awesome-repositories.com
Blog
awesome-repositories.com

Discover the best open-source repositories with AI-powered search.

ExploreCurated searchesOpen-source alternativesSelf-hosted softwareBlogSitemap
ProjectAboutHow we rankPressMCP server
LegalPrivacyTerms
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
Back to analysis-tools-dev/static-analysis

Open-source alternatives to Static Analysis

30 open-source projects similar to analysis-tools-dev/static-analysis, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Static Analysis alternative.

  • checkstyle/checkstylecheckstyle avatar

    checkstyle/checkstyle

    8,867View on GitHub↗

    Checkstyle is a Java static analysis tool and linter designed to identify and enforce coding standards and best practices. It functions as a code quality auditor and Javadoc validation tool, checking source code against configurable rulesets to ensure structural and stylistic consistency. The project allows for the creation of custom linting rules by extending a core API to inspect the abstract syntax tree. It further enables specialized validation through the use of XPath expressions to query the syntax tree for specific code patterns and violations. Capability areas include the enforcement

    Javacode-qualitycommand-line-toolhacktoberfest
    View on GitHub↗8,867
  • golangci/golangci-lintgolangci avatar

    golangci/golangci-lint

    18,539View on GitHub↗

    This project is a static analysis runner designed to identify bugs, performance bottlenecks, and stylistic inconsistencies within Go codebases. It functions as a comprehensive quality assurance suite that executes multiple analysis tools concurrently to provide a unified diagnostic report. By parsing source code into a structured representation, the tool enforces coding standards, validates import structures, and ensures consistent formatting across entire projects. The tool distinguishes itself through its ability to automate the remediation of identified issues, applying programmatic fixes

    Gocigogolang
    View on GitHub↗18,539
  • voltagent/awesome-claude-code-subagentsVoltAgent avatar

    VoltAgent/awesome-claude-code-subagents

    21,906View on GitHub↗

    This project provides a framework for managing multi-agent systems, designed to automate complex software development, infrastructure, and business workflows. It functions as a multi-agent workflow orchestrator that routes tasks to domain-specific workers while maintaining state persistence and infrastructure automation. By leveraging large language models, the system decomposes high-level objectives into actionable plans, ensuring that complex operations are executed with consistency and reliability. The framework distinguishes itself through its hierarchical agent registry and policy-driven

    Shellai-agent-frameworkai-agent-toolsai-agents
    View on GitHub↗21,906

AI search

Explore more awesome repositories

Describe what you need in plain English — the AI ranks thousands of curated open-source projects by relevance.

Find more with AI search
  • semgrep/semgrepsemgrep avatar

    semgrep/semgrep

    15,603View on GitHub↗

    Semgrep is a static analysis security testing tool designed to identify vulnerabilities and logic errors by matching source code against declarative patterns. It functions as an automated scanner that integrates into development workflows to detect insecure code patterns and enforce coding standards before deployment. The engine utilizes a language-agnostic intermediate representation and a modular parser architecture to normalize diverse programming languages into a unified format. This allows for consistent rule execution across different codebases, enabling users to perform custom structur

    OCamlcgojava
    View on GitHub↗15,603
  • facebook/flowfacebook avatar

    facebook/flow

    22,232View on GitHub↗

    Flow is a JavaScript static type checker and AST parser that identifies type errors and prevents runtime failures through static annotations. It functions as a code intelligence engine and a static analysis linter to identify unsafe coding patterns and enforce consistency across a codebase. The project includes a type annotation stripper that removes static type signatures from source code, ensuring the resulting JavaScript is compatible with any runtime environment. It also provides a parser that converts typed JavaScript into an abstract syntax tree conforming to the ESTree specification.

    Rust
    View on GitHub↗22,232
  • keygraphhq/shannonKeygraphHQ avatar

    KeygraphHQ/shannon

    44,672View on GitHub↗

    Shannon is an integrated security platform designed for autonomous penetration testing, static and dynamic analysis, and automated vulnerability remediation within self-hosted, private infrastructure. It functions as a unified security suite that orchestrates the entire lifecycle of vulnerability management, from initial discovery and reachability prioritization to the generation and verification of code-level patches. The platform distinguishes itself through its agentic approach to security, deploying autonomous agents to execute both black-box and white-box exploits against running applica

    TypeScriptpenetration-testingpentestingsecurity-audit
    View on GitHub↗44,672
  • koalaman/shellcheckkoalaman avatar

    koalaman/shellcheck

    39,574View on GitHub↗

    This project is a static analysis tool and linter designed to improve the quality, reliability, and portability of shell scripts. By performing deep structural analysis, it identifies common programming pitfalls, syntax errors, and security vulnerabilities before scripts are executed. It functions as an automated code reviewer that enforces best practices and helps developers maintain consistent, robust code across different operating environments. The tool distinguishes itself through its dialect-aware grammar resolution, which adapts its parsing logic based on the specific shell interpreter

