17 Containers Static Analysis Tools

In-depth static analysis to find issues in verticals of bug risks, security, anti-patterns, performance, documentation and style. Native integrations with GitHub, GitLab and Bitbucket. Less than 5% false positives.

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

Automated code review tool integrates with GitHub, Bitbucket and GitLab (even self-hosted). Available for JavaScript, TypeScript, Python, Ruby, Go, PHP, Java, Docker, and more. (open-source free)

Automated code analysis tool to deal with technical depth. Integrates with Bitbucket and Gitlab. (free for Open Source Projects)

A smarter Dockerfile linter that helps you build best practice Docker images.

Static code analysis of your Kubernetes object definitions.

Discover, analyze, and certify container images.

Vulnerability Static Analysis for Containers.

Automated Code Analysis for repos on GitHub or BitBucket.

Run arbitrary scripts inside containers, and gather useful information.

Perform static analysis of known vulnerabilities in docker images/containers.

Lint and validate Dockerfile labels.

Validates your Kubernetes configuration files and supports multiple Kubernetes versions.

Container native application protection to provide visibility and control of containerized applications.

Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines.

Vulnerability scanner for dependencies of node.js apps (free for Open Source Projects).

Combination of multiple linters to install as a GitHub Action.