License Type
More Resources
Suggest resourcesYou Can Contribute!
You can help to improve this list by voting for your favorite tools or adding new ones on Github 
Latest from our Blog
Sat May 25 2024
As developers, maintaining secure, high-quality code is challenging. Security vulnerabilities, performance issues, and code quality concerns can accumulate. Enter Pixeebot, a tool by Pixee that automates security and code improvements, letting developers focus on essential tasks.
Sun Nov 19 2023
I have never been a huge fan of IoT devices. Granted, they make our life easier, but they also open the door to a lot of security issues. Most IoT devices are black boxes. I don't know what's inside and I don't know what they connect to.
Thu Apr 06 2023
As a developer, I have faced my fair share of security mishaps. I recall times when I accidentally exposed sensitive data in logs or sent a network request over a non-encrypted HTTP channel when HTTPS was available. I'm sure many of you can relate to these situations. We may not be security experts, but that doesn't mean we shouldn't take measures to protect our applications. This is where Bearer, a new security tool for Ruby and JavaScript apps (Java coming soon), comes into play.
Wed Mar 29 2023
We are happy to announce that we completely rebuilt analysis-tools.dev from scratch with more features and a new design!This is a major milestone for us, as it marks the first time we sat down to reinvision what the project should become in the next few years.
Tue Jan 26 2021
This project started as a way to scratch my own itch:Years later, many people still seem to have the same problem. There are more than 500 static analysis (SAST) tools out there; how can you possibly find the "best" one?
Wed Aug 19 2020
Static analysis is great! It helps improve code quality by inspecting source code without even running it. There are hundreds of great tools to choose from — many are free or open-source. Unfortunately, many projects still don’t make use of static analysis tools for various reasons.
Thu Jul 16 2020
We found that static code analysis is a topic that is attracting a lot of engineers, which care about code-quality and solid engineering standards. Our goal is to create an open community for developers that want to take their code and skill set to the next level.
Thu Jul 16 2020
Today we welcome DeepCode as our first sponsor.It makes us incredibly happy to see the backing of our community project from such a forward-thinking company. Just like us, DeepCode thinks that the space of analysis tools could be vastly improved to increase code quality and foster best practices within organizations of any size.
Stay Informed
Sign up to our newsletter and always stay up to date with the latest tools and trends in development
CodeIt.Right
MaintainedCodeIt.Right™ provides a fast, automated way to ensure that your source code adheres to (your) predefined design and style guidelines as well as best coding practices.
csharp
vbnetTutorials / Guides
2 Alternatives for CodeIt.Right
Refactoring Essentials
The free Visual Studio 2015 extension for C# and VB.NET refactorings, including code best practice analyzers.
Roslyn Security Guard
Project that focuses on the identification of potential vulnerabilities such as SQL injection, cross-site scripting (XSS), CSRF, cryptography weaknesses, hardcoded passwords and many more.
9 Multi-Language Tools
asp
apex
c
cpp
go
groovy
java
fortran
javascript
php
python
abap
cobol
dart
Mega-Linter
Mega-Linter can handle any type of project thanks to its 70+ embedded Linters, its advanced reporting, runnable on any CI system or locally, with assisted installation and configuration, able to apply formatting and fixes
dotnet
clojure
coffeescriptReSharper
Extends Visual Studio with on-the-fly code inspections for C#, VB.NET, ASP.NET, JavaScript, TypeScript and other technologies.
typescript
delphiSonarQube for IDE
SonarQube for IDE (formerly SonarLint) is a free IDE extension available for IntelliJ, VS Code, Visual Studio, and Eclipse, to find and fix coding issues in real-time, flagging issues as you code, just like a spell-checker. More than a linter, it also delivers rich contextual guidance to help developers understand why there is an issue, assess the risk, and educate them on how to fix it.
kotlinStaticReviewer
Static Reviewer executes code checks according to the most relevant Secure Coding Standards, OWASP, CWE, CVE, CVSS, MISRA, CERT, for 40+ programming languages, using 1000+ built-in validation rules for Security, Deadcode & Best Practices Available a module for Software Composition Analysis (SCA) to find vulnerabilities in open source and third party libraries.
actionscript
aspnet
ada
asmHelp make this list better
Suggest Tools
