30 open-source projects similar to analysis-tools-dev/static-analysis, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Static Analysis alternative.
Checkstyle is a Java static analysis tool and linter designed to identify and enforce coding standards and best practices. It functions as a code quality auditor and Javadoc validation tool, checking source code against configurable rulesets to ensure structural and stylistic consistency. The project allows for the creation of custom linting rules by extending a core API to inspect the abstract syntax tree. It further enables specialized validation through the use of XPath expressions to query the syntax tree for specific code patterns and violations. Capability areas include the enforcement
This project is a static analysis runner designed to identify bugs, performance bottlenecks, and stylistic inconsistencies within Go codebases. It functions as a comprehensive quality assurance suite that executes multiple analysis tools concurrently to provide a unified diagnostic report. By parsing source code into a structured representation, the tool enforces coding standards, validates import structures, and ensures consistent formatting across entire projects. The tool distinguishes itself through its ability to automate the remediation of identified issues, applying programmatic fixes
This project provides a framework for managing multi-agent systems, designed to automate complex software development, infrastructure, and business workflows. It functions as a multi-agent workflow orchestrator that routes tasks to domain-specific workers while maintaining state persistence and infrastructure automation. By leveraging large language models, the system decomposes high-level objectives into actionable plans, ensuring that complex operations are executed with consistency and reliability. The framework distinguishes itself through its hierarchical agent registry and policy-driven
Semgrep is a static analysis security testing tool designed to identify vulnerabilities and logic errors by matching source code against declarative patterns. It functions as an automated scanner that integrates into development workflows to detect insecure code patterns and enforce coding standards before deployment. The engine utilizes a language-agnostic intermediate representation and a modular parser architecture to normalize diverse programming languages into a unified format. This allows for consistent rule execution across different codebases, enabling users to perform custom structur
Flow is a JavaScript static type checker and AST parser that identifies type errors and prevents runtime failures through static annotations. It functions as a code intelligence engine and a static analysis linter to identify unsafe coding patterns and enforce consistency across a codebase. The project includes a type annotation stripper that removes static type signatures from source code, ensuring the resulting JavaScript is compatible with any runtime environment. It also provides a parser that converts typed JavaScript into an abstract syntax tree conforming to the ESTree specification.
Shannon is an integrated security platform designed for autonomous penetration testing, static and dynamic analysis, and automated vulnerability remediation within self-hosted, private infrastructure. It functions as a unified security suite that orchestrates the entire lifecycle of vulnerability management, from initial discovery and reachability prioritization to the generation and verification of code-level patches. The platform distinguishes itself through its agentic approach to security, deploying autonomous agents to execute both black-box and white-box exploits against running applica
This project is a static analysis tool and linter designed to improve the quality, reliability, and portability of shell scripts. By performing deep structural analysis, it identifies common programming pitfalls, syntax errors, and security vulnerabilities before scripts are executed. It functions as an automated code reviewer that enforces best practices and helps developers maintain consistent, robust code across different operating environments. The tool distinguishes itself through its dialect-aware grammar resolution, which adapts its parsing logic based on the specific shell interpreter
Awesome Copilot is a comprehensive framework for autonomous software development, providing the infrastructure to orchestrate multi-agent teams and automate complex coding workflows. It functions as a centralized platform for managing AI-driven development, enabling developers to deploy specialized agents that interact with local files, terminal commands, and external APIs to execute end-to-end software delivery tasks. The project distinguishes itself through its focus on governance and extensibility, offering a suite of security controls, policy-based execution guardrails, and audit trails t
Rust-analyzer is a language server implementation that provides real-time code intelligence, static analysis, and development productivity tools for the Rust programming language. It functions as a backend engine that communicates with text editors to deliver deep structural understanding of source code, enabling features like semantic analysis, symbol navigation, and automated refactoring. The project distinguishes itself through a core engine designed for high-performance responsiveness, utilizing incremental query-based compilation and lazy demand-driven evaluation to minimize resource con
Cargo is the official build system and package manager for the Rust programming language. It provides a unified command-line interface that orchestrates the entire development lifecycle, including compiling source code, managing complex dependency graphs, running tests, and distributing packages through a centralized registry. By utilizing declarative manifest files, it ensures that builds remain reproducible and consistent across different environments. The tool distinguishes itself through its deep integration with the Rust compiler and its sophisticated approach to project management. It f
