pgspot logo

pgspot

MaintainedMaintained

Spot vulnerabilities in postgres extension scripts. Finds unsafe search_path usage and unsafe object creation in PostgreSQL extension scripts or any other PostgreSQL SQL code.

Tutorials / Guides

  • pgspot screenshot

8 Alternatives for pgspot

dbcritic

dbcritic finds problems in a database schema, such as a missing primary key constraint in a table.

  • MaintainedMaintained
  • MaintainedSql
  • Maintainedcli
  • Maintainedlinter

sqlcheck

Automatically identify anti-patterns in SQL queries.

  • MaintainedMaintained
  • MaintainedSql
  • Maintainedcli
  • Maintainedlinter

SQLFluff

Multiple dialect SQL linter and formatter.

  • MaintainedMaintained
  • MaintainedSql
  • Maintainedcli
  • MaintainedlinterMaintainedformatter

sqlint

Simple SQL linter.

  • MaintainedMaintained
  • MaintainedSql
  • Maintainedcli
  • Maintainedlinter

squawk

Linter for PostgreSQL, focused on migrations. Prevents unexpected downtime caused by database migrations and encourages best practices around Postgres schemas and SQL.

  • MaintainedMaintained
  • MaintainedSql
  • Maintainedcli
  • Maintainedlinter

tsqllint

T-SQL-specific linter.

  • MaintainedMaintained
  • MaintainedSql
  • Maintainedcli
  • Maintainedlinter

TSqlRules

TSQL Static Code Analysis Rules for SQL Server.

  • DeprecatedDeprecated
  • DeprecatedSql
  • Deprecatedcli
  • Deprecatedlinter

WhiteHat Sentinel Dynamic

Part of the WhiteHat Application Security Platform. Dynamic application security scanner that covers the OWASP Top 10.

  • MaintainedMaintained
  • MaintainedSql
  • Maintainedcli
  • Maintainedlinter

7 Multi-Language Tools

goone

Finds N+1 queries (SQL calls in a for loop) in go code

  • DeprecatedDeprecated
  • DeprecatedMulti-Language
  • Deprecatedcli
  • Deprecatedlinter

Mega-Linter

Mega-Linter can handle any type of project thanks to its 70+ embedded Linters, its advanced reporting, runnable on any CI system or locally, with assisted installation and configuration, able to apply formatting and fixes

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

OpenRewrite

OpenRewrite fixes common static analysis issues reported through Sonar and other tools using a Maven and Gradle plugin or the Moderne CLI.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • MaintainedlinterMaintainedformatter

SafeQL

Validate and auto-generate TypeScript types from raw SQL queries in PostgreSQL. SafeQL is an ESLint plugin for writing SQL queries in a type-safe way.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

Sigrid

Sigrid helps you to improve your software by measuring your system's code quality, and then compares the results against a benchmark of thousands of industry systems to give you concrete advice on areas where you can improve.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • MaintainedcliMaintainedservice
  • Maintainedlinter

sqlvet

Performs static analysis on raw SQL queries in your Go code base to surface potential runtime errors. It checks for SQL syntax error, identifies unsafe queries that could potentially lead to SQL injections makes sure column count matches value count in INSERT statements and validates table- and column names.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

StaticReviewer

Static Reviewer executes code checks according to the most relevant Secure Coding Standards, OWASP, CWE, CVE, CVSS, MISRA, CERT, for 40+ programming languages, using 1000+ built-in validation rules for Security, Deadcode & Best Practices Available a module for Software Composition Analysis (SCA) to find vulnerabilities in open source and third party libraries.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter

Our Sponsors

This website is completely open source. To fund our work, we fully rely on sponsors. Thanks to them, we can keep the site free for everybody. Please check out their offers below.

  • BugProve
  • Pixee
  • semgrep
  • Offensive 360
  • BetterScan