Object counts, Goroutines and GC/CPU fraction. ================================================ FILE: data/tools/stuck.yml ================================================ name: stuck categories: - linter tags: - rust license: MIT License types: - cli source: 'https://github.com/jonhoo/stuck' homepage: 'https://github.com/jonhoo/stuck' description: >- provides a visualization for quickly identifying common bottlenecks in running, asynchronous, and concurrent applications. ================================================ FILE: data/tools/suture.yml ================================================ name: suture categories: - linter tags: - ruby license: MIT types: - cli source: 'https://github.com/testdouble/suture' homepage: 'https://github.com/testdouble/suture' description: >- A Ruby gem that helps you refactor your legacy code by the result of some old behavior with a new version. ================================================ FILE: data/tools/sydr.yml ================================================ name: Sydr categories: - fuzzer - linter tags: - security - c - cpp - rust - swift - go license: proprietary types: - cli homepage: 'https://sydr-fuzz.github.io/' resources: - title: Sydr - Cutting Dynamic Symbolic Execution url: https://www.ispras.ru/conf/2020/video/compiler-technology-11-december.mp4#t=6021 description: Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle. ================================================ FILE: data/tools/triton.yml ================================================ name: TRITON categories: - linter tags: - binary license: Apache-2.0 License types: - cli source: 'https://github.com/JonathanSalwan/Triton' homepage: 'https://triton.quarkslab.com/' description: Dynamic Binary Analysis for x86 binaries. ================================================ FILE: data/tools/typo.yml ================================================ name: typo categories: - linter tags: - python license: MIT License types: - cli source: 'https://github.com/aldanor/typo' homepage: 'https://github.com/aldanor/typo' description: Runtime Type Checking for Python 3. ================================================ FILE: data/tools/valgrind.yml ================================================ name: Valgrind categories: - linter tags: - c - cpp license: GNU General Public License v2 types: - cli source: 'https://sourceware.org/git/?p=valgrind.git' homepage: 'https://valgrind.org/' description: An instrumentation framework for building dynamic analysis tools. ================================================ FILE: data/tools/vb-watch.yml ================================================ name: VB Watch categories: - linter tags: - vbasic license: proprietary types: - cli homepage: 'https://www.aivosto.com/vbwatch.html' description: >- Profiler, Protector and Debugger for VB6. Profiler measures performance and test coverage. Protector implements robust error handling. Debugger helps monitor your executables. ================================================ FILE: data/tools/wasabi.yml ================================================ name: Wasabi categories: - linter tags: - webassembly license: MIT types: - cli source: 'https://github.com/danleh/wasabi' homepage: 'https://github.com/danleh/wasabi' description: Wasabi is a framework for writing dynamic analyses for WebAssembly, written in JavaScript. ================================================ FILE: data/tools/whitehat-sentinel-dynamic.yml ================================================ name: WhiteHat Sentinel Dynamic categories: - linter tags: - security - sql - xml license: proprietary types: - cli homepage: 'https://www.synopsys.com/software-integrity/security-testing/dast.html' description: >- Part of the WhiteHat Application Security Platform. Dynamic application security scanner that covers the OWASP Top 10.