p3c is a Java static analysis tool and code quality linter designed to enforce professional coding guidelines and quality standards. It utilizes a set of custom rules based on the PMD engine to scan source code for style violations, performance bottlenecks, and potential bugs. The project is distributed as an IDE linting plugin that provides real-time feedback and warnings during development. It also includes functionality for pre-commit code quality gates, allowing modified files to be scanned and blocked if they violate defined rules before being committed to version control. The analysis
This project is a static analysis tool and linter for Ruby on Rails designed to identify architectural smells and violations of best practices. It serves as a code quality linter, architectural auditor, security scanner, and performance analyzer for Rails applications. The tool evaluates the separation of concerns between controllers, models, and view templates to reduce technical debt. It identifies suboptimal coding patterns and enforces stylistic consistency, while specifically scanning for security vulnerabilities such as unprotected mass assignment in models. The analysis surface covers
Credo is a static analysis tool and linter for Elixir. It functions as a code quality analyzer that scans source code to identify stylistic inconsistencies, common mistakes, and potential security vulnerabilities. The tool provides a customizable framework for defining and testing specialized rules to enforce project-specific coding standards. It identifies complex code fragments and duplication to highlight opportunities for refactoring and simplification. Its capabilities cover automated code reviews, the enforcement of Elixir coding standards, and real-time developer feedback through edit
ModernCppStarter is a pre-configured project boilerplate and bootstrapping environment for C++ libraries and executables. It provides a standardized set of CMake build configurations and templates to automate the initialization of new projects. The project integrates a comprehensive static analysis suite and documentation automation. It includes systems for enforcing code quality through sanitizers and analyzers, as well as a pipeline for generating and deploying technical documentation during project releases. The template covers broader development infrastructure, including dependency mana
WordPress Coding Standards is a collection of rules for the PHP CodeSniffer engine designed to enforce consistent coding conventions and best practices within PHP projects. It functions as a specialized static analysis tool that scans source code to identify style violations, security vulnerabilities, and potential bugs before execution. By integrating into development workflows, it ensures that code adheres to official project conventions, maintaining readability and consistency across large-scale plugin and theme development. The project distinguishes itself through deep domain-specific val
This project serves as a curated directory and resource hub for developers working with generative artificial intelligence. It provides a comprehensive index of open-source software solutions, frameworks, and project examples designed to help users discover and implement advanced AI systems. The repository focuses on practical implementations of agentic, multimodal, and retrieval-augmented generation architectures. It highlights tools for building conversational assistants, voice-enabled agents, and automated workflows that leverage large language models. By showcasing diverse technical domai
This tool is a command-line utility designed to automatically detect and correct coding standard violations in PHP source files. It functions as a static analysis and refactoring engine that ensures consistent project-wide formatting by applying predefined community conventions or custom organizational rules. The project distinguishes itself through a modular rule-based engine that supports both automated style correction and codebase modernization. It allows developers to update legacy syntax to align with newer language versions and testing framework requirements, facilitating the adoption
This project is a PHP web application framework designed to provide a structured foundation for building and scaling applications. It utilizes a model-view-controller architecture to separate data management, user interface rendering, and request handling, while employing a service container to manage dependency injection and modular code organization. The framework distinguishes itself by integrating a comprehensive suite of development and maintenance tools directly into the ecosystem. It features a command-line interface for automating repetitive tasks and managing application state, along
Ale is an asynchronous code analysis tool and integrated development environment plugin designed for lightweight text editors. It functions as a language server protocol client, enabling real-time code intelligence and diagnostic feedback by running analysis tasks in the background to ensure the editor interface remains responsive during intensive operations. The plugin utilizes an event-driven architecture to monitor text buffers and trigger linting or formatting routines automatically. It distinguishes itself through a modular extensibility framework that supports a wide range of language-s
This project serves as a comprehensive, community-driven directory for the .NET ecosystem. It functions as a curated index of high-quality libraries, frameworks, and tools designed to assist developers in identifying recommended solutions for a wide range of project requirements and software engineering tasks. The repository distinguishes itself by providing a categorized catalogue that simplifies the discovery of resources across the entire .NET development lifecycle. By maintaining a standardized collection of community-contributed utilities, it helps developers navigate the ecosystem to fi
