awesome-repositories.com
المدونة
awesome-repositories.com

اكتشف أفضل مستودعات المصادر المفتوحة باستخدام بحث مدعوم بالذكاء الاصطناعي.

استكشفعمليات بحث منسقةبدائل مفتوحة المصدربرمجيات ذاتية الاستضافةالمدونةخريطة الموقع
المشروعحولكيفية ترتيب النتائجالصحافةخادم MCP
قانونيالخصوصيةالشروط
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
Back to github/codeql

Open-source alternatives to Codeql

30 open-source projects similar to github/codeql, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Codeql alternative.

  • securego/gosecالصورة الرمزية لـ securego

    securego/gosec

    8,866عرض على GitHub↗

    gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph

    Go
    عرض على GitHub↗8,866
  • facebook/pyre-checkالصورة الرمزية لـ facebook

    facebook/pyre-check

    7,169عرض على GitHub↗

    Pyre is a high-performance static type checker and analysis tool for Python. It identifies type errors and ensures type safety without executing the program, utilizing a static type inference engine to maintain consistency across functions. The project is distinguished by an incremental type analysis engine that operates as a background daemon. This system monitors filesystem changes to re-validate only modified parts of a project, reducing the time required for repeated analysis. It also includes a static analysis security tool that uses taint analysis to track untrusted data flows and ident

    OCaml
    عرض على GitHub↗7,169
  • bearer/bearerالصورة الرمزية لـ Bearer

    Bearer/bearer

    2,566عرض على GitHub↗

    Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co

    Goappseccode-qualitycompliance
    عرض على GitHub↗2,566

بحث بالذكاء الاصطناعي

استكشف المزيد من المستودعات الرائعة

صف ما تحتاجه بلغة بسيطة — وسيقوم الذكاء الاصطناعي بترتيب آلاف المشاريع مفتوحة المصدر المنسقة حسب الصلة.

Find more with AI search
  • microsoft/applicationinspectorالصورة الرمزية لـ microsoft

    microsoft/ApplicationInspector

    4,391عرض على GitHub↗

    ApplicationInspector is a multi-language static analysis tool designed to detect specific features and characteristics within source code. It utilizes a declarative JSON rules engine to identify patterns and structural tags across project directories without requiring the analyzer to be recompiled. The system distinguishes itself through a code version differ that compares two different source paths to report changes in detected features. It also provides utilities for creating and validating custom JSON-based rules, including a validation pipeline to verify syntax and identifier uniqueness.

    C#
    عرض على GitHub↗4,391
  • coderaiser/putoutالصورة الرمزية لـ coderaiser

    coderaiser/putout

    793عرض على GitHub↗

    🐊 Pluggable and configurable JavaScript Linter, code transformer and formatter with superpowers 💪: built-in support of js, jsx, ts, markdown, yaml, toml, json and ignore. Write declarative codemods in a simplest possible way 😏

    JavaScript
    عرض على GitHub↗793
  • sonarsource/sonarqubeالصورة الرمزية لـ SonarSource

    SonarSource/sonarqube

    10,259عرض على GitHub↗

    SonarQube is a static code analysis platform used to scan source code and infrastructure scripts across multiple languages. It detects bugs, security vulnerabilities, and maintainability issues to ensure software meets reliability and security standards. The platform implements automated quality gates for continuous integration and delivery pipelines, verifying code against defined rules during merge or pull requests. It also integrates directly with code editors to provide real-time analysis results and quick-fix guidance during development. The system covers broad functional areas includin

    Javacode-qualitysonarqubestatic-analysis
    عرض على GitHub↗10,259
  • pmd/pmdالصورة الرمزية لـ pmd

    pmd/pmd

    5,425عرض على GitHub↗

    PMD is a multi-language static code analyzer used to identify programming flaws, unused variables, and dead code without executing the program. It functions as a code smell detector and coding standard enforcer, ensuring source code adheres to specific naming conventions, structural requirements, and project style guides. The project features an XPath-based rule engine that allows users to define custom analysis patterns using queries against an abstract syntax tree. It also includes a copy-paste detector to identify duplicated code blocks across multiple files and a visual rule designer for

