The Best Scala Static Analysis Tools (Linters/Formatters)

We rank 34 Scala linters, code analyzers, formatters, and more. Find and compare tools like Mega-Linter, Sonatype, Sigrid, and more. Please rate and review tools that you've used. This helps others find the best tools for their projects.

4 Scala Tools

Scalastyle

Scalastyle examines your Scala code and indicates potential problems with it.

  • MaintainedMaintained
  • MaintainedScala
  • Maintainedcli
  • Maintainedlinter
  • 100% upvoted

WartRemover

A flexible Scala code linting tool.

  • MaintainedMaintained
  • MaintainedScala
  • Maintainedcli
  • Maintainedlinter
  • 80% upvoted

linter

Linter is a Scala static analysis compiler plugin which adds compile-time checks for various possible bugs, inefficiencies, and style problems.

  • DeprecatedDeprecated
  • DeprecatedScala
  • Deprecatedcli
  • Deprecatedlinter
  • 100% upvoted

scapegoat

Scala compiler plugin for static code analysis.

  • MaintainedMaintained
  • MaintainedScala
  • Maintainedcli
  • Maintainedlinter
  • 100% upvoted

30 Multi-Language Tools

Mega-Linter

Mega-Linter can handle any type of project thanks to its 70+ embedded Linters, its advanced reporting, runnable on any CI system or locally, with assisted installation and configuration, able to apply formatting and fixes

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 67% upvoted

Sonatype

Reports known vulnerabilities in common dependencies and recommends updated packages to minimize breaking changes

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedservice
  • Maintainedlinter
  • 71% upvoted

Sigrid

Sigrid helps you to improve your software by measuring your system's code quality, and then compares the results against a benchmark of thousands of industry systems to give you concrete advice on areas where you can improve.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • MaintainedcliMaintainedservice
  • Maintainedlinter
  • 92% upvoted

CodeScene

CodeScene is a quality visualization tool for software. Prioritize technical debt, detect delivery risks, and measure organizational aspects. Fully automated.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedservice
  • Maintainedlinter
  • 62% upvoted

Coverity

Synopsys Coverity supports 20 languages and over 70 frameworks including Ruby on rails, Scala, PHP, Python, JavaScript, TypeScript, Java, Fortran, C, C++, C#, VB.NET.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 62% upvoted

Better Code Hub

Better Code Hub checks your GitHub codebase against 10 engineering guidelines devised by the authority in software quality, Software Improvement Group.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedservice
  • Maintainedlinter
  • 68% upvoted

DerScanner

Multi-language Static Application Security Testing (SAST) platform that detects critical vulnerabilities, including hardcoded secrets, weak cryptography, backdoors, SQL injections, insecure configurations, etc.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • MaintainedcliMaintainedservice
  • Maintainedlinter
  • 100% upvoted

callGraph

Statically generates a call graph image and displays it on screen.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 73% upvoted

PMD

A source code analyzer for Java, Salesforce Apex, Javascript, PLSQL, XML, XSL and others.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 73% upvoted

Codacy

Code Analysis to ship Better Code, Faster.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedservice
  • Maintainedlinter
  • 54% upvoted

Find Security Bugs

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 71% upvoted

Checkmarx CxSAST

Commercial Static Code Analysis which doesn't require pre-compilation.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 52% upvoted

Codety

Codety Scanner is a comprehensive source code scanner that embeds 5000+ static code analysis rules, which aim to detect code issues for 20+ programming languages and IaC tools.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedservice
  • Maintainedlinter
  • 67% upvoted

Hopper

A static analysis tool written in scala for languages that run on JVM.

  • DeprecatedDeprecated
  • DeprecatedMulti-Language
  • Deprecatedcli
  • Deprecatedlinter
  • 100% upvoted

Codiga

Automated Code Reviews and Technical Debt management platform that supports 12+ languages.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedservice
  • Maintainedlinter
  • 50% upvoted

Freeplane Code Explorer

The Code Explorer mode in Freeplane is designed for analyzing the structure and dependencies of code compiled to JVM class files. It also allows displaying ArchUnit test results directly in Freeplane, if Freeplane is running and ArchUnit detects rule violations during the tests.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedgui
  • Maintainedmeta
  • 0% upvoted