dbt-core is a command-line framework for transforming data within a warehouse using modular SQL and version control. It functions as a data transformation engine that enables users to define data structures and business logic through declarative configuration files, which the system then compiles into executable code. By managing complex data dependencies through a directed acyclic graph, it ensures that transformation tasks execute in the correct order while maintaining a manifest-driven state to track lineage and execution history. The project distinguishes itself through an adapter-based d
This project is a static analysis engine and type checker designed for PHP codebases. It evaluates source code structure and type annotations to identify potential bugs, type mismatches, and logic errors without executing the application. By parsing code into an abstract syntax tree and applying a rule-based validation framework, it enforces code quality and safety standards across a project. What distinguishes this tool is its sophisticated type inference engine, which models dynamic language features, magic methods, and conditional types to maintain accuracy even in unconventional code. It
This project provides a comprehensive guide for securing the software supply chain within Node.js and npm environments. It focuses on hardening the entire lifecycle of third-party dependencies and package publishing processes to protect applications from malicious code injection and unauthorized registry modifications. The guide distinguishes itself by emphasizing identity-based authentication and cryptographic provenance to verify the origin of distributed artifacts. It advocates for strict governance policies, such as enforcing minimum release ages for dependencies and disabling automatic l
Detekt is a static analysis tool, code quality linter, and complexity analyzer for Kotlin source code. It functions as a code smell detector and static scanner designed to identify potential bugs, design flaws, and violations of coding standards without executing the program. The tool differentiates itself through the use of issue baselining, which allows users to create a snapshot of existing legacy code issues to filter out old violations and focus on preventing new regressions. It further supports extensibility via a plugin-based system that allows for the integration of custom rule sets a
ansible-lint is a static code analysis tool and linter designed to identify syntax errors and best practice violations within Ansible playbooks and roles. It functions as a quality gate for automation pipelines, scanning configuration files and scripts without executing the code to ensure reliability and consistency. The project distinguishes itself by acting as an automated code formatter that can correct identified linting issues and reformat files to meet community standards. It also serves as a dependency manager, automatically detecting and installing required roles and collections from
JSHint is a JavaScript static analysis tool and linter designed to detect errors and enforce coding standards. It functions as a syntax validator that scans source code to identify potential logic problems and programming mistakes before the code is executed. The tool provides a command line interface for analyzing files and directories. It supports the export of analysis results into standardized formats such as Checkstyle for integration with external build tools. Analysis is managed through a system of linting rule management and environment global configuration. This includes the ability
This project is a static analysis linter, code quality tool, and language auditor for Rust. It functions as an automated refactoring system designed to identify common mistakes and suggest idiomatic improvements for Rust source code. The tool identifies non-idiomatic patterns, performance bottlenecks, and code smells to improve the overall correctness and quality of the code. It specifically audits memory safety by flagging suspicious use of unsafe blocks and pointer manipulations and detects inefficient operations to optimize execution speed. The analysis surface covers coding style enforce
Qodo Cover is an engineering governance platform and AI-powered assistant designed for automated code review and unit test generation. It utilizes an abstract syntax tree codebase knowledge graph to map dependencies and architectural relationships, allowing it to analyze pull requests and enforce organizational coding standards. The system distinguishes itself through a multi-agent analysis pipeline that performs architectural reasoning and identifies bugs beyond the immediate diff. It features a model context protocol server to expose codebase intelligence to external tools and can automatic
Oclint is a static analysis engine and extensible linting framework designed for C, C++, and Objective-C source code. It functions as a code quality tool that identifies bugs, code smells, and structural complexities by parsing source code into abstract syntax trees to perform semantic inspection. The project is distinguished by its modular architecture, which supports dynamic plugin loading for custom inspection rules and a pluggable reporter system for exporting analysis findings in multiple formats. It replicates build configurations by reading compiler flags and include paths to ensure th
SonarQube is a static code analysis platform used to scan source code and infrastructure scripts across multiple languages. It detects bugs, security vulnerabilities, and maintainability issues to ensure software meets reliability and security standards. The platform implements automated quality gates for continuous integration and delivery pipelines, verifying code against defined rules during merge or pull requests. It also integrates directly with code editors to provide real-time analysis results and quick-fix guidance during development. The system covers broad functional areas includin