Analysis tools logo

17 Containers Static Analysis Tools

Type:
Any
10

DeepSource

  • Type: service

In-depth static analysis to find issues in verticals of bug risks, security, anti-patterns, performance, documentation and style. Native integrations with GitHub, GitLab and Bitbucket. Less than 5% false positives.

5

KubeLinter

  • Type: cli
804

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

2

Codeac

  • Type: service

Automated code review tool integrates with GitHub, Bitbucket and GitLab (even self-hosted). Available for JavaScript, TypeScript, Python, Ruby, Go, PHP, Java, Docker, and more. (open-source free)

2

CodeFlow

  • Type: service

Automated code analysis tool to deal with technical depth. Integrates with Bitbucket and Gitlab. (free for Open Source Projects)

2

Haskell Dockerfile Linter

  • Type: cli
4360

A smarter Dockerfile linter that helps you build best practice Docker images.

2

kube-score

  • Type: cli
1015

Static code analysis of your Kubernetes object definitions.

0

anchore

  • Type: cli
1104

Discover, analyze, and certify container images.

0

clair

  • Type: cli
7215

Vulnerability Static Analysis for Containers.

0

collector

  • Type: cli
275

Run arbitrary scripts inside containers, and gather useful information.

0

dagda

  • Type: cli
784

Perform static analysis of known vulnerabilities in docker images/containers.

0

Docker Label Inspector

  • Type: cli
76

Lint and validate Dockerfile labels.

0

kubeval

  • Type: cli
2114

Validates your Kubernetes configuration files and supports multiple Kubernetes versions.

0

Qualys Container Security

  • Type: service

Container native application protection to provide visibility and control of containerized applications.

0

ShiftLeft Scan

  • Type: cli
  • Type: service
158

Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines.

0

Snyk

  • Type: service

Vulnerability scanner for dependencies of node.js apps (free for Open Source Projects).

❤️ Sponsor this project

We are currently looking for partners who want to sponsor hosting and development of the project.

Check out our Github Sponsors page here

Missing an entry? Please let us know.