Analysis tools logo

27 Configuration Management Static Analysis Tools

Type:
Any
104

Mega-Linter

  • Type: cli
652

Mega-Linter can handle any type of project thanks to its 70+ embedded Linters, its advanced reporting, runnable on any CI system or locally, with assisted installation and configuration, able to apply formatting and fixes

67

Semgrep

  • Type: cli
  • Type: service
6595

A fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. Its rules look like the code you already write; no abstract syntax trees or regex wrestling. Supports 17+ languages.

18

ShiftLeft

  • Type: service

Identify vulnerabilities that are unique to your code base before they reach production. Leverages the Code Property Graph (CPG) to run its analyses concurrently in a single graph of graphs. Automatically finds business logic flaws in dev like hardcoded secrets and logic bombs

17

DeepSource

  • Type: service

In-depth static analysis to find issues in verticals of bug risks, security, anti-patterns, performance, documentation and style. Native integrations with GitHub, GitLab and Bitbucket. Less than 5% false positives.

3

Datree

  • Type: cli
5548

A CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies

1

checkov

  • Type: cli
4238

Static analysis tool for Terraform files (tf>=v0.12), preventing cloud misconfigs at build time.

1

kics

  • Type: cli
1041

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible

0

ansible-lint

  • Type: cli
2800

Checks playbooks for practices and behaviour that could potentially be improved.

0

AzSK

  • Type: cli
221

Secure DevOps kit for Azure (AzSK) provides security IntelliSense, Security Verification Tests (SVTs), CICD scan vulnerabilities, compliance issues, and infrastructure misconfiguration in your infrastructure-as-code. Supports Azure via ARM.

0

cfn-lint

  • Type: cli
1890

AWS Labs CloudFormation linter.

0

cfn_nag

  • Type: cli
1028

A linter for AWS CloudFormation templates.

0

chart-testing

  • Type: cli
798

ct is the the tool for testing Helm charts. It is meant to be used for linting and testing pull requests. It automatically detects charts changed against the target branch.

0

AWS CloudFormation Guard

  • Type: cli
929

Check local CloudFormation templates against policy-as-code rules and generate rules from existing templates.

0

clusterlint

  • Type: cli
469

Clusterlint queries live Kubernetes clusters for resources, executes common and platform specific checks against these resources and provides actionable feedback to cluster operators. It is a non invasive tool that is run externally. Clusterlint does not alter the resource configurations.

0

cookstyle

  • Type: cli
103

Cookstyle is a linting tool based on the RuboCop Ruby linting tool for Chef cookbooks.

0

foodcritic

  • Type: cli
417

A lint tool that checks Chef cookbooks for common problems.

0

kube-lint

  • Type: cli
158

A linter for Kubernetes resources with a customizable rule set. You define a list of rules that you would like to validate against your resources and kube-lint will evaluate those rules against them.

0

kube-linter

  • Type: cli
1936

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

0

kubeval

  • Type: cli
2830

Validates your Kubernetes configuration files and supports multiple Kubernetes versions.

0

metadata-json-lint

  • Type: cli
25

Tool to check the validity of Puppet metadata.json files.

0

Puppet Lint

  • Type: cli
763

Check that your Puppet manifests conform to the style guide.

0

terraform-compliance

  • Type: cli
1150

A lightweight, compliance- and security focused, BDD test framework against Terraform.

0

terrascan

  • Type: cli
3072

Collection of security and best practice tests for static code analysis of Terraform templates.

0

tflint

  • Type: cli
3110

A Terraform linter for detecting errors that can not be detected by `terraform plan`.

0

tfsec

  • Type: cli
4555

Terraform static analysis tool that prevents potential security issues by checking cloud misconfigurations at build time and directly integrates with the HCL parser for better results. Checks for violations of AWS, Azure and GCP security best practice recommendations.

-4

ShiftLeft Scan

  • Type: cli
  • Type: service
468

Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines.

❤️ Sponsor this project

We are currently looking for partners who want to sponsor hosting and development of the project.

Check out our Github Sponsors page here

Missing an entry? Please let us know.