Terraform Policy Compliance Scanners

Prettier is an opinionated code formatter that parses source code and reprints it from scratch to enforce a consistent, project-wide visual style. By transforming code into an abstract syntax tree and applying a recursive document printing process, it eliminates manual style debates and ensures that all source files adhere to a unified appearance. The project is distinguished by its extensible, plugin-based architecture, which decouples language-specific parsing logic from the core engine. This modular design allows for uniform style enforcement across diverse programming languages and complex, mixed-content files where code is embedded within other languages. It also provides robust support for configuration-driven workflows, allowing teams to resolve hierarchical settings across directory trees and share standardized rule sets through reusable configuration packages. Beyond its core formatting engine, the tool integrates into the entire development lifecycle. It offers programmatic APIs and command-line utilities for file discovery, change detection, and verification, alongside native support for editor-based formatting on save. The system also facilitates integration with linting workflows and continuous integration pipelines, enabling automated style enforcement through pre-commit hooks and status checks that ensure only properly formatted code enters version control.

This project is a comprehensive knowledge base and educational resource for JavaScript developers, focused on establishing industry-standard methodologies for automated software testing. It provides a structured collection of design patterns and actionable guidelines designed to improve code reliability, maintainability, and overall software quality across the development lifecycle. The repository distinguishes itself by offering a granular, pattern-based approach to testing that spans unit, integration, and end-to-end verification. It emphasizes specific architectural strategies such as component-level isolation, contract-based integration testing, and the use of mutation testing to validate the effectiveness of test suites. By advocating for practices like the Arrange-Act-Assert pattern and black-box testing, it helps teams standardize their workflows and reduce regressions. Beyond core testing strategies, the resource covers a broad capability surface including continuous integration optimization, static analysis integration, and frontend component validation. It provides guidance on managing test data, configuring production-like CI pipelines, and maintaining high standards through automated quality assurance and dependency management. The documentation is organized into categorized, actionable design patterns that serve as a centralized reference for engineering teams. It includes technical examples and best practices for handling asynchronous events, network interactions, and environment-specific configuration issues.

Combination of multiple linters to run as a GitHub Action or standalone

This project is a static analysis tool and linter designed to improve the quality, reliability, and portability of shell scripts. By performing deep structural analysis, it identifies common programming pitfalls, syntax errors, and security vulnerabilities before scripts are executed. It functions as an automated code reviewer that enforces best practices and helps developers maintain consistent, robust code across different operating environments. The tool distinguishes itself through its dialect-aware grammar resolution, which adapts its parsing logic based on the specific shell interpreter detected. It utilizes a sophisticated engine that constructs an abstract syntax tree to evaluate logic, quoting, and portability concerns. Developers can exert granular control over the analysis process by using inline directives to suppress specific warnings or configure how the tool resolves external source files. The project covers a comprehensive surface of diagnostic capabilities, ranging from fundamental syntax validation to complex logic checks. It provides guidance on idiomatic script construction, including safe file handling, efficient arithmetic operations, and proper command substitution. These features collectively ensure that scripts adhere to POSIX standards and remain compatible across various shell implementations. The tool is distributed as a command-line utility, allowing for integration into development workflows to provide immediate feedback on script integrity.

eslint-config-prettier is a configuration layer and CLI tool that identifies and disables ESLint rules which conflict with Prettier's code formatting. It provides an ESLint configuration preset that turns off style-related rules, along with a command-line scanner that detects and reports conflicting rules from a project's existing setup. The tool operates entirely at configuration time, producing a modified ESLint config that disables formatting conflicts without any runtime overhead during linting. It works across any ESLint plugin by matching rule names against a curated conflict database, automatically turning off conflicting rules from popular plugins like TypeScript, React, and Vue without requiring per-rule configuration. The project maintains a hardcoded mapping of known conflicting ESLint rules to Prettier behaviors, updated per Prettier release to ensure accuracy. It can generate a new ESLint configuration by programmatically removing or disabling conflicting rules from the user's existing setup, enabling smooth integration of ESLint linting with Prettier formatting in a single pipeline.