Kiuwan

Identify and remediate cyber threats in a blazingly fast, collaborative environment, with seamless integration in your SDLC. Python, C\C++, Java, C#, PHP and more.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedservice
  • Maintainedlinter
  • 50% upvoted

lizard

Lizard is an extensible Cyclomatic Complexity Analyzer for many programming languages including C/C++ (doesn't require all the header files or Java imports). It also does copy-paste detection (code clone detection/code duplicate detection) and many other forms of static code analysis. Counts lines of code without comments, CCN (cyclomatic complexity number), token count of functions, parameter count of functions.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 50% upvoted

SonarQube Cloud

SonarQube Cloud enables your team to deliver clean code consistently and efficiently with a code review tool that easily integrates into the cloud DevOps platforms and extend your CI/CD workflow. SonarQube Cloud provides a free plan.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedservice
  • Maintainedlinter
  • 0% upvoted

SonarQube for IDE

SonarQube for IDE (formerly SonarLint) is a free IDE extension available for IntelliJ, VS Code, Visual Studio, and Eclipse, to find and fix coding issues in real-time, flagging issues as you code, just like a spell-checker. More than a linter, it also delivers rich contextual guidance to help developers understand why there is an issue, assess the risk, and educate them on how to fix it.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 0% upvoted

SonarQube Server

SonarQube empowers development teams with a code quality and security solution that deeply integrates into your enterprise environment; enabling you to deploy clean code consistently and reliably. SonarQube provides a free and open source Community Build.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedservice
  • Maintainedlinter
  • 0% upvoted

TencentCodeAnalysis

Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It integrates of a number of self-developed tools, and also supports dynamic integration of code analysis tools in various programming languages.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • MaintainedcliMaintainedservice
  • Maintainedlinter
  • 50% upvoted

Betterscan CE

Sponsor

Checks your code and infra (various Git repositories supported, cloud stacks, CLI, Web Interface platform, integrationss available) for security and quality issues. Code Scanning/SAST/Linting using many tools/Scanners deduplicated with One Report (AI optional).

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 40% upvoted

todocheck

Linter for integrating annotated TODOs with your issue trackers

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 44% upvoted

CodeFactor

Automated Code Analysis for repos on GitHub or BitBucket.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedservice
  • Maintainedlinter
  • 40% upvoted

Qwiet AI

Identify vulnerabilities that are unique to your code base before they reach production. Leverages the Code Property Graph (CPG) to run its analyses concurrently in a single graph of graphs. Automatically finds business logic flaws in dev like hardcoded secrets and logic bombs

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedservice
  • Maintainedlinter
  • 0% upvoted

autocorrect

A linter and formatter to help you to improve copywriting, correct spaces, words, punctuations between CJK (Chinese, Japanese, Korean).

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • MaintainedlinterMaintainedformatter
  • 0% upvoted

StaticReviewer

Static Reviewer executes code checks according to the most relevant Secure Coding Standards, OWASP, CWE, CVE, CVSS, MISRA, CERT, for 40+ programming languages, using 1000+ built-in validation rules for Security, Deadcode & Best Practices Available a module for Software Composition Analysis (SCA) to find vulnerabilities in open source and third party libraries.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 36% upvoted

Fortify

A commercial static analysis platform that supports the scanning of C/C++, C#, VB.NET, VB6, ABAP/BSP, ActionScript, Apex, ASP.NET, Classic ASP, VB Script, Cobol, ColdFusion, HTML, Java, JS, JSP, MXML/Flex, Objective-C, PHP, PL/SQL, T-SQL, Python (2.6, 2.7), Ruby (1.9.3), Swift, Scala, VB, and XML.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedide-plugin
  • Maintainedlinter
  • 46% upvoted

ShiftLeft Scan

Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • MaintainedcliMaintainedservice
  • Maintainedlinter
  • 38% upvoted

Frequently Asked Questions

What are Scala tools?

What are the best Scala static analysis tools and linters?

The most popular Scala tools ranked by user votes are: Mega-Linter, Sonatype, Sigrid, CodeScene, Coverity.

Which Scala tools are free to use?

Tools with a free plan include Better Code Hub, Codiga. On top of that, there are also a number of open source like Mega-Linter, Sonatype, callGraph, PMD, Find Security Bugs, Scalastyle, WartRemover, Codety, linter, Hopper.

Related Tags

Our Sponsors

This website is completely open source. To fund our work, we fully rely on sponsors. Thanks to them, we can keep the site free for everybody. Please check out their offers below.

  • BugProve
  • Pixee
  • semgrep
  • Offensive 360
  • BetterScan