    Haskellbashdeveloper-toolshaskell
    View on GitHub↗39,574
  • github/awesome-copilotgithub avatar

    github/awesome-copilot

    35,119View on GitHub↗

    Awesome Copilot is a comprehensive framework for autonomous software development, providing the infrastructure to orchestrate multi-agent teams and automate complex coding workflows. It functions as a centralized platform for managing AI-driven development, enabling developers to deploy specialized agents that interact with local files, terminal commands, and external APIs to execute end-to-end software delivery tasks. The project distinguishes itself through its focus on governance and extensibility, offering a suite of security controls, policy-based execution guardrails, and audit trails t

    Pythonaigithub-copilothacktoberfest
    View on GitHub↗35,119
  • rust-lang/rust-analyzerrust-lang avatar

    rust-lang/rust-analyzer

    16,590View on GitHub↗

    Rust-analyzer is a language server implementation that provides real-time code intelligence, static analysis, and development productivity tools for the Rust programming language. It functions as a backend engine that communicates with text editors to deliver deep structural understanding of source code, enabling features like semantic analysis, symbol navigation, and automated refactoring. The project distinguishes itself through a core engine designed for high-performance responsiveness, utilizing incremental query-based compilation and lazy demand-driven evaluation to minimize resource con

    Rusthacktoberfestlsp-serverrust
    View on GitHub↗16,590
  • rust-lang/cargorust-lang avatar

    rust-lang/cargo

    14,624View on GitHub↗

    Cargo is the official build system and package manager for the Rust programming language. It provides a unified command-line interface that orchestrates the entire development lifecycle, including compiling source code, managing complex dependency graphs, running tests, and distributing packages through a centralized registry. By utilizing declarative manifest files, it ensures that builds remain reproducible and consistent across different environments. The tool distinguishes itself through its deep integration with the Rust compiler and its sophisticated approach to project management. It f

    Rustcargopackage-managerrust
    View on GitHub↗14,624
  • alibaba/p3calibaba avatar

    alibaba/p3c

    30,827View on GitHub↗

    p3c is a Java static analysis tool and code quality linter designed to enforce professional coding guidelines and quality standards. It utilizes a set of custom rules based on the PMD engine to scan source code for style violations, performance bottlenecks, and potential bugs. The project is distributed as an IDE linting plugin that provides real-time feedback and warnings during development. It also includes functionality for pre-commit code quality gates, allowing modified files to be scanned and blocked if they violate defined rules before being committed to version control. The analysis

    Kotlin
    View on GitHub↗30,827
  • flyerhzm/rails_best_practicesflyerhzm avatar

    flyerhzm/rails_best_practices

    4,166View on GitHub↗

    This project is a static analysis tool and linter for Ruby on Rails designed to identify architectural smells and violations of best practices. It serves as a code quality linter, architectural auditor, security scanner, and performance analyzer for Rails applications. The tool evaluates the separation of concerns between controllers, models, and view templates to reduce technical debt. It identifies suboptimal coding patterns and enforces stylistic consistency, while specifically scanning for security vulnerabilities such as unprotected mass assignment in models. The analysis surface covers

    Ruby
    View on GitHub↗4,166
  • rrrene/credorrrene avatar

    rrrene/credo

    5,193View on GitHub↗

    Credo is a static analysis tool and linter for Elixir. It functions as a code quality analyzer that scans source code to identify stylistic inconsistencies, common mistakes, and potential security vulnerabilities. The tool provides a customizable framework for defining and testing specialized rules to enforce project-specific coding standards. It identifies complex code fragments and duplication to highlight opportunities for refactoring and simplification. Its capabilities cover automated code reviews, the enforcement of Elixir coding standards, and real-time developer feedback through edit

    Elixir
    View on GitHub↗5,193
  • thelartians/moderncppstarterTheLartians avatar

    TheLartians/ModernCppStarter

    5,306View on GitHub↗

    ModernCppStarter is a pre-configured project boilerplate and bootstrapping environment for C++ libraries and executables. It provides a standardized set of CMake build configurations and templates to automate the initialization of new projects. The project integrates a comprehensive static analysis suite and documentation automation. It includes systems for enforcing code quality through sanitizers and analyzers, as well as a pipeline for generating and deploying technical documentation during project releases. The template covers broader development infrastructure, including dependency mana

    CMakebootstrapcccache
    View on GitHub↗5,306
  • wordpress/wordpress-coding-standardsWordPress avatar