Ruff is a high-performance static analysis and code formatting tool designed for Python. Built in Rust, it functions as a comprehensive engine that scans source code to detect programming errors, security vulnerabilities, and deviations from established coding standards. By parsing source code into a structured tree representation, it provides both automated linting and style enforcement across entire projects. The tool distinguishes itself through its speed and deep integration into the development lifecycle. It utilizes parallelized file processing to maximize throughput on large codebases and offers a configuration-driven rule engine that allows developers to customize or suppress specific checks. Beyond standard Python scripts, it provides native support for Jupyter notebooks, Markdown files, and documentation strings, ensuring consistent quality across diverse document formats. Ruff serves as a versatile utility for project maintenance, offering automated import management and the ability to apply safe, automatic corrections to identified code quality issues. It integrates directly into development environments via the Language Server Protocol, providing real-time diagnostic highlighting, code actions, and rule documentation hovers. These capabilities extend to continuous integration pipelines and pre-commit hooks, enabling automated quality enforcement throughout the development process.

This project is a unified, cloud-native policy engine designed to decouple authorization and security logic from application codebases. It functions as a centralized authorization service that evaluates structured input data against declarative rules, enabling consistent policy enforcement across microservices, infrastructure, and continuous integration pipelines. The engine utilizes a specialized logic programming language to express complex constraints, which are compiled into an optimized intermediate representation for high-performance evaluation. By supporting both sidecar-based deployment and direct library embedding, it allows for local, low-latency policy checks. The system further distinguishes itself through bundle-based distribution, which synchronizes versioned policy sets across distributed instances to maintain a consistent authorization state at scale. Beyond core evaluation, the platform provides a comprehensive suite of tools for the entire policy lifecycle, including development assistance, linting, testing, and partial evaluation for portable logic execution. It also features robust observability capabilities, such as query execution tracing, performance metrics reporting, and request provenance verification, to ensure transparency and auditability in decision-making. The engine exposes a programmable HTTP interface for real-time authorization queries and supports dynamic data injection to facilitate context-aware decision-making.

This project is a static analysis engine designed to identify patterns, enforce coding standards, and automate code quality improvements in software projects. By parsing source code into structured abstract syntax trees, it enables deep programmatic inspection and the automated remediation of identified programming issues. The engine functions as a pluggable linting framework, allowing developers to extend its core capabilities through a modular architecture. Users can inject custom rules, parsers, and processors to support non-standard file formats or domain-specific logic. This extensibility is supported by a multi-stage pipeline that handles everything from initial parsing to the generation of automated code fixes. Configuration is managed through a hierarchical system that resolves settings across project directory structures, allowing for consistent rule enforcement and file exclusion patterns. The tool integrates into development workflows via a command-line interface or a programmatic API, which supports both file-based analysis and raw string processing. Performance is optimized through file-system-aware caching, which ensures that only modified files are re-analyzed during execution.

GitHub-Dark is a browser extension theme and collection of user style sheets designed to provide a comprehensive dark mode aesthetic for the GitHub interface. It functions by injecting custom style rules directly into the browser to override default website colors, fonts, and layout properties, aiming to improve visual comfort and readability during extended use. The project distinguishes itself through its focus on deep integration and visual consistency. It includes specialized support for syntax highlighting across various programming languages and notebook environments, ensuring that code blocks remain legible within the dark theme. Furthermore, it maintains compatibility with third-party browser extensions and developer tools, applying normalization rules to ensure that external interface components adhere to the unified dark aesthetic. Beyond its core theming capabilities, the project provides options for users to customize specific interface elements such as sidebar behavior, tab sizes, and border styles. The codebase is maintained through automated build and linting pipelines that enforce strict style standards and manage version releases to ensure consistent performance across different browser environments.

Continue is an automated code review platform that integrates AI agents directly into the software development lifecycle. By executing custom validation rules against pull request diffs, it provides immediate feedback through repository status checks, allowing teams to enforce quality, security, and documentation standards before manual review begins. The system distinguishes itself through a file-based configuration model where validation logic is defined in version-controlled markdown files. These files act as system prompts that guide autonomous agents in evaluating code changes. This approach enables agentic task chaining, where specialized workflows—such as security scanning, test coverage validation, and UI rendering verification—are orchestrated to analyze code against project-specific criteria. Beyond automated reviews, the platform includes a local-first execution engine that allows developers to run and refine these checks from the command line before committing changes. The system also incorporates a feedback loop that tracks user acceptance and rejection of suggestions, enabling the refinement of check logic over time to reduce noise and improve the accuracy of automated findings. The project provides a command-line interface for managing these workflows and integrates with repository webhooks to trigger analysis automatically upon pull request submission.

