checkmake logo

checkmake

MaintainedMaintained

Linter / Analyzer for Makefiles.

Tutorials / Guides

  • checkmake screenshot

509 Alternatives to checkmake

abaplint

Linter for ABAP, written in TypeScript.

  • MaintainedMaintained
  • MaintainedAbap
  • MaintainedcliMaintainedserviceMaintainedide-plugin
  • Maintainedlinter

abapOpenChecks

Enhances the SAP Code Inspector with new and customizable checks.

  • MaintainedMaintained
  • MaintainedAbap
  • Maintainedcli
  • Maintainedlinter

actionlint

Static checker for GitHub Actions workflow files. Provides an online version.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

aether

Lint, analyze, normalize, transform, sandbox, run, step through, and visualize user JavaScript, in node or the browser.

After the Deadline

Spell, style and grammar checker.

  • DeprecatedDeprecated
  • DeprecatedMulti-Language
  • Deprecatedcli
  • Deprecatedlinter

alex

Catch insensitive, inconsiderate writing

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

aligncheck

Find inefficiently packed structs.

  • MaintainedMaintained
  • MaintainedGo
  • Maintainedcli
  • Maintainedlinter

alquitran

Inspects tar archives and tries to spot portability issues in regard to POSIX 2017 pax specification and common tar implementations. This project is intended to be used by maintainers of projects who want to offer portable source code archives for as many systems as possible. Checking tar archives with alquitran before publishing them should help spotting issues before they reach distributors and users.

  • DeprecatedDeprecated
  • DeprecatedMulti-Language
  • Deprecatedcli
  • Deprecatedlinter

ameba

A static code analysis tool for Crystal.

anchore

Discover, analyze, and certify container images. A service that analyzes Docker images and applies user-defined acceptance policies to allow automated container image validation and certification

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

Android Lint

Run static analysis on Android projects.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

android-lint-summary

Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once.

  • DeprecatedDeprecated
  • DeprecatedMulti-Language
  • Deprecatedcli
  • Deprecatedlinter

angr

Platform agnostic binary analysis framework from UCSB.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

Angular ESLint

Linter for Angular projects

ansible-lint

Checks playbooks for practices and behaviour that could potentially be improved.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

ArchUnitNET

A C# architecture test library to specify and assert architecture rules in C# for automated testing.

autoflake

Autoflake removes unused imports and unused variables from Python code.

AWS CloudFormation Guard

Check local CloudFormation templates against policy-as-code rules and generate rules from existing templates.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

AzSK

Secure DevOps kit for Azure (AzSK) provides security IntelliSense, Security Verification Tests (SVTs), CICD scan vulnerabilities, compliance issues, and infrastructure misconfiguration in your infrastructure-as-code. Supports Azure via ARM.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

bandit

A tool to find common security issues in Python code.

bashate

Code style enforcement for bash programs. The output format aims to follow pycodestyle (pep8) default output format.

bellybutton

A linting engine supporting custom project-specific rules.

binbloom

Analyzes a raw binary firmware and determines features like endianness or the loading address. The tool is compatible with all architectures. Loading address: binbloom can parse a raw binary firmware and determine its loading address. Endianness: binbloom can use heuristics to determine the endianness of a firmware. UDS Database: binbloom can parse a raw binary firmware and check if it contains an array containing UDS command IDs.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

BinSkim

A binary static analysis tool that provides security and correctness results for Windows portable executables.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

Black Duck

Tool to analyze source code and binaries for reusable code, necessary licenses and potential security aspects.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

bloaty

Ever wondered what's making your binary big? Bloaty McBloatface will show you a size profile of the binary so you can understand what's taking up space inside. Bloaty performs a deep analysis of the binary. Using custom ELF, DWARF, and Mach-O parsers, Bloaty aims to accurately attribute every byte of the binary to the symbol or compileunit that produced it. It will even disassemble the binary looking for references to anonymous data. F

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

bodyclose

Checks whether HTTP response body is closed.

  • MaintainedMaintained
  • MaintainedGo
  • Maintainedcli
  • Maintainedlinter

Bootlint

An HTML linter for Bootstrap projects.

  • DeprecatedDeprecated
  • DeprecatedMulti-Language
  • Deprecatedcli
  • Deprecatedlinter

Bowler

Safe code refactoring for modern Python. Bowler is a refactoring tool for manipulating Python at the syntax tree level. It enables safe, large scale code modifications while guaranteeing that the resulting code compiles and runs. It provides both a simple command line interface and a fluent API in Python for generating complex code modifications in code.

brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

buf

Provides a CLI linter that enforces good API design choices and structure

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

bundler-audit

Audit Gemfile.lock for gems with security vulnerabilities reported in Ruby Advisory Database.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

C2Rust

C2Rust helps you migrate C99-compliant code to Rust. The translator (or transpiler) produces unsafe Rust code that closely mirrors the input C code.

  • MaintainedMaintained
  • MaintainedRust
  • Maintainedcli
  • Maintainedlinter

CakeFuzzer

Web application security testing tool for CakePHP-based web applications. CakeFuzzer employs a predefined set of attacks that are randomly modified before execution. Leveraging its deep understanding of the Cake PHP framework, Cake Fuzzer launches attacks on all potential application entry points.

  • MaintainedMaintained
  • MaintainedPhp
  • Maintainedcli
  • Maintainedlinter

cane

Code quality threshold checking as part of your build.

  • DeprecatedDeprecated
  • DeprecatedRuby
  • Deprecatedcli
  • Deprecatedlinter

cargo-audit

Audit Cargo.lock for crates with security vulnerabilities reported to the RustSec Advisory Database.

  • MaintainedMaintained
  • MaintainedRust
  • Maintainedcli
  • Maintainedlinter

cargo-bloat

Find out what takes most of the space in your executable. supports ELF (Linux, BSD), Mach-O (macOS) and PE (Windows) binaries.

  • MaintainedMaintained
  • MaintainedRust
  • Maintainedcli
  • Maintainedlinter

cargo-breaking

cargo-breaking compares a crate's public API between two different branches, shows what changed, and suggests the next version according to semver.

  • MaintainedMaintained
  • MaintainedRust
  • Maintainedcli
  • Maintainedlinter

cargo-call-stack

Whole program static stack analysis The tool produces the full call graph of a program as a dot file.

  • MaintainedMaintained
  • MaintainedRust
  • Maintainedcli
  • Maintainedlinter

cargo-deny

A cargo plugin for linting your dependencies. It can be used either as a command line too, a Rust crate, or a Github action for CI. It checks for valid license information, duplicate crates, security vulnerabilities, and more.

  • MaintainedMaintained
  • MaintainedRust
  • Maintainedcli
  • Maintainedlinter

cargo-expand

Cargo subcommand to show result of macro expansion and #[derive] expansion applied to the current crate. This is a wrapper around a more verbose compiler command.

  • MaintainedMaintained
  • MaintainedRust
  • Maintainedcli
  • Maintainedlinter

cargo-inspect

Inspect Rust code without syntactic sugar to see what the compiler does behind the curtains.

  • DeprecatedDeprecated
  • DeprecatedRust
  • Deprecatedcli
  • Deprecatedlinter

cargo-show-asm

cargo subcommand showing the assembly, LLVM-IR and MIR generated for Rust code

  • MaintainedMaintained
  • MaintainedRust
  • Maintainedcli
  • Maintainedlinter

cargo-spellcheck

Checks all your documentation for spelling and grammar mistakes with hunspell (ready) and languagetool (preview)

  • MaintainedMaintained
  • MaintainedRust
  • Maintainedcli
  • Maintainedlinter

cargo udeps

Find unused dependencies in Cargo.toml. It either prints out a "unused crates" line listing the crates, or it prints out a line saying that no crates were unused.

  • MaintainedMaintained
  • MaintainedRust
  • Maintainedcli
  • Maintainedlinter

cargo-unused-features

Find potential unused enabled feature flags and prune them. You can generate a simple HTML report from the json to make it easier to inspect results. It removes a feature of a dependency and then compiles the project to see if it still compiles. If it does, the feature flag can possibly be removed, but it can be a false-positve.

