22 Rust Static Analysis Tools

A code linter to catch common mistakes and improve your Rust code.

Audit Cargo.lock for crates with security vulnerabilities reported to the [RustSec Advisory Database](https://github.com/RustSec/advisory-db/).

Supports functionality such as 'goto definition', type inference, symbol search, reformatting, and code completion, and enables renaming and refactorings.

Checks all your documentation for spelling and grammar mistakes with hunspell (ready) and languagetool (preview)

Supports functionality such as 'goto definition', symbol search, reformatting, and code completion, and enables renaming and refactorings.

Inspect Rust code without syntactic sugar to see what the compiler does behind the curtains.

A tool for formatting Rust code according to style guidelines.

C2Rust helps you migrate C99-compliant code to Rust. The translator (or transpiler) produces unsafe Rust code that closely mirrors the input C code.

Cargo subcommand to show result of macro expansion and #[derive] expansion applied to the current crate. This is a wrapper around a more verbose compiler command.

Find unused dependencies in Cargo.toml. It either prints out a "unused crates" line listing the crates, or it prints out a line saying that no crates were unused.

A tool for formally verifying Rust programs by transpiling them into definitions in the Lean theorem prover.

And abstract interpreter operating on Rust's mid-level intermediate language, and providing warnings based on taint analysis.

Audit Rust binaries for known bugs or security vulnerabilities. This works by embedding data about the dependency tree (Cargo.lock) in JSON format into a dedicated linker section of the compiled executable.

Read and apply the suggestions made by rustc (and third-party lints, like those offered by clippy).

Linter for integrating annotated TODOs with your issue trackers

Find out what takes most of the space in your executable. supports ELF (Linux, BSD), Mach-O (macOS) and PE (Windows) binaries.

Adds warnings or errors to your crate when using a numerically unstable floating point expression.

Linting your Rust-files in Atom, using rustc and cargo.

A static verifier for Rust, based on the Viper verification infrastructure. By default Prusti verifies absence of panics by proving that statements such as unreachable!() and panic!() are unreachable.

Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines.