NDepend
Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity.
Tutorials / Guides
10 Alternatives for NDepend
ArchUnitNET
A C# architecture test library to specify and assert architecture rules in C# for automated testing.
code-cracker
An analyzer library for C# and VB that uses Roslyn to produce refactorings, code analysis, and other niceties.
CSharpEssentials
C# Essentials is a collection of Roslyn diagnostic analyzers, code fixes and refactorings that make it easy to work with C# 6 language features.
Meziantou.Analyzer
A Roslyn analyzer to enforce some good practices in C# in terms of design, usage, security, performance, and style.
.NET Analyzers
An organization for the development of analyzers (diagnostics and code fixes) using the .NET Compiler Platform.
Roslynator
A collection of 190+ analyzers and 190+ refactorings for C#, powered by Roslyn.
SonarAnalyzer.CSharp
These Roslyn analyzers allow you to produce Clean Code that is safe, reliable, and maintainable by helping you find and correct bugs, vulnerabilities, and code smells in your codebase.
Wintellect.Analyzers
.NET Compiler Platform ("Roslyn") diagnostic analyzers and code fixes.
34 Multi-Language Tools
ApplicationInspector
Creates reports of over 400 rule patterns for feature detection (e.g. the use of cryptography or version control in apps).
autocorrect
A linter and formatter to help you to improve copywriting, correct spaces, words, punctuations between CJK (Chinese, Japanese, Korean).
Betterscan CE
Checks your code and infra (various Git repositories supported, cloud stacks, CLI, Web Interface platform, integrationss available) for security and quality issues. Code Scanning/SAST/Linting using many tools/Scanners deduplicated with One Report (AI optional).
CAST Highlight
Commercial Static Code Analysis which runs locally, but uploads the results to its cloud for presentation.
CodeIt.Right
CodeIt.Right™ provides a fast, automated way to ensure that your source code adheres to (your) predefined design and style guidelines as well as best coding practices.
CodeSonar from GrammaTech
Advanced, whole program, deep path, static analysis of C, C++, Java and C# with easy-to-understand explanations and code and path visualization.
dotenet-format
A code formatter for .NET. Preferences will be read from an .editorconfig
file, if present, otherwise a default set of preferences will be used. At this time dotnet-format is able to format C# and Visual Basic projects with a subset of supported .editorconfig
options.
lizard
Lizard is an extensible Cyclomatic Complexity Analyzer for many programming languages including C/C++ (doesn't require all the header files or Java imports). It also does copy-paste detection (code clone detection/code duplicate detection) and many other forms of static code analysis. Counts lines of code without comments, CCN (cyclomatic complexity number), token count of functions, parameter count of functions.
Mega-Linter
Mega-Linter can handle any type of project thanks to its 70+ embedded Linters, its advanced reporting, runnable on any CI system or locally, with assisted installation and configuration, able to apply formatting and fixes
Mobb
Mobb is a trusted, automatic vulnerability fixer that secures applications, reduces security backlogs, and frees developers to focus on innovation. Mobb is free for open-source projects.
OpenStaticAnalyzer
OpenStaticAnalyzer is a source code analyzer tool, which can perform deep static analysis of the source code of complex systems.
Refactoring Essentials
The free Visual Studio 2015 extension for C# and VB.NET refactorings, including code best practice analyzers.
ReSharper
Extends Visual Studio with on-the-fly code inspections for C#, VB.NET, ASP.NET, JavaScript, TypeScript and other technologies.
Roslyn Security Guard
Project that focuses on the identification of potential vulnerabilities such as SQL injection, cross-site scripting (XSS), CSRF, cryptography weaknesses, hardcoded passwords and many more.
SonarQube for IDE
SonarQube for IDE (formerly SonarLint) is a free IDE extension available for IntelliJ, VS Code, Visual Studio, and Eclipse, to find and fix coding issues in real-time, flagging issues as you code, just like a spell-checker. More than a linter, it also delivers rich contextual guidance to help developers understand why there is an issue, assess the risk, and educate them on how to fix it.
Soto Platform
Suite of static analysis tools consisting of the three components Sotoarc (Architecture Analysis), Sotograph (Quality Analysis), and Sotoreport (Quality report). Helps find differences between architecture and implementation, interface violations (e.g. external access of private parts of subsystems, detection of all classes, files, packages and subsystems which are strongly coupled by cyclical relationships and more. The Sotograph product family runs on Windows and Linux.
StaticReviewer
Static Reviewer executes code checks according to the most relevant Secure Coding Standards, OWASP, CWE, CVE, CVSS, MISRA, CERT, for 40+ programming languages, using 1000+ built-in validation rules for Security, Deadcode & Best Practices Available a module for Software Composition Analysis (SCA) to find vulnerabilities in open source and third party libraries.
TencentCodeAnalysis
Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It integrates of a number of self-developed tools, and also supports dynamic integration of code analysis tools in various programming languages.
WhiteHat Application Security Platform
WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10.
Help make this list better
Suggest Tools