flay logo

flay

MaintainedMaintained

Flay analyzes code for structural similarities.

Tutorials / Guides

  • flay screenshot
  • flay screenshot

28 Alternatives for flay

brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

bundler-audit

Audit Gemfile.lock for gems with security vulnerabilities reported in Ruby Advisory Database.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

cane

Code quality threshold checking as part of your build.

  • DeprecatedDeprecated
  • DeprecatedRuby
  • Deprecatedcli
  • Deprecatedlinter

Churn

A Project to give the churn file, class, and method for a project for a given checkin. Over time the tool adds up the history of churns to give the number of times a file, class, or method is changing during the life of a project.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

dawnscanner

A static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

ERB Lint

Lint your ERB or HTML files

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

Fasterer

Common Ruby idioms checker.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

flog

Flog reports the most tortured code in an easy to read pain report. The higher the score, the more pain the code is in.

  • DeprecatedDeprecated
  • DeprecatedRuby
  • Deprecatedcli
  • Deprecatedlinter

Fukuzatsu

A tool for measuring code complexity in Ruby class files. Its analysis generates scores based on cyclomatic complexity algorithms with no added "opinions".

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

laser

Static analysis and style linter for Ruby code.

  • DeprecatedDeprecated
  • DeprecatedRuby
  • Deprecatedcli
  • Deprecatedlinter

MetricFu

MetricFu is a set of tools to provide reports that show which parts of your code might need extra work.

  • DeprecatedDeprecated
  • DeprecatedRuby
  • Deprecatedcli
  • Deprecatedlinter

pelusa

Static analysis Lint-type tool to improve your OO Ruby code.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

quality

Runs quality checks on your code using community tools, and makes sure your numbers don't get any worse over time.

  • DeprecatedDeprecated
  • DeprecatedRuby
  • Deprecatedcli
  • Deprecatedlinter

Querly

Pattern Based Checking Tool for Ruby.

  • DeprecatedDeprecated
  • DeprecatedRuby
  • Deprecatedcli
  • Deprecatedlinter

Railroader

An open source static analysis security vulnerability scanner for Ruby on Rails applications.

  • DeprecatedDeprecated
  • DeprecatedRuby
  • Deprecatedcli
  • Deprecatedlinter

rails_best_practices

A code metric tool for Rails projects

  • DeprecatedDeprecated
  • DeprecatedRuby
  • Deprecatedcli
  • Deprecatedlinter

reek

Code smell detector for Ruby.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

Roodi

Roodi stands for Ruby Object Oriented Design Inferometer. It parses your Ruby code and warns you about design issues you have based on the checks that it has configured.

  • DeprecatedDeprecated
  • DeprecatedRuby
  • Deprecatedcli
  • Deprecatedlinter

RuboCop

A Ruby static code analyzer, based on the community Ruby style guide.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

Rubrowser

Ruby classes interactive dependency graph generator.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

ruby-lint

Static code analysis for Ruby.

  • DeprecatedDeprecated
  • DeprecatedRuby
  • Deprecatedcli
  • Deprecatedlinter

rubycritic

A Ruby code quality reporter.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

Saikuro

A Ruby cyclomatic complexity analyzer.

  • DeprecatedDeprecated
  • DeprecatedRuby
  • Deprecatedcli
  • Deprecatedlinter

SandiMeter

Static analysis tool for checking Ruby code for Sandi Metz' rules.

  • DeprecatedDeprecated
  • DeprecatedRuby
  • Deprecatedcli
  • Deprecatedlinter

Sorbet

A fast, powerful type checker designed for Ruby.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

Standard Ruby

Ruby Style Guide, with linter & automatic code fixer

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

Steep

Gradual Typing for Ruby.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

suture

A Ruby gem that helps you refactor your legacy code by the result of some old behavior with a new version.

  • MaintainedMaintained
  • MaintainedRuby
  • Maintainedcli
  • Maintainedlinter

21 Multi-Language Tools

ApplicationInspector

Creates reports of over 400 rule patterns for feature detection (e.g. the use of cryptography or version control in apps).