    Javaapexcode-analysiscode-quality
    عرض على GitHub↗5,425
  • potpie-ai/potpieالصورة الرمزية لـ potpie-ai

    potpie-ai/potpie

    5,161عرض على GitHub↗

    Potpie is an LLM codebase analysis platform and multi-agent orchestration framework designed to act as an AI software engineer. It parses repositories into a structured code knowledge graph, enabling AI agents to perform multi-hop reasoning, dependency tracing, and grounded technical analysis across large codebases. The system distinguishes itself through a spec-driven development framework where agents generate detailed technical specifications and architecture plans before implementing multi-file code changes. It utilizes a durable execution engine to coordinate specialized AI personas for

    Pythonagentsai-agentsai-agents-framework
    عرض على GitHub↗5,161
  • jshint/jshintالصورة الرمزية لـ jshint

    jshint/jshint

    9,064عرض على GitHub↗

    JSHint is a JavaScript static analysis tool and linter designed to detect errors and enforce coding standards. It functions as a syntax validator that scans source code to identify potential logic problems and programming mistakes before the code is executed. The tool provides a command line interface for analyzing files and directories. It supports the export of analysis results into standardized formats such as Checkstyle for integration with external build tools. Analysis is managed through a system of linting rule management and environment global configuration. This includes the ability

    JavaScript
    عرض على GitHub↗9,064
  • jquery/esprimaالصورة الرمزية لـ jquery

    jquery/esprima

    7,139عرض على GitHub↗

    Esprima is a JavaScript parser that converts source code into a structured abstract syntax tree. It implements a specification-driven grammar to ensure compliance with ECMAScript standards, enabling the programmatic analysis and transformation of JavaScript programs. The project provides capabilities for lexical tokenization to break source code into individual symbols and static syntax validation to verify that scripts are well-formed without executing the code. Its functional surface covers JavaScript static analysis, lexical analysis, and the generation of abstract syntax trees.

    TypeScript
    عرض على GitHub↗7,139
  • yandex/gixyالصورة الرمزية لـ yandex

    yandex/gixy

    8,570عرض على GitHub↗

    Gixy is a static configuration analyzer and security auditor for Nginx. It functions as an infrastructure-as-code security scanner and web server configuration linter designed to identify vulnerabilities and misconfigurations in server definitions before deployment. The tool focuses on detecting high-risk security flaws, including host header spoofing, server-side request forgery, and path traversal. It specifically audits Nginx configurations for risks such as HTTP splitting, multiline header issues, and unauthorized third-party access resulting from incorrect Referer or Origin header patter

    Python
    عرض على GitHub↗8,570
  • scottrogowski/code2flowالصورة الرمزية لـ scottrogowski

    scottrogowski/code2flow

    4,586عرض على GitHub↗

    code2flow is a static program flow mapper and source code call graph generator. It analyzes source code to produce visual flow diagrams that map function call relationships and execution paths. The project includes an asynchronous call trace visualizer that follows execution paths through async and await calls to map the logic of asynchronous programs. It also provides a programmable code analysis interface, allowing the call graph generation logic to be integrated into other software applications. The system handles static code analysis by converting source code into abstract syntax trees t

    Python
    عرض على GitHub↗4,586
  • crytic/slitherالصورة الرمزية لـ crytic

    crytic/slither

    6,141عرض على GitHub↗
    Pythonethereumsoliditystatic-analysis
    عرض على GitHub↗6,141
  • done-0/fuck-u-codeالصورة الرمزية لـ Done-0

    Done-0/fuck-u-code

    6,830عرض على GitHub↗

    This project is an AI-powered code reviewer and static analysis server that identifies low-quality files and generates automated critiques. It functions as an automated quality scoring tool that evaluates source code structure and complexity through local parsing. The system utilizes a standardized context protocol to stream analysis results to AI agents and editors. It integrates large language models to produce automated reviews and suggestions for improvement based on quantitative quality metrics. The tool includes a weight-based scoring engine and an asynchronous analysis pipeline for pr

