Suite of automated audit tools to examine the configuration and known vulnerabilities following the NIST-certified Security Content Automation Protocol (SCAP).
489 Alternatives for OpenSCAP
Enhances the SAP Code Inspector with new and customizable checks.
Static checker for GitHub Actions workflow files. Provides an online version.
After the Deadline
Spell, style and grammar checker.
Find inefficiently packed structs.
Inspects tar archives and tries to spot portability issues in regard to POSIX 2017 pax specification and common tar implementations. This project is intended to be used by maintainers of projects who want to offer portable source code archives for as many systems as possible. Checking tar archives with alquitran before publishing them should help spotting issues before they reach distributors and users.
Run static analysis on Android projects.
Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once.
Linter for Angular projects
Checks playbooks for practices and behaviour that could potentially be improved.
A C# architecture test library to specify and assert architecture rules in C# for automated testing.
AWS CloudFormation Guard
Check local CloudFormation templates against policy-as-code rules and generate rules from existing templates.
Secure DevOps kit for Azure (AzSK) provides security IntelliSense, Security Verification Tests (SVTs), CICD scan vulnerabilities, compliance issues, and infrastructure misconfiguration in your infrastructure-as-code. Supports Azure via ARM.
A linting engine supporting custom project-specific rules.
Analyzes a raw binary firmware and determines features like endianness or the loading address. The tool is compatible with all architectures. Loading address: binbloom can parse a raw binary firmware and determine its loading address. Endianness: binbloom can use heuristics to determine the endianness of a firmware. UDS Database: binbloom can parse a raw binary firmware and check if it contains an array containing UDS command IDs.
Tool to analyze source code and binaries for reusable code, necessary licenses and potential security aspects.
Ever wondered what's making your binary big? Bloaty McBloatface will show you a size profile of the binary so you can understand what's taking up space inside. Bloaty performs a deep analysis of the binary. Using custom ELF, DWARF, and Mach-O parsers, Bloaty aims to accurately attribute every byte of the binary to the symbol or compileunit that produced it. It will even disassemble the binary looking for references to anonymous data. F
Safe code refactoring for modern Python. Bowler is a refactoring tool for manipulating Python at the syntax tree level. It enables safe, large scale code modifications while guaranteeing that the resulting code compiles and runs. It provides both a simple command line interface and a fluent API in Python for generating complex code modifications in code.
Audit Gemfile.lock for gems with security vulnerabilities reported in Ruby Advisory Database.
Audit Cargo.lock for crates with security vulnerabilities reported to the RustSec Advisory Database.
Find out what takes most of the space in your executable. supports ELF (Linux, BSD), Mach-O (macOS) and PE (Windows) binaries.
cargo-breaking compares a crate's public API between two different branches, shows what changed, and suggests the next version according to semver.
Whole program static stack analysis The tool produces the full call graph of a program as a dot file.
A cargo plugin for linting your dependencies. It can be used either as a command line too, a Rust crate, or a Github action for CI. It checks for valid license information, duplicate crates, security vulnerabilities, and more.
Cargo subcommand to show result of macro expansion and #[derive] expansion applied to the current crate. This is a wrapper around a more verbose compiler command.
Inspect Rust code without syntactic sugar to see what the compiler does behind the curtains.
cargo subcommand showing the assembly, LLVM-IR and MIR generated for Rust code
Checks all your documentation for spelling and grammar mistakes with hunspell (ready) and languagetool (preview)
Find unused dependencies in Cargo.toml. It either prints out a "unused crates" line listing the crates, or it prints out a line saying that no crates were unused.
Find potential unused enabled feature flags and prune them. You can generate a simple HTML report from the json to make it easier to inspect results. It removes a feature of a dependency and then compiles the project to see if it still compiles. If it does, the feature flag can possibly be removed, but it can be a false-positve.
AWS Labs CloudFormation linter.
A linter for AWS CloudFormation templates.
ct is the the tool for testing Helm charts. It is meant to be used for linting and testing pull requests. It automatically detects charts changed against the target branch.
Pluggable type-checking for Java.
Static analysis tool for Terraform files (tf>=v0.12), preventing cloud misconfigs at build time.
Checking Java source code for adherence to a Code Standard or set of validation rules (best practices).
