30 open-source projects similar to cppcheck-opensource/cppcheck, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Cppcheck alternative.
Checkstyle is a Java static analysis tool and linter designed to identify and enforce coding standards and best practices. It functions as a code quality auditor and Javadoc validation tool, checking source code against configurable rulesets to ensure structural and stylistic consistency. The project allows for the creation of custom linting rules by extending a core API to inspect the abstract syntax tree. It further enables specialized validation through the use of XPath expressions to query the syntax tree for specific code patterns and violations. Capability areas include the enforcement
SpotBugs is a static analysis tool and bytecode analyzer for Java applications. It scans compiled class files to identify bugs, security vulnerabilities, and performance issues without executing the code. The system functions as both a bug detector and a static application security testing tool to locate logical errors and API misuse. The project distinguishes itself through a plugin-based detector architecture that allows the integration of external libraries to add custom detection rules. It provides specialized security auditing for vulnerabilities such as SQL injection, cross-site scripti
This project is a software engineering style guide and a curated collection of architectural patterns and coding standards. It provides a multi-language coding standard to ensure maintainable software across Ruby, Python, JavaScript, and Swift. The project establishes a development workflow specification for version control, continuous integration, and peer review to maintain a linear project history. It also includes a web accessibility framework based on ARIA and WCAG standards, using design tokens and semantic HTML patterns to build inclusive interfaces. The guides cover a broad range of
This project is a curated collection of guidelines and technical resources designed to improve C++ code safety, maintainability, and performance. It provides a comprehensive set of coding standards and best practices for establishing consistent naming, formatting, and structural patterns across C++ codebases. The guide offers specific technical advice on performance optimization, including methods for minimizing object copying, optimizing memory allocation, and reducing compilation cycles. It also provides a directory of tooling recommendations for implementing static analysis, fuzz testing,
Brakeman is a static analysis security tool and scanner specifically designed for Ruby on Rails source code. It identifies common security vulnerabilities, such as injection and cross-site scripting, by analyzing the application codebase without executing the application. The tool functions as a security auditor that detects mass assignment risks and template vulnerabilities. It evaluates the final output of rendered views and identifies unrestricted assignment patterns that could allow unauthorized modification of model attributes. The system provides vulnerability management through the us
This project is a CSS linter and static analysis tool designed to identify syntax errors, logic flaws, and problematic patterns in Cascading Stylesheets. It functions as a command line validator that verifies code quality and enforces consistent styling and coding standards without requiring a web browser. The analyzer distinguishes itself by incorporating web accessibility auditing to detect patterns that hinder users with disabilities. It also performs browser compatibility checking to identify non-standard hacks and missing vendor prefixes, and provides performance optimization analysis to
This project is a static analysis linter, code quality tool, and language auditor for Rust. It functions as an automated refactoring system designed to identify common mistakes and suggest idiomatic improvements for Rust source code. The tool identifies non-idiomatic patterns, performance bottlenecks, and code smells to improve the overall correctness and quality of the code. It specifically audits memory safety by flagging suspicious use of unsafe blocks and pointer manipulations and detects inefficient operations to optimize execution speed. The analysis surface covers coding style enforce
Prepack is a build-time transformation tool and static analysis engine designed to optimize JavaScript source code. By executing code during the build process, it evaluates program logic and state to precompute results, effectively simplifying complex operations before the application is deployed. The tool functions as a bundle optimizer that integrates into existing development pipelines to refine application logic. It employs abstract interpretation and symbolic execution to track program behavior across various paths, allowing it to perform constant folding, eliminate unreachable code, and
This project is a JavaScript style guide and a set of coding standards designed to ensure codebase consistency. It provides a collection of best practices for writing maintainable and idiomatic code, focusing on variable naming, type checking, and execution context. The project serves as a static analysis guide, offering frameworks and guidelines for using linters and automated tools to identify bugs and verify code correctness before deployment. It establishes standards for formatting, syntax, and variable declarations to standardize code style across a project. The scope of the project cov
Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co
This project is a language extension for VS Code that provides comprehensive Go language support. It functions as a language server client, a debugger interface, and a toolchain manager to facilitate Go application development. The extension distinguishes itself by integrating a full suite of toolchain management capabilities, allowing for the installation and configuration of required binaries, linters, and compiler versions directly within the editor. It also provides deep integration for interactive debugging via Delve, supporting remote target debugging, process attachment, and program st
Plato is a JavaScript static analysis tool and code complexity visualizer. It computes complexity metrics and runs linting checks on JavaScript source code to evaluate codebase quality, presenting the results through a static analysis dashboard. The system aggregates linting data and technical metrics into timestamped reports. It specifically calculates cyclomatic and Halstead metrics to identify overly complicated files and assess the maintainability of a project. The tool provides capabilities for source code visualization, automated quality reporting, and maintainability assessment. It in
This project is a high-performance static type checker and comprehensive development toolkit for Python. It functions as a core analysis engine that identifies type inconsistencies and enforces code correctness, while simultaneously providing a language server implementation to deliver real-time diagnostics and intelligence directly within development environments. The tool distinguishes itself through a parallelized execution engine that maximizes performance across large-scale codebases and monorepo structures. It supports gradual type adoption, allowing developers to integrate type checkin
TensorBoard is a visualization toolkit for tracking and analyzing machine learning model training progress and performance using TensorFlow event logs. It provides a monitoring dashboard for plotting scalar metrics, tensor distributions, and training curves, and includes specialized tools for visualizing neural network computational graphs and projecting high-dimensional embeddings. The project enables side-by-side comparison of multiple training runs to analyze the impact of hyperparameters on model outcomes. It also features a high-dimensional embedding projector and a graph visualizer for