    TypeScript
    عرض على GitHub↗6,830
  • shashankss1205/codegraphcontextالصورة الرمزية لـ Shashankss1205

    Shashankss1205/CodeGraphContext

    3,748عرض على GitHub↗

    CodeGraphContext is a code graph indexer and visualization tool that analyzes source code to build graphs of functions, classes, and inheritance relationships. It functions as a Model Context Protocol server, providing a structured codebase index to AI assistants for context retrieval and natural language querying. The project features an interactive web interface that uses force-directed layouts to visualize code dependencies and symbols. To accelerate the setup of large projects, it supports the import of pre-calculated knowledge bundles for popular repositories. The system provides capabi

    Python
    عرض على GitHub↗3,748
  • ajinabraham/nodejsscanالصورة الرمزية لـ ajinabraham

    ajinabraham/nodejsscan

    2,563عرض على GitHub↗

    nodejsscan is a static analysis security tool and vulnerability detection engine designed to scan Node.js source code for security flaws and common coding vulnerabilities. It functions as a static application security testing tool that analyzes code without executing the program. The tool operates as a security linter that can be integrated into continuous integration pipelines to block insecure code from merging into main branches. It automates the auditing process through rule-based detection and pattern-based static analysis. The project provides capabilities for vulnerability alert autom

    CSScode-analysiscode-reviewdevsecops
    عرض على GitHub↗2,563
  • learnapollo/learnapolloالصورة الرمزية لـ learnapollo

    learnapollo/learnapollo

    5,153عرض على GitHub↗

    This project is an interactive learning resource and tutorial for implementing the Apollo GraphQL client. It provides a guided instructional experience to teach frontend data management, specifically focusing on how to connect web applications to GraphQL data sources. The platform uses a sequenced path of hands-on lessons and interactive code walkthroughs. These modules combine instructional text with executable code blocks to demonstrate real-time API behavior and the integration of GraphQL into frontend frameworks. The curriculum covers the use of declarative queries and schema-driven data

    TypeScriptangular-2apolloapollo-ios
    عرض على GitHub↗5,153
  • oclint/oclintالصورة الرمزية لـ oclint

    oclint/oclint

    3,881عرض على GitHub↗

    Oclint is a static analysis engine and extensible linting framework designed for C, C++, and Objective-C source code. It functions as a code quality tool that identifies bugs, code smells, and structural complexities by parsing source code into abstract syntax trees to perform semantic inspection. The project is distinguished by its modular architecture, which supports dynamic plugin loading for custom inspection rules and a pluggable reporter system for exporting analysis findings in multiple formats. It replicates build configurations by reading compiler flags and include paths to ensure th

    C++
    عرض على GitHub↗3,881
  • yusufkaraaslan/skill_seekersالصورة الرمزية لـ yusufkaraaslan

    yusufkaraaslan/Skill_Seekers

    9,641عرض على GitHub↗

    Skill Seekers is a toolset for generating large language model knowledge bases, featuring a multi-source content scraper and a dedicated RAG data pipeline. It extracts technical data from documentation, code, and video to create structured assets and configuration files for AI-powered IDE extensions. The project distinguishes itself through the ability to transform raw data into polished tutorials and specialized skills for AI plugin marketplaces. It utilizes abstract syntax tree parsing and optical character recognition to analyze GitHub repositories, PDFs, and video frames, converting these

    Pythonai-toolsast-parserautomation
    عرض على GitHub↗9,641
  • microsoft/security-101الصورة الرمزية لـ microsoft

    microsoft/Security-101

    6,203عرض على GitHub↗

    Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do

    HTMLappseccia-triaddata-protection
    عرض على GitHub↗6,203
  • googleprojectzero/weggliالصورة الرمزية لـ googleprojectzero

    googleprojectzero/weggli

    2,483عرض على GitHub↗

    weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.