    WordPress/WordPress-Coding-Standards

    2,757View on GitHub↗

    WordPress Coding Standards is a collection of rules for the PHP CodeSniffer engine designed to enforce consistent coding conventions and best practices within PHP projects. It functions as a specialized static analysis tool that scans source code to identify style violations, security vulnerabilities, and potential bugs before execution. By integrating into development workflows, it ensures that code adheres to official project conventions, maintaining readability and consistency across large-scale plugin and theme development. The project distinguishes itself through deep domain-specific val

    PHPcoding-conventionsphp-codesnifferphpcs
    View on GitHub↗2,757
  • rohitg00/awesome-ai-appsrohitg00 avatar

    rohitg00/awesome-ai-apps

    723View on GitHub↗

    This project serves as a curated directory and resource hub for developers working with generative artificial intelligence. It provides a comprehensive index of open-source software solutions, frameworks, and project examples designed to help users discover and implement advanced AI systems. The repository focuses on practical implementations of agentic, multimodal, and retrieval-augmented generation architectures. It highlights tools for building conversational assistants, voice-enabled agents, and automated workflows that leverage large language models. By showcasing diverse technical domai

    HTMLagentsaiapps
    View on GitHub↗723
  • php-cs-fixer/php-cs-fixerPHP-CS-Fixer avatar

    PHP-CS-Fixer/PHP-CS-Fixer

    13,463View on GitHub↗

    This tool is a command-line utility designed to automatically detect and correct coding standard violations in PHP source files. It functions as a static analysis and refactoring engine that ensures consistent project-wide formatting by applying predefined community conventions or custom organizational rules. The project distinguishes itself through a modular rule-based engine that supports both automated style correction and codebase modernization. It allows developers to update legacy syntax to align with newer language versions and testing framework requirements, facilitating the adoption

    PHPcode-standardscode-stylephp
    View on GitHub↗13,463
  • aplus-framework/appaplus-framework avatar

    aplus-framework/app

    594View on GitHub↗

    This project is a PHP web application framework designed to provide a structured foundation for building and scaling applications. It utilizes a model-view-controller architecture to separate data management, user interface rendering, and request handling, while employing a service container to manage dependency injection and modular code organization. The framework distinguishes itself by integrating a comprehensive suite of development and maintenance tools directly into the ecosystem. It features a command-line interface for automating repetitive tasks and managing application state, along

    PHPaplusaplus-frameworkapp
    View on GitHub↗594
  • dense-analysis/aledense-analysis avatar

    dense-analysis/ale

    13,966View on GitHub↗

    Ale is an asynchronous code analysis tool and integrated development environment plugin designed for lightweight text editors. It functions as a language server protocol client, enabling real-time code intelligence and diagnostic feedback by running analysis tasks in the background to ensure the editor interface remains responsive during intensive operations. The plugin utilizes an event-driven architecture to monitor text buffers and trigger linting or formatting routines automatically. It distinguishes itself through a modular extensibility framework that supports a wide range of language-s

    Vim Scriptautocompletelanguage-server-protocollanguageclient
    View on GitHub↗13,966
  • quozd/awesome-dotnetquozd avatar

    quozd/awesome-dotnet

    21,410View on GitHub↗

    This project serves as a comprehensive, community-driven directory for the .NET ecosystem. It functions as a curated index of high-quality libraries, frameworks, and tools designed to assist developers in identifying recommended solutions for a wide range of project requirements and software engineering tasks. The repository distinguishes itself by providing a categorized catalogue that simplifies the discovery of resources across the entire .NET development lifecycle. By maintaining a standardized collection of community-contributed utilities, it helps developers navigate the ecosystem to fi

    awesomeawesome-listclr
    View on GitHub↗21,410
  • dbt-labs/dbt-coredbt-labs avatar

    dbt-labs/dbt-core

    13,051View on GitHub↗

    dbt-core is a command-line framework for transforming data within a warehouse using modular SQL and version control. It functions as a data transformation engine that enables users to define data structures and business logic through declarative configuration files, which the system then compiles into executable code. By managing complex data dependencies through a directed acyclic graph, it ensures that transformation tasks execute in the correct order while maintaining a manifest-driven state to track lineage and execution history. The project distinguishes itself through an adapter-based d

    Rustanalyticsbusiness-intelligencedata-modeling
    View on GitHub↗13,051
  • phpstan/phpstanphpstan avatar

    phpstan/phpstan

    13,999View on GitHub↗

    This project is a static analysis engine and type checker designed for PHP codebases. It evaluates source code structure and type annotations to identify potential bugs, type mismatches, and logic errors without executing the application. By parsing code into an abstract syntax tree and applying a rule-based validation framework, it enforces code quality and safety standards across a project. What distinguishes this tool is its sophisticated type inference engine, which models dynamic language features, magic methods, and conditional types to maintain accuracy even in unconventional code. It

    PHPphpphp7phpstan
    View on GitHub↗13,999
  • bodadotsh/npm-security-best-practicesbodadotsh avatar

    bodadotsh/npm-security-best-practices

    761View on GitHub↗

    This project provides a comprehensive guide for securing the software supply chain within Node.js and npm environments. It focuses on hardening the entire lifecycle of third-party dependencies and package publishing processes to protect applications from malicious code injection and unauthorized registry modifications. The guide distinguishes itself by emphasizing identity-based authentication and cryptographic provenance to verify the origin of distributed artifacts. It advocates for strict governance policies, such as enforcing minimum release ages for dependencies and disabling automatic l

    awesomedenojavascript
    View on GitHub↗761
  • detekt/detektdetekt avatar

    detekt/detekt

    6,977View on GitHub↗

    Detekt is a static analysis tool, code quality linter, and complexity analyzer for Kotlin source code. It functions as a code smell detector and static scanner designed to identify potential bugs, design flaws, and violations of coding standards without executing the program. The tool differentiates itself through the use of issue baselining, which allows users to create a snapshot of existing legacy code issues to filter out old violations and focus on preventing new regressions. It further supports extensibility via a plugin-based system that allows for the integration of custom rule sets a

    Kotlin
    View on GitHub↗6,977
  • ansible/ansible-lintansible avatar

    ansible/ansible-lint

    3,876View on GitHub↗

    ansible-lint is a static code analysis tool and linter designed to identify syntax errors and best practice violations within Ansible playbooks and roles. It functions as a quality gate for automation pipelines, scanning configuration files and scripts without executing the code to ensure reliability and consistency. The project distinguishes itself by acting as an automated code formatter that can correct identified linting issues and reformat files to meet community standards. It also serves as a dependency manager, automatically detecting and installing required roles and collections from

    Pythonansibleansible-dev-toolsansible-lint
    View on GitHub↗3,876
  • jshint/jshintjshint avatar

    jshint/jshint

    9,064View on GitHub↗

    JSHint is a JavaScript static analysis tool and linter designed to detect errors and enforce coding standards. It functions as a syntax validator that scans source code to identify potential logic problems and programming mistakes before the code is executed. The tool provides a command line interface for analyzing files and directories. It supports the export of analysis results into standardized formats such as Checkstyle for integration with external build tools. Analysis is managed through a system of linting rule management and environment global configuration. This includes the ability

    JavaScript
    View on GitHub↗9,064
  • rust-lang/rust-clippyrust-lang avatar

    rust-lang/rust-clippy

    13,309View on GitHub↗

    This project is a static analysis linter, code quality tool, and language auditor for Rust. It functions as an automated refactoring system designed to identify common mistakes and suggest idiomatic improvements for Rust source code. The tool identifies non-idiomatic patterns, performance bottlenecks, and code smells to improve the overall correctness and quality of the code. It specifically audits memory safety by flagging suspicious use of unsafe blocks and pointer manipulations and detects inefficient operations to optimize execution speed. The analysis surface covers coding style enforce

    Rustlintrust
    View on GitHub↗13,309
  • qodo-ai/qodo-coverqodo-ai avatar

    qodo-ai/qodo-cover

    5,444View on GitHub↗

    Qodo Cover is an engineering governance platform and AI-powered assistant designed for automated code review and unit test generation. It utilizes an abstract syntax tree codebase knowledge graph to map dependencies and architectural relationships, allowing it to analyze pull requests and enforce organizational coding standards. The system distinguishes itself through a multi-agent analysis pipeline that performs architectural reasoning and identifies bugs beyond the immediate diff. It features a model context protocol server to expose codebase intelligence to external tools and can automatic

    Pythonagentsaitest-automation
    View on GitHub↗5,444
  • oclint/oclintoclint avatar

    oclint/oclint

    3,881View on GitHub↗

    Oclint is a static analysis engine and extensible linting framework designed for C, C++, and Objective-C source code. It functions as a code quality tool that identifies bugs, code smells, and structural complexities by parsing source code into abstract syntax trees to perform semantic inspection. The project is distinguished by its modular architecture, which supports dynamic plugin loading for custom inspection rules and a pluggable reporter system for exporting analysis findings in multiple formats. It replicates build configurations by reading compiler flags and include paths to ensure th

    C++
    View on GitHub↗3,881
  • sonarsource/sonarqubeSonarSource avatar

    SonarSource/sonarqube

    10,259View on GitHub↗

    SonarQube is a static code analysis platform used to scan source code and infrastructure scripts across multiple languages. It detects bugs, security vulnerabilities, and maintainability issues to ensure software meets reliability and security standards. The platform implements automated quality gates for continuous integration and delivery pipelines, verifying code against defined rules during merge or pull requests. It also integrates directly with code editors to provide real-time analysis results and quick-fix guidance during development. The system covers broad functional areas includin

    Javacode-qualitysonarqubestatic-analysis
    View on GitHub↗10,259