This browser extension is a web-based source code navigator that transforms import statements, include declarations, and dependency paths into clickable links. It functions as a dependency link resolver and workflow action navigator, mapping language-specific requirements to their corresponding source code or external repositories. The project provides a package dependency previewer that uses hovercards to display metadata and dependency insights without requiring the user to leave the current page. It also converts action definitions within CI/CD workflow files into direct links to their und
Vitest is a high-performance testing framework designed for JavaScript and TypeScript applications. It provides an integrated environment that supports unit, integration, and browser-based testing, allowing developers to execute test suites natively without requiring separate build steps or complex configuration. The project distinguishes itself through a highly optimized execution model that leverages worker-thread isolation and on-demand module transformation to provide rapid feedback. It includes a comprehensive suite of mocking and spying utilities that allow for the interception of depen
OctoLinker is a browser extension that enhances navigation within GitHub repositories by converting text-based dependency references, import statements, and workflow actions into clickable links. It functions as a cross-language code navigator and dependency linker, transforming static references into direct links to source repositories and files. The tool provides integrated package insight hovercards that display dependency details and package information without requiring the user to leave the current page. It specifically maps GitHub Action definitions in workflow files directly to their
This project is an interactive data science environment that combines code execution, rich media visualization, and narrative documentation into a persistent, browser-based platform. It serves as a comprehensive educational resource for scientific computing, providing a framework for iterative data analysis and machine learning prototyping. The environment is distinguished by its focus on high-performance numerical computing, utilizing vectorized array operations and memory-mapped data structures to handle large-scale computations efficiently. It features a unified estimator interface that st
kro is a Kubernetes resource orchestrator and API abstraction layer that enables the definition of simplified custom API surfaces. It allows users to map high-level inputs to complex templates of underlying Kubernetes objects, effectively grouping interdependent resources into single, manageable units. The project differentiates itself by automating the generation of custom resource definitions and dedicated controllers from resource graph specifications without requiring manual Go code. It employs a dependency manager that uses directed acyclic graphs to coordinate the creation, readiness, a
This project is a code naming convention guide and programming style guide. It provides a language-agnostic set of rules for naming variables and functions to improve the readability and cohesiveness of a codebase. The guide implements a variable naming framework that organizes identifiers using abstract, high-context, and low-context patterns. It also defines a specific function naming pattern based on a prefix-action-context system to communicate the operational domain and intended results of a function. The system covers broader standards for code readability optimization, including the u
This project is a static analysis tool and linter for Elixir designed to enforce a unified visual structure across codebases. It serves as a specification for code formatting, naming conventions, and documentation standards. The tool provides a standardized system for casing and prefixes used in files, functions, and variables. It also establishes guidelines for formatting module and function descriptions to ensure consistent technical documentation. The project covers a broad range of code quality areas, including the organization of module layouts, the implementation of commenting patterns
This project is a regular expression lexer library and lexical analysis engine used to break input strings into typed token streams. It serves as a foundational component for constructing compilers or interpreters by identifying and categorizing substrings into discrete tokens. The library provides a token stream navigator featuring a cursor-based interface. This allows for sequential traversal of tokenized input and non-destructive lookahead, enabling the inspection of future tokens without advancing the internal position pointer. It includes specific support for recursive descent parsing t
This project is a documentation quality framework and standardization guide for creating user-centric technical README files. It provides a structured set of guidelines and checklists designed to help developers produce professional project homepages that enable users to operate software without needing to read the source code. The framework emphasizes information architecture through cognitive funneling, organizing technical content from high-level summaries down to granular details to reduce cognitive load. It establishes a consistent layout and formatting standard to ensure a predictable e
This project is a software engineering standards guide and technical quality manual. It provides a framework for engineering governance, focusing on maintaining code quality, peer review processes, and sustainable development across large-scale technical organizations. The documentation establishes a code review framework that covers preparing, performing, and assigning peer reviews to ensure codebase stability. It defines standardized engineering patterns and maintainability criteria to keep diverse project repositories uniform and readable. The guidelines encompass code quality assurance,
Diaphora is a binary diffing tool and similarity engine designed to compare compiled binaries and identify changed or matching code sections. It functions as a reverse engineering plugin that maps relationships between functions and detects compilation units using assembler analysis and graph theory. The project specializes in vulnerability patch analysis, allowing users to detect security fixes by comparing different versions of a binary. It synchronizes analysis metadata, such as symbol names and comments, between binaries and generates patches by comparing decompiled pseudo-code. The engi
Bhai-lang is a TypeScript-based toy programming language and custom syntax interpreter. It functions as an educational language implementation designed to demonstrate core concepts of variable management, conditional logic, and execution flow. The project provides a custom command line interface and an interactive code playground for writing and testing scripts. It serves as a framework for programming language prototyping, allowing for the definition of custom syntax and execution logic. The system covers the full interpreter pipeline, including lexical analysis, recursive descent parsing,
RetDec is a reverse engineering framework and static binary analysis tool. Its primary purpose is to function as an LLVM-based machine code decompiler that translates binary machine code from multiple architectures into high-level C source code. The system employs a multi-stage lifting pipeline to recover program logic, using an intermediate representation to apply optimizations before emitting source code. It distinguishes itself through the ability to identify compilers and packers, perform executable unpacking, and reconstruct class hierarchies and original program structures. The framewo
PHP-CS-Fixer is a static analysis tool and code style linter designed to validate PHP code against predefined standards. It functions as a coding standard fixer that automatically detects and corrects style violations to ensure consistent formatting across a codebase. The project serves as a syntax modernizer, providing automated tools to update legacy PHP syntax to align with newer language versions. It also allows for the creation of custom style rules when built-in standards do not meet specific requirements. The tool covers broad capability areas including automated linting workflows and