  • MaintainedMaintained
  • MaintainedRust
  • Maintainedcli
  • Maintainedlinter

cfn-lint

AWS Labs CloudFormation linter.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

cfn_nag

A linter for AWS CloudFormation templates.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

chart-testing

ct is the the tool for testing Helm charts. It is meant to be used for linting and testing pull requests. It automatically detects charts changed against the target branch.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

Checker Framework

Pluggable type-checking for Java. This is not just a bug-finder, but a verification tool that gives a guarantee of correctness. It comes with 27 pre-built type systems, and it enables users to define their own type system; the manual lists over 30 user-contributed type systems.

  • MaintainedMaintained
  • MaintainedJava
  • Maintainedcli
  • Maintainedlinter

checkov

Static analysis tool for Terraform files (tf>=v0.12), preventing cloud misconfigs at build time.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

checkstyle

Checking Java source code for adherence to a Code Standard or set of validation rules (best practices).

  • MaintainedMaintained
  • MaintainedJava
  • Maintainedcli
  • Maintainedlinter

ChkTeX

A linter for LaTex which catches some typographic errors LaTeX oversees.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

Churn

A Project to give the churn file, class, and method for a project for a given checkin. Over time the tool adds up the history of churns to give the number of times a file, class, or method is changing during the life of a project.

  • DeprecatedDeprecated
  • DeprecatedRuby
  • Deprecatedcli
  • Deprecatedlinter

churn-php

Helps discover good candidates for refactoring.

  • MaintainedMaintained
  • MaintainedPhp
  • Maintainedcli
  • Maintainedlinter

ck

Calculates Chidamber and Kemerer object-oriented metrics by processing the source Java files.

  • MaintainedMaintained
  • MaintainedJava
  • Maintainedcli
  • Maintainedlinter

ckjm

Calculates Chidamber and Kemerer object-oriented metrics by processing the bytecode of compiled Java files.

  • MaintainedMaintained
  • MaintainedJava
  • Maintainedcli
  • Maintainedlinter

clair

Vulnerability Static Analysis for Containers.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

clippy

A code linter to catch common mistakes and improve your Rust code.

  • MaintainedMaintained
  • MaintainedRust
  • Maintainedcli
  • Maintainedlinter

clj-kondo

A linter for Clojure code that sparks joy. It informs you about potential errors while you are typing.

Closure Compiler

A compiler tool to increase efficiency, reduce size, and provide code warnings in JavaScript files.

ClosureLinter

Ensures that all of your project's JavaScript code follows the guidelines in the Google JavaScript Style Guide. It can also automatically fix many common errors.

clusterlint

Clusterlint queries live Kubernetes clusters for resources, executes common and platform specific checks against these resources and provides actionable feedback to cluster operators. It is a non invasive tool that is run externally. Clusterlint does not alter the resource configurations.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

code-cracker

An analyzer library for C# and VB that uses Roslyn to produce refactorings, code analysis, and other niceties.

Codelyzer

A set of tslint rules for static code analysis of Angular 2 TypeScript projects.

CodeNarc

A static analysis tool for Groovy source code, enabling monitoring and enforcement of many coding standards and best practices.

Codepeer

Detects run-time and logic errors.

  • MaintainedMaintained
  • MaintainedAda
  • Maintainedcli
  • Maintainedlinter

codespell

Check code for common misspellings.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

coffeelint

A style checker that helps keep CoffeeScript code clean and consistent.

CogniCrypt

Checks Java source and byte code for incorrect uses of cryptographic APIs.

  • MaintainedMaintained
  • MaintainedJava
  • Maintainedcli
  • Maintainedlinter

cohesion

A tool for measuring Python class cohesion.

commitlint

checks if your commit messages meet the conventional commit format

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

complexity-report

Software complexity analysis for JavaScript projects.

cookstyle

Cookstyle is a linting tool based on the RuboCop Ruby linting tool for Chef cookbooks.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

CPAchecker

A tool for configurable software verification of C programs. The name CPAchecker was chosen to reflect that the tool is based on the CPA concepts and is used for checking software programs.