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

autocorrect

A linter and formatter to help you to improve copywriting, correct spaces, words, punctuations between CJK (Chinese, Japanese, Korean).

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • MaintainedlinterMaintainedformatter

Bearer

Open-Source static code analysis tool to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). Highly configurable and easily extensible, built for security and engineering teams.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

Betterscan CE

Sponsor

Checks your code and infra (various Git repositories supported, cloud stacks, CLI, Web Interface platform, integrationss available) for security and quality issues. Code Scanning/SAST/Linting using many tools/Scanners deduplicated with One Report (AI optional).

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

callGraph

Statically generates a call graph image and displays it on screen.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

Checkmarx CxSAST

Commercial Static Code Analysis which doesn't require pre-compilation.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

DerScanner

Multi-language Static Application Security Testing (SAST) platform that detects critical vulnerabilities, including hardcoded secrets, weak cryptography, backdoors, SQL injections, insecure configurations, etc.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • MaintainedcliMaintainedservice
  • Maintainedlinter

emerge

Emerge is a source code and dependency visualizer that can be used to gather insights about source code structure, metrics, dependencies and complexity of software projects. After scanning the source code of a project it provides you an interactive web interface to explore and analyze your project by using graph structures.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • MaintainedcliMaintainedservice
  • Maintainedlinter

graudit

Grep rough audit - source code auditing tool.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

Hound CI

Comments on style violations in GitHub pull requests. Supports Coffeescript, Go, HAML, JavaScript, Ruby, SCSS and Swift.

  • DeprecatedDeprecated
  • DeprecatedMulti-Language
  • Deprecatedcli
  • Deprecatedlinter

lizard

Lizard is an extensible Cyclomatic Complexity Analyzer for many programming languages including C/C++ (doesn't require all the header files or Java imports). It also does copy-paste detection (code clone detection/code duplicate detection) and many other forms of static code analysis. Counts lines of code without comments, CCN (cyclomatic complexity number), token count of functions, parameter count of functions.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

Mega-Linter

Mega-Linter can handle any type of project thanks to its 70+ embedded Linters, its advanced reporting, runnable on any CI system or locally, with assisted installation and configuration, able to apply formatting and fixes

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

Pronto

Quick automated code review of your changes. Supports more than 40 runners for various languages, including Clang, Elixir, JavaScript, PHP, Ruby and more.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

Semgrep

Sponsor

A fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. Its rules look like the code you already write; no abstract syntax trees or regex wrestling. Supports 17+ languages.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • MaintainedcliMaintainedservice
  • Maintainedlinter

ShiftLeft Scan

Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • MaintainedcliMaintainedservice
  • Maintainedlinter

Sigrid

Sigrid helps you to improve your software by measuring your system's code quality, and then compares the results against a benchmark of thousands of industry systems to give you concrete advice on areas where you can improve.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • MaintainedcliMaintainedservice
  • Maintainedlinter

SonarLint

SonarLint is a free IDE extension available for IntelliJ, VS Code, Visual Studio, and Eclipse, to find and fix coding issues in real-time, flagging issues as you code, just like a spell-checker. More than a linter, it also delivers rich contextual guidance to help developers understand why there is an issue, assess the risk, and educate them on how to fix it.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

Super-Linter

Combination of multiple linters to install as a GitHub Action.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

Synopsys

A commercial static analysis platform that allows for scanning of multiple languages (C/C++, Android, C#, Java, JS, PHP, Python, Node.JS, Ruby, Fortran, and Swift).

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

trivy

A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Checks containers and filesystems.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

trunk

Modern repositories include many technologies, each with its own set of linters. With 30+ linters and counting, Trunk makes it dead-simple to identify, install, configure, and run the right linters, static analyzers, and formatters for all your repos.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • MaintainedlinterMaintainedformatter

Our Sponsors

This website is completely open source. To fund our work, we fully rely on sponsors. Thanks to them, we can keep the site free for everybody. Please check out their offers below.

  • BugProve
  • Pixee
  • semgrep
  • Offensive 360
  • BetterScan