28 Repos
Comprehensive suites for scanning, visualizing, and managing code quality and security across multiple languages.
Explore 28 awesome GitHub repositories matching part of an awesome list · Code Analysis Platforms. Refine with filters or upvote what's useful.
This project is a static analysis engine designed to identify patterns, enforce coding standards, and automate code quality improvements in software projects. By parsing source code into structured abstract syntax trees, it enables deep programmatic inspection and the automated remediation of identified programming issues. The engine functions as a pluggable linting framework, allowing developers to extend its core capabilities through a modular architecture. Users can inject custom rules, parsers, and processors to support non-standard file formats or domain-specific logic. This extensibilit
Extensible linting framework for JavaScript and ECMAScript.
oxc is a high-performance JavaScript toolchain developed in Rust for parsing, transforming, and analyzing JavaScript and TypeScript source code. It provides a set of core utilities including a parser that converts code into an abstract syntax tree, a linter for identifying problematic patterns, a formatter for standardizing visual style, and a minifier for reducing production file sizes. The project focuses on high-performance execution through a system design that utilizes single-pass parsing, zero-copy string slicing, and parallel worker processing to handle large codebases. It further opti
High-performance toolchain for JavaScript and TypeScript analysis.
Ale is a Neovim LSP client and asynchronous linter wrapper designed to integrate language servers and syntax checkers into the editor. It provides infrastructure for background syntax validation and automated code fixing without blocking the editor interface. The project implements the Language Server Protocol to enable advanced semantic navigation, including symbol renaming, definition jumping, and the application of automatic refactoring changes. It functions as an automatic code fixer that applies formatting and repairs based on feedback from linting tools and language servers. The plugin
Asynchronous linting and fixing for Vim and NeoVim.
TabNine is an AI-powered code completion engine that runs a deep-learning model to generate real-time code suggestions across all programming languages. It operates as an editor plugin that communicates with a backend through a JSON message-passing interface, processing code entirely on the local machine or within a private cloud to keep source code secure and private. The system provides a completion request API that accepts cursor context and returns ranked text completions, with features for configuring completion regions, prefetching files for indexing, and managing binary versions and up
Processes code locally or in a private cloud to ensure no code is sent to external servers.
CodeQL is a semantic code analysis engine and vulnerability scanning tool that treats source code as data. It utilizes a static analysis query language to define complex patterns and security vulnerabilities within a code graph database. The system represents source code as a relational database, enabling the execution of structural queries and data flow analysis. This approach allows for the detection of security flaws and coding errors across large-scale repositories. The tool provides capabilities for automated code auditing, static analysis security testing, and custom vulnerability dete
Semantic code analysis using dataflow queries for multiple languages.
DeepAudit is a privacy-preserving code audit platform that combines multiple specialized AI agents to identify and verify security vulnerabilities in source code. It functions as a local LLM vulnerability scanner, an automated security report generator, and a sandboxed exploit verifier, all operating entirely within an internal network to keep sensitive code and data on premises. What distinguishes DeepAudit is its multi-agent cooperative approach: teams of AI agents jointly plan, analyze, and cross-check findings across the codebase, moving beyond single-pass scanning. The platform also sand
Runs entirely within the internal network, ensuring source code and analysis remain on premises.
ApplicationInspector is a multi-language static analysis tool designed to detect specific features and characteristics within source code. It utilizes a declarative JSON rules engine to identify patterns and structural tags across project directories without requiring the analyzer to be recompiled. The system distinguishes itself through a code version differ that compares two different source paths to report changes in detected features. It also provides utilities for creating and validating custom JSON-based rules, including a validation pipeline to verify syntax and identifier uniqueness.
Feature detection and rule-based reporting for application codebases.
An uber-fast parallelized Java classpath scanner and module scanner.
Scans and queries class metadata and module paths.
Quick automated code review of your changes
Automated code review runner supporting multiple languages.
Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co
Security-focused analysis to identify and prioritize sensitive data exposure risks.
weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.
Semantic search tool for identifying patterns in C/C++.
Tools for code analysis, visualizations, or style-preserving source transformation.
Tools for code analysis, visualization, and source transformation.
A simple code complexity analyser without caring about the C/C++ header files or Java imports, supports most of the popular languages.
Cyclomatic complexity analyzer supporting numerous programming languages.
A static code analyzer for C++, C#, Lua
Fast static analysis for C, C++, C#, and Lua.
The Microsoft.CodeAnalysis.NetAnalyzers package moved into the dotnet/sdk repository for further development and respond to issues formerly in this repository.
Roslyn-based implementation of standard code analyzers.
Undebt is a fast, straightforward, reliable tool for performing massive, automated code refactoring used @Yelp. Undebt lets you define complex find-and-replace rules using standard, straightforward Python that can be applied quickly to an entire code base with a simple command.
Programmable refactoring tool based on pattern definitions.
DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.
Regex-based security analysis for various IDEs and languages.
T.J. Watson Libraries for Analysis, with front ends for Java, Android, and JavaScript, and many common static program analyses.
Static analysis framework for Java bytecode and JavaScript.
🐊 Pluggable and configurable JavaScript Linter, code transformer and formatter with superpowers 💪: built-in support of js, jsx, ts, markdown, yaml, toml, json and ignore. Write declarative codemods in a simplest possible way 😏
Pluggable code transformer for JS, TS, and configuration files.
Sqlvet performs static analysis on raw SQL queries in your Go code base to surface potential runtime errors at build time.
Static analysis for detecting runtime errors in raw SQL.