  • MaintainedMaintained
  • MaintainedC
  • Maintainedcli
  • Maintainedlinter

Credential Digger

Credential Digger is a GitHub scanning tool that identifies hardcoded credentials (Passwords, API Keys, Secret Keys, Tokens, personal information, etc), and filtering the false positive data through a machine learning model called Password Model. This scanner is able to detect passwords and non structured tokens with a low false positive rate.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

credo

A static code analysis tool with a focus on code consistency and teaching.

crystal

The Crystal compiler has built-in linting functionality.

CSharpEssentials

C# Essentials is a collection of Roslyn diagnostic analyzers, code fixes and refactorings that make it easy to work with C# 6 language features.

CSS Stats

Potentially interesting stats on stylesheets.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

CSSLint

Does basic syntax checking and finds problematic patterns or signs of inefficiency.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

cwe_checker

cwe_checker finds vulnerable patterns in binary executables.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

cyclocomp

Quantifies the cyclomatic complexity of R functions / expressions.

  • MaintainedMaintained
  • MaintainedR
  • Maintainedcli
  • Maintainedlinter

D-scanner

D-Scanner is a tool for analyzing D source code.

dagda

Perform static analysis of known vulnerabilities in docker images/containers.

  • DeprecatedDeprecated
  • DeprecatedMulti-Language
  • Deprecatedcli
  • Deprecatedlinter

Dart Code Metrics

Additional linter for Dart. Reports code metrics, checks for anti-patterns and provides additional rules for Dart analyzer.

  • MaintainedMaintained
  • MaintainedDart
  • Maintainedcli
  • Maintainedlinter

Dataflow Framework

An industrial-strength dataflow framework for Java. The Dataflow Framework is used in the Checker Framework, Google’s Error Prone, Uber’s NullAway, Meta’s Nullsafe, and in other contexts. It is distributed with the Checker Framework.

  • MaintainedMaintained
  • MaintainedJava
  • Maintainedcli
  • Maintainedlinter

Datree

A CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

dawnscanner

A static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

dbcritic

dbcritic finds problems in a database schema, such as a missing primary key constraint in a table.

  • MaintainedMaintained
  • MaintainedSql
  • Maintainedcli
  • Maintainedlinter

deadcode

Finds unused code.

  • MaintainedMaintained
  • MaintainedGo
  • Maintainedcli
  • Maintainedlinter

deadnix

Scan Nix files for dead code (unused variable bindings)

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

deal

Design by contract for Python. Write bug-free code. By adding a few decorators to your code, you get for free tests, static analysis, formal verification, and much more.

DeepScan

An analyzer for JavaScript which targets runtime errors and quality issues rather than coding conventions.

dennis

A set of utilities for working with PO files to ease development and improve quality.

  • DeprecatedDeprecated
  • DeprecatedMulti-Language
  • Deprecatedcli
  • Deprecatedlinter

deno_lint

Official linter for Deno.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

dephpend

Dependency analysis tool.

  • MaintainedMaintained
  • MaintainedPhp
  • Maintainedcli
  • Maintainedlinter

deprecation-detector

Finds usages of deprecated (Symfony) code.

  • MaintainedMaintained
  • MaintainedPhp
  • Maintainedcli
  • Maintainedlinter

deptrac

Enforce rules for dependencies between software layers.

  • MaintainedMaintained
  • MaintainedPhp
  • Maintainedcli
  • Maintainedlinter

Designite

Designite supports detection of various architecture, design, and implementation smells, computation of various code quality metrics, and trend analysis.

DesigniteJava

DesigniteJava supports detection of various architecture, design, and implementation smells along with computation of various code quality metrics.

  • MaintainedMaintained
  • MaintainedJava
  • Maintainedcli
  • Maintainedlinter

DesignPatternDetector

Detection of design patterns in PHP code.