Clusterlint queries live Kubernetes clusters for resources, executes common and platform specific checks against these resources and provides actionable feedback to cluster operators. It is a non invasive tool that is run externally. Clusterlint does not alter the resource configurations.
An analyzer library for C# and VB that uses Roslyn to produce refactorings, code analysis, and other niceties.
A set of tslint rules for static code analysis of Angular 2 TypeScript projects.
A style checker that helps keep CoffeeScript code clean and consistent.
Checks Java source and byte code for incorrect uses of cryptographic APIs.
checks if your commit messages meet the conventional commit format
Cookstyle is a linting tool based on the RuboCop Ruby linting tool for Chef cookbooks.
A tool for configurable software verification of C programs. The name CPAchecker was chosen to reflect that the tool is based on the CPA concepts and is used for checking software programs.
Credential Digger is a GitHub scanning tool that identifies hardcoded credentials (Passwords, API Keys, Secret Keys, Tokens, personal information, etc), and filtering the false positive data through a machine learning model called Password Model. This scanner is able to detect passwords and non structured tokens with a low false positive rate.
C# Essentials is a collection of Roslyn diagnostic analyzers, code fixes and refactorings that make it easy to work with C# 6 language features.
cwe_checker finds vulnerable patterns in binary executables.
Dart Code Metrics
Additional linter for Dart. Reports code metrics, checks for anti-patterns and provides additional rules for Dart analyzer.
A CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies
A static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
A set of utilities for working with PO files to ease development and improve quality.
Finds usages of deprecated (Symfony) code.
DesigniteJava supports detection of various architecture, design, and implementation smells along with computation of various code quality metrics.
Detection of design patterns in PHP code.
An enterprise friendly way of detecting and preventing secrets in code. It does this by running periodic diff outputs against heuristically crafted regex statements, to identify whether any new secret has been committed. This way, it avoids the overhead of digging through all git history, as well as the need to scan the entire repository every time.
The DIALYZER, a DIscrepancy AnaLYZer for ERlang programs. Dialyzer is a static analysis tool that identifies software discrepancies, such as definite type errors, code that has become dead or unreachable because of programming error, and unnecessary tests, in single Erlang modules or entire (sets of) applications. Dialyzer starts its analysis from either debug-compiled BEAM bytecode or from Erlang source code. The file and line number of a discrepancy is reported along with an indication of what the discrepancy is about. Dialyzer bases its analysis on the concept of success typings, which allows for sound warnings (no false positives).
Static analyser for finding deadlocks in Go.
Docker Label Inspector
Lint and validate Dockerfile labels.
Linting dotenv files like a charm.
Lightning-fast linter for .env files. Written in Rust
Combine PHP_CodeSniffer and PHP-CS-Fixer.
Linter rules corresponding to the guidelines in Effective Dart
A tool for formally verifying Rust programs by transpiling them into definitions in the Lean theorem prover.
A tool that allows you to analyse your Elm code, identify deficiencies and apply best practices.
Analyzes whole Elm projects, with a focus on shareable and custom rules written in Elm that add guarantees the Elm compiler doesn't give you.
Linter for Ember or Handlebars templates.
Catch common Java mistakes as compile-time errors.
Wrap and fix Go errors with the new %w verb directive. This tool analyzes fmt.Errorf() calls and reports calls that contain a verb directive that is different than the new %w verb directive introduced in Go v1.13. It's also capable of rewriting calls to use the new %w wrap verb directive.
ECMAScript parsing infrastructure for multipurpose analysis.
A plugin for FindBugs with additional bug detectors.
A free IDE Plugin for static code analysis. A Pro edition includes a command line tool for automation purposes.
Static security code analysis for ColdFusion or CFML code. Designed to work within a CI pipeline or from the developers terminal.
A lint tool that checks Chef cookbooks for common problems.
Detects and forbids invocations of specific method/class/field (like reading from a text stream without a charset). Maven/Gradle/Ant compatible.
Lint tool for F#.
Warns about constructs that are dubious or nonportable to other awk implementations.
A tool to analyze Nginx configuration. The main goal is to prevent misconfiguration and automate flaw detection.
Analyzer that helps you to make your Go programs more consistent.