License Type
More Resources
Suggest resourcesYou Can Contribute!
You can help to improve this list by voting for your favorite tools or adding new ones on Github
Suggest a tool
Latest from our Blog
Mon Mar 13 2023
We are happy to announce that we completely rebuilt analysis-tools.dev from scratch with more features and a new design!This is a major milestone for us, as it marks the first time we sat down to reinvision what the project should become in the next few years.
Tue Jan 26 2021
This project started as a way to scratch my own itch:Years later, many people still seem to have the same problem. There are more than 500 static analysis (SAST) tools out there; how can you possibly find the "best" one?
Wed Aug 19 2020
Static analysis is great! It helps improve code quality by inspecting source code without even running it. There are hundreds of great tools to choose from — many are free or open-source. Unfortunately, many projects still don’t make use of static analysis tools for various reasons.
Thu Jul 16 2020
We found that static code analysis is a topic that is attracting a lot of engineers, which care about code-quality and solid engineering standards. Our goal is to create an open community for developers that want to take their code and skill set to the next level.
Thu Jul 16 2020
Today we welcome DeepCode as our first sponsor.It makes us incredibly happy to see the backing of our community project from such a forward-thinking company. Just like us, DeepCode thinks that the space of analysis tools could be vastly improved to increase code quality and foster best practices within organizations of any size.
Stay Informed
Sign up to our newsletter and always stay up to date with the latest tools and trends in development
Help make this list better
Suggest Tools
15 Multi-Language Tools
ApplicationInspector
Creates reports of over 400 rule patterns for feature detection (e.g. the use of cryptography or version control in apps).
APPscreener
Static code analysis for binary and source code - Java/Scala, PHP, Javascript, C#, PL/SQL, Python, T-SQL, C/C++, ObjectiveC/Swift, Visual Basic 6.0, Ruby, Delphi, ABAP, HTML5 and Solidity.
- abap
- c
- csharp
- cpp
- delphi
- java
- javascript
- objectivec
- php
- plsql
- python
- ruby
- scala
- swift
- tsql
- vbasic
- html
- smart-contracts
lizard
Lizard is an extensible Cyclomatic Complexity Analyzer for many programming languages including C/C++ (doesn't require all the header files or Java imports). It also does copy-paste detection (code clone detection/code duplicate detection) and many other forms of static code analysis. Counts lines of code without comments, CCN (cyclomatic complexity number), token count of functions, parameter count of functions.
Mega-Linter
Mega-Linter can handle any type of project thanks to its 70+ embedded Linters, its advanced reporting, runnable on any CI system or locally, with assisted installation and configuration, able to apply formatting and fixes
- dotnet
- apex
- c
- csharp
- cpp
- clojure
- coffeescript
- dart
- go
- groovy
- java
- javascript
- jsx
- kotlin
- lwc
- lua
- perl
- php
- powershell
- python
- r
- raku
- ruby
- rust
- scala
- shell
- sql
- typescript
- vbnet
- dotenv
- ansible
- arm
- cloudformation
- configfile
- configmanagement
- container
- ci
- css
- dockerfile
- formatter
- gherkin
- html
- json
- kubernetes
- latex
- markdown
- nodejs
- protobuf
- puppet
- terraform
- vue
- writing
- xml
- yaml
OpenStaticAnalyzer
OpenStaticAnalyzer is a source code analyzer tool, which can perform deep static analysis of the source code of complex systems.
Sigrid
Sigrid helps you to improve your software by measuring your system's code quality, and then compares the results against a benchmark of thousands of industry systems to give you concrete advice on areas where you can improve.
- c
- csharp
- cpp
- delphi
- go
- groovy
- java
- javascript
- kotlin
- lua
- objectivec
- perl
- php
- plsql
- powershell
- python
- r
- ruby
- rust
- scala
- shell
- sql
- swift
- typescript
- vbnet
- nodejs
- vue
StaticReviewer
Static Reviewer executes code checks according to the most relevant Secure Coding Standards, OWASP, CWE, CVE, CVSS, MISRA, CERT, for 40+ programming languages, using 1000+ built-in validation rules for Security, Deadcode & Best Practices Available a module for Software Composition Analysis (SCA) to find vulnerabilities in open source and third party libraries.
- abap
- actionscript
- asp
- apex
- aspnet
- c
- csharp
- cpp
- clojure
- cobol
- go
- groovy
- java
- javascript
- jsp
- kotlin
- lua
- objectivec
- php
- plsql
- powershell
- python
- r
- rust
- scala
- shell
- sql
- swift
- tsql
- typescript
- vbnet
- vba
- json
- xml
TencentCodeAnalysis
Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It integrates of a number of self-developed tools, and also supports dynamic integration of code analysis tools in various programming languages.
Help make this list better
Suggest Tools