    Rust
    عرض على GitHub↗2,483
  • ayarotsky/diesel-guardالصورة الرمزية لـ ayarotsky

    ayarotsky/diesel-guard

    115عرض على GitHub↗

    Linter for dangerous Postgres migration patterns in Diesel and SQLx. Prevents downtime caused by unsafe schema changes.

    Rust
    عرض على GitHub↗115
  • duriantaco/skylosالصورة الرمزية لـ duriantaco

    duriantaco/skylos

    455عرض على GitHub↗

    Open source local-first PR scanner that finds dead code, security bugs, secrets, quality regressions, and AI-code mistakes before merge. For first timers refer to https://duriantaco.github.io/skylos/repo-map/

    Python
    عرض على GitHub↗455
  • microsoft/devskimالصورة الرمزية لـ microsoft

    microsoft/DevSkim

    995عرض على GitHub↗

    DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.

    C#lintersdlsecurity
    عرض على GitHub↗995
  • w0rp/aleالصورة الرمزية لـ w0rp

    w0rp/ale

    14,005عرض على GitHub↗

    Ale is a Neovim LSP client and asynchronous linter wrapper designed to integrate language servers and syntax checkers into the editor. It provides infrastructure for background syntax validation and automated code fixing without blocking the editor interface. The project implements the Language Server Protocol to enable advanced semantic navigation, including symbol renaming, definition jumping, and the application of automatic refactoring changes. It functions as an automatic code fixer that applies formatting and repairs based on feedback from linting tools and language servers. The plugin

    Vim Script
    عرض على GitHub↗14,005
  • wala/walaالصورة الرمزية لـ wala

    wala/WALA

    858عرض على GitHub↗

    T.J. Watson Libraries for Analysis, with front ends for Java, Android, and JavaScript, and many common static program analyses.

    Java
    عرض على GitHub↗858
  • facebookarchive/pfffالصورة الرمزية لـ facebookarchive

    facebookarchive/pfff

    2,442عرض على GitHub↗

    Tools for code analysis, visualizations, or style-preserving source transformation.

    OCaml
    عرض على GitHub↗2,442
  • instantdb/instantالصورة الرمزية لـ instantdb

    instantdb/instant

    10,330عرض على GitHub↗

    Instant is a real-time backend as a service and relational graph database designed to synchronize data across clients automatically. It functions as a data synchronization layer that provides authentication, permissions, and relational data storage for web and mobile applications. The platform includes an optimistic UI framework that updates local interfaces immediately during writes and handles automatic server rollbacks. It also features a real-time presence system to broadcast transient user states, such as cursor positions and online status, to other connected clients. The system manages

    TypeScript
    عرض على GitHub↗10,330
  • presidentbeef/brakemanالصورة الرمزية لـ presidentbeef

    presidentbeef/brakeman

    7,248عرض على GitHub↗

    Brakeman is a static analysis security tool and scanner specifically designed for Ruby on Rails source code. It identifies common security vulnerabilities, such as injection and cross-site scripting, by analyzing the application codebase without executing the application. The tool functions as a security auditor that detects mass assignment risks and template vulnerabilities. It evaluates the final output of rendered views and identifies unrestricted assignment patterns that could allow unauthorized modification of model attributes. The system provides vulnerability management through the us

    Ruby
    عرض على GitHub↗7,248
  • google/error-proneالصورة الرمزية لـ google

    google/error-prone

    7,182عرض على GitHub↗

    Error Prone is a static code analyzer and Java compiler extension that identifies common programming mistakes during the build process. It functions as a compiler wrapper that flags potential errors as compile-time failures to prevent bugs from reaching execution. The tool integrates directly into the Java compilation workflow to provide compile-time validation. It allows for the definition of custom linting rules and analysis checks to enforce specific coding standards and detect prohibited API usage. The system utilizes abstract syntax tree analysis and type-aware pattern matching to inspe

    Javajavastatic-analysis
    عرض على GitHub↗7,182