This project is a Vim configuration framework and development environment that transforms the basic text editor into a full-featured integrated development environment. It provides a curated set of settings and a comprehensive plugin suite to support professional software development workflows. The environment includes specialized tools for polyglot code execution and project navigation, allowing users to run source files in multiple languages via single keystrokes and locate files using fuzzy searching. It also integrates version control workflows, enabling the management of Git operations and the generation of remote repository links directly from the editor. The configuration covers a broad surface of productivity enhancements, including real-time syntax linting, tree-based file exploration, and automated text manipulation tools such as multiple cursors and snippet expansion. Visual optimizations are provided through distraction-free modes, customizable color schemes, and interface adjustments. The setup is deployed as a pre-configured environment that manages plugin integration, file encoding, and input mapping customization.

Terraform is a declarative infrastructure-as-code tool designed to manage the lifecycle of cloud and on-premises resources. It functions as a workflow engine that reconciles a defined desired state against real-world infrastructure, using a persistent state-tracking layer to maintain consistency and visibility across distributed environments. By mapping infrastructure components into a directed acyclic graph, the system calculates the optimal order for provisioning, updating, or destroying resources. The platform is distinguished by its extensible plugin-based architecture, which decouples core orchestration logic from vendor-specific service APIs. This allows users to manage diverse infrastructure across multiple providers through a unified workflow. The system enforces predictability by separating operations into a three-stage lifecycle—planning, applying, and state-updating—and supports policy-as-code evaluation to validate changes against security and compliance rules before any modifications are executed. Beyond core orchestration, the tool provides robust support for collaborative management, including workspace isolation for environment separation and module sharing for distributing standardized infrastructure patterns. It integrates into broader development ecosystems through support for programmatic definition in various languages, external system hooks, and comprehensive tooling for configuration debugging and editor assistance.

Biome is a unified developer tooling suite that provides code formatting, linting, and static analysis for JavaScript and TypeScript projects. It functions as a command-line interface designed to automate the maintenance of code quality and style consistency throughout the development lifecycle. The tool distinguishes itself through a high-performance engine built in Rust, which utilizes a single-pass abstract syntax tree to perform formatting and linting simultaneously. By leveraging parallel multi-threaded execution and incremental file system caching, it minimizes latency during analysis tasks. Its architecture also includes a language-agnostic configuration schema that ensures consistent rule application across a codebase. The project supports a broad range of development workflows, including real-time feedback through language server protocol integration and automated quality gates within continuous integration pipelines. Users can define centralized project settings to enforce standardized formatting and linting requirements across team environments. The software is distributed as a single binary with comprehensive documentation for command-line and editor integration.

Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations against compliance standards and relies on a remote, periodically updated vulnerability database to maintain current detection logic without requiring binary updates. By employing static analysis pattern matching, it maps disparate scan results into a unified output schema for consistent reporting. Beyond its core scanning capabilities, the project supports cloud infrastructure auditing and deep inspection of local and remote environments. It is distributed as a single cross-platform executable, and comprehensive configuration and usage details are available in the project's official user guide.

Ale is an asynchronous code analysis tool and integrated development environment plugin designed for lightweight text editors. It functions as a language server protocol client, enabling real-time code intelligence and diagnostic feedback by running analysis tasks in the background to ensure the editor interface remains responsive during intensive operations. The plugin utilizes an event-driven architecture to monitor text buffers and trigger linting or formatting routines automatically. It distinguishes itself through a modular extensibility framework that supports a wide range of language-specific tools, allowing users to configure custom linting rules and manage diagnostic processes across diverse programming environments. Beyond basic syntax checking, the project provides comprehensive capabilities for codebase navigation and refactoring. Users can jump to symbol definitions, search for references across a workspace, and perform automated code fixes or symbol renaming. The system also includes built-in support for validating plugin compatibility through automated test suites designed for isolated editor environments.