  • MaintainedMaintained
  • MaintainedPhp
  • Maintainedcli
  • Maintainedlinter

detect-secrets

An enterprise friendly way of detecting and preventing secrets in code. It does this by running periodic diff outputs against heuristically crafted regex statements, to identify whether any new secret has been committed. This way, it avoids the overhead of digging through all git history, as well as the need to scan the entire repository every time.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

detekt

Static code analysis for Kotlin code.

dialyxir

Mix tasks to simplify use of Dialyzer in Elixir projects.

dialyzer

The DIALYZER, a DIscrepancy AnaLYZer for ERlang programs. Dialyzer is a static analysis tool that identifies software discrepancies, such as definite type errors, code that has become dead or unreachable because of programming error, and unnecessary tests, in single Erlang modules or entire (sets of) applications. Dialyzer starts its analysis from either debug-compiled BEAM bytecode or from Erlang source code. The file and line number of a discrepancy is reported along with an indication of what the discrepancy is about. Dialyzer bases its analysis on the concept of success typings, which allows for sound warnings (no false positives).

diff.rs

Web application (WASM) to render a diff between Rust crate versions.

  • MaintainedMaintained
  • MaintainedRust
  • Maintainedcli
  • Maintainedlinter

diktat

Strict coding standard for Kotlin and a linter that detects and auto-fixes code smells.

  • MaintainedMaintained
  • MaintainedKotlin
  • Maintainedcli
  • MaintainedlinterMaintainedformatter

dingo-hunter

Static analyser for finding deadlocks in Go.

  • MaintainedMaintained
  • MaintainedGo
  • Maintainedcli
  • Maintainedlinter

Dlint

A tool for ensuring Python code is secure.

Docker Label Inspector

Lint and validate Dockerfile labels.

  • DeprecatedDeprecated
  • DeprecatedMulti-Language
  • Deprecatedcli
  • Deprecatedlinter

Dodgy

Dodgy is a very basic tool to run against your codebase to search for "dodgy" looking values. It is a series of simple regular expressions designed to detect things such as accidental SCM diff checkins, or passwords or secret keys hard coded into files.

dogsled

Finds assignments/declarations with too many blank identifiers.

  • MaintainedMaintained
  • MaintainedGo
  • Maintainedcli
  • Maintainedlinter

Doop

Doop is a declarative framework for static analysis of Java/Android programs, centered on pointer analysis algorithms. Doop provides a large variety of analyses and also the surrounding scaffolding to run an analysis end-to-end (fact generation, processing, statistics, etc.).

  • MaintainedMaintained
  • MaintainedJava
  • Maintainedcli
  • Maintainedlinter

dotenv-linter

Linting dotenv files like a charm.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

dotenv-linter (Rust)

Lightning-fast linter for .env files. Written in Rust

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

DrNim

DrNim combines the Nim frontend with the Z3 proof engine in order to allow verify / validate software written in Nim.

  • MaintainedMaintained
  • MaintainedNim
  • Maintainedcli
  • Maintainedlinter

dupl

Reports potentially duplicated code.

  • DeprecatedDeprecated
  • DeprecatedGo
  • Deprecatedcli
  • Deprecatedlinter

dylint

A tool for running Rust lints from dynamic libraries. Dylint makes it easy for developers to maintain their own personal lint collections.

  • MaintainedMaintained
  • MaintainedRust
  • Maintainedcli
  • Maintainedlinter

effective_dart

Linter rules corresponding to the guidelines in Effective Dart

  • MaintainedMaintained
  • MaintainedDart
  • Maintainedcli
  • Maintainedlinter

electrolysis

A tool for formally verifying Rust programs by transpiling them into definitions in the Lean theorem prover.

  • DeprecatedDeprecated
  • DeprecatedRust
  • Deprecatedcli
  • Deprecatedlinter

elm-analyse

A tool that allows you to analyse your Elm code, identify deficiencies and apply best practices.

  • DeprecatedDeprecated
  • DeprecatedElm
  • Deprecatedcli
  • Deprecatedlinter

elm-review

Analyzes whole Elm projects, with a focus on shareable and custom rules written in Elm that add guarantees the Elm compiler doesn't give you.