Gitleaks is a security scanning engine designed to identify hardcoded credentials, API keys, and other sensitive information within version control systems and local file structures. It functions as a static analysis tool that automates the detection of secrets, helping to prevent the accidental exposure of sensitive data during the development lifecycle. The tool distinguishes itself through its ability to perform deep forensic analysis of git history, allowing users to audit entire project timelines or enforce security gates within continuous integration pipelines. It supports complex detection logic through composite rules and provides mechanisms for baseline management, which enables teams to ignore existing findings and focus exclusively on new security risks. By offering pre-commit hook integration and exit-code-based orchestration, it allows for the enforcement of security policies directly within developer workflows and automated build environments. Beyond core scanning, the project provides a broad set of utilities for managing security findings, including support for decoding obfuscated strings, inspecting compressed archives, and filtering results through allowlisting or path exclusions. It facilitates compliance and reporting by exporting structured data, which can be integrated into external dashboards or tracking systems. The tool is built to handle various input sources, including direct file system traversal and standard input streams, ensuring compatibility with diverse development and deployment environments.

This project is a comprehensive, curated directory of static analysis, linting, and security scanning utilities. It serves as a central resource for developers to discover, compare, and select tools based on specific programming languages, licensing models, and integration requirements. The directory distinguishes itself by providing deep metadata for each listed utility, including community-driven popularity rankings, maintenance status, and deployment methods. By aggregating these tools into a single searchable index, it enables teams to identify solutions for enforcing coding standards, managing technical debt, and auditing software supply chain security. The collection covers a broad spectrum of analysis capabilities, ranging from automated code refactoring and structural transformation to formal verification and database schema analysis. It also includes resources for orchestrating multiple linters within development workflows, visualizing code metrics, and performing security compliance audits across diverse repositories.

OpenTofu is a declarative infrastructure orchestrator that automates the provisioning and management of cloud resources. It functions as a platform-agnostic interface, allowing users to define their desired environment state in configuration files, which the system then reconciles against live infrastructure to calculate and execute necessary updates. The project utilizes a graph-based execution engine to determine the optimal sequence for resource operations, enabling the parallel processing of independent components to reduce deployment times. To support complex, multi-platform environments, it employs a provider-based plugin architecture that translates generic configuration definitions into specific API calls for various cloud services and third-party providers. Beyond core provisioning, the system facilitates infrastructure lifecycle management through reusable configuration modules that standardize deployments and enforce consistent patterns. It also provides a synchronization layer for state metadata, enabling distributed teams to coordinate changes and maintain consistent environment status across collaborative workflows.

dbt-core is a command-line framework for transforming data within a warehouse using modular SQL and version control. It functions as a data transformation engine that enables users to define data structures and business logic through declarative configuration files, which the system then compiles into executable code. By managing complex data dependencies through a directed acyclic graph, it ensures that transformation tasks execute in the correct order while maintaining a manifest-driven state to track lineage and execution history. The project distinguishes itself through an adapter-based database abstraction that translates generic transformation commands into dialect-specific SQL for various data warehouses. It utilizes a template engine to dynamically generate and inject SQL logic at runtime, allowing for highly flexible and reusable transformation scripts. Furthermore, it supports an incremental materialization strategy that optimizes performance by processing only new or changed records, merging them into existing tables using unique keys to reduce compute costs. The framework covers the entire lifecycle of data transformation, including development, testing, deployment, and monitoring. It provides comprehensive capabilities for managing data lineage, enforcing code quality through automated linting and testing, and orchestrating complex pipelines across distributed environments. Users can also leverage a centralized semantic layer to define and govern business metrics, ensuring consistent data reporting across diverse analytical tools. The project is distributed as a Python-based tool, providing a unified interface for local development that integrates with version control systems and cloud-based configuration management.

This project is an uncompromising, deterministic code formatter for Python. It functions by parsing source code into an abstract syntax tree and regenerating it according to a rigid, opinionated set of style rules. By automating the formatting process, it eliminates manual style debates and configuration overhead, ensuring that code remains consistent across entire projects regardless of the original input. The tool distinguishes itself through its focus on speed and seamless integration into development workflows. It utilizes content-based file caching and parallel processing to maintain high performance on large codebases, while supporting version control hooks to enforce style consistency before code is committed. To preserve project history, it provides mechanisms to ignore specific commits in version control blame tracking, ensuring that automated style changes do not obscure original authorship. Beyond standard source files, the formatter extends its capabilities to include Jupyter notebooks, type stubs, and embedded code examples within documentation. It offers broad compatibility through plugins for major text editors and integrated development environments, as well as support for the language server protocol. Configuration is managed through project-level files that are automatically discovered within the directory hierarchy, allowing for consistent behavior across diverse development environments.