30 open-source projects similar to danmar/cppcheck, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Cppcheck alternative.
gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph
Pylint is a static code analysis tool for Python that checks source code for errors, coding standard violations, and code smells without executing the program. It parses code into an abstract syntax tree and walks the tree to detect issues, enforces configurable style rules and naming conventions, and identifies duplicate code blocks by comparing tokenised source sequences. The tool also includes an inference engine that deduces variable types by simulating code paths, enabling deeper analysis even in untyped code. What distinguishes Pylint is its plugin-based checker architecture, which allo
This project is a comprehensive educational resource and programming course covering C++ language semantics and features from C++03 through C++26. It provides structured tutorials and technical guides focused on modern C++ development. The material offers specialized instruction on template metaprogramming, including the use of type traits and compile-time computations. It features detailed guides on concurrency and parallelism for multi-core execution, as well as a reference for software design applying SOLID principles and RAII. Additionally, it covers build performance optimization to redu
This is a static analysis linter and code quality tool for Go. It analyzes source code to identify common coding errors, style mistakes, and inconsistencies with language conventions. The tool is designed for integration with text editors and integrated development environments, exporting linting results in formats that support quickfix menus. Its capabilities include Go static analysis and source code quality assurance across files and packages. The system utilizes a static analysis pipeline and rule-based pattern matching to identify structural patterns that violate predefined coding stand
Larastan is a static analysis extension and type inference engine for PHP designed to detect bugs and type errors in Laravel applications. It extends PHPStan to resolve framework-specific patterns and magic methods, providing a rule-based scanning engine to audit code quality without executing the application. The tool specializes in Eloquent analysis, verifying that model properties, casts, and relationships align with database schemas and migrations. It tracks types across Eloquent collections, custom builders, and model factories to ensure type safety during database operations and iterati
This project is a static analysis tool and linter designed to improve the quality, reliability, and portability of shell scripts. By performing deep structural analysis, it identifies common programming pitfalls, syntax errors, and security vulnerabilities before scripts are executed. It functions as an automated code reviewer that enforces best practices and helps developers maintain consistent, robust code across different operating environments. The tool distinguishes itself through its dialect-aware grammar resolution, which adapts its parsing logic based on the specific shell interpreter
Zizmor is a security linter and static analysis tool designed to audit GitHub Actions workflow files. It functions as a CI/CD security scanner that identifies security vulnerabilities, misconfigurations, and software supply chain risks within automation pipelines. The project distinguishes itself by providing an automated workflow remediator that applies security fixes to identified vulnerabilities. It also implements a language server for integration with code editors and supports a variety of analysis personas to scale the sensitivity and volume of reported findings. The tool covers a broa
This project is a community-driven directory and knowledge base for the PHP ecosystem. It serves as a comprehensive index of high-quality libraries, frameworks, tools, and educational materials, designed to help developers navigate the landscape and select appropriate solutions for their software projects. The directory distinguishes itself through a hierarchical taxonomy that organizes vast amounts of technical information into a logical, human-readable structure. By relying on distributed contributions from the developer community, it maintains a current and vetted collection of references
This project is an educational repository and collection of algorithms implemented in C++. It provides a structured set of code examples covering mathematics, computer science, and physics for reference and learning. The collection includes implementations of data structures for managing hierarchical and linear data, such as binary search trees and AVL trees. It also features simulations of computer science concepts, including CPU scheduling and the resolution of combinatorial puzzles. The repository further covers cryptographic examples through the implementation of classic encryption and e
Stylelint is a static code analysis tool and linter for CSS and style-like languages. It identifies errors, enforces coding conventions, and operates as a PostCSS plugin to validate stylesheets during build pipelines. The project distinguishes itself through support for non-standard syntaxes, including preprocessor parsing for SCSS and Less, and the ability to extract and lint embedded styles from JavaScript, HTML, and template literals. It features an automated fixing system that programmatically corrects repairable styling violations to ensure consistency. The system provides a plugin arch
Flake8 is a Python style checker and static analysis tool that identifies programmatic errors and violations of coding standards in source files. It serves as a linting wrapper that aggregates multiple checkers into a single interface, functioning as a pluggable framework for Python code analysis. The tool incorporates a cyclomatic complexity analyzer to measure the logical complexity of functions and identify code that requires refactoring. It is designed for extensibility, allowing the integration of custom plugins and rules through defined entry points. The system provides capabilities fo
This project is a comprehensive collection of reference materials, including a language cheatsheet, a standard library reference, and a concurrency reference. It serves as a guide to modern C++ development, focusing on language syntax, standard library utilities, and template metaprogramming patterns. The repository provides specific guidance on template metaprogramming through a dedicated guide covering compile-time evaluation, type deduction, and variadic template execution. The materials cover a broad range of capabilities, including asynchronous programming, memory management, and system
CPlusPlusThings is an educational and technical resource collection featuring C++ coding exercises, a concurrency library, and a programming guide. It provides structured drills and real-world challenges to reinforce language proficiency and offers technical analysis of the internal implementation of the standard library. The project implements software architecture patterns and industry-standard idioms, including the singleton pattern and resource acquisition is initialization. It also includes a framework for building logging systems with configurable severity levels and output destinations
This project is a static analysis runner designed to identify bugs, performance bottlenecks, and stylistic inconsistencies within Go codebases. It functions as a comprehensive quality assurance suite that executes multiple analysis tools concurrently to provide a unified diagnostic report. By parsing source code into a structured representation, the tool enforces coding standards, validates import structures, and ensures consistent formatting across entire projects. The tool distinguishes itself through its ability to automate the remediation of identified issues, applying programmatic fixes
This project is a static analysis linter, code quality tool, and language auditor for Rust. It functions as an automated refactoring system designed to identify common mistakes and suggest idiomatic improvements for Rust source code. The tool identifies non-idiomatic patterns, performance bottlenecks, and code smells to improve the overall correctness and quality of the code. It specifically audits memory safety by flagging suspicious use of unsafe blocks and pointer manipulations and detects inefficient operations to optimize execution speed. The analysis surface covers coding style enforce
Checkstyle is a Java static analysis tool and linter designed to identify and enforce coding standards and best practices. It functions as a code quality auditor and Javadoc validation tool, checking source code against configurable rulesets to ensure structural and stylistic consistency. The project allows for the creation of custom linting rules by extending a core API to inspect the abstract syntax tree. It further enables specialized validation through the use of XPath expressions to query the syntax tree for specific code patterns and violations. Capability areas include the enforcement
This project is a suite of runtime diagnostic tools designed to detect memory leaks, concurrency races, and language-specification violations during software execution. It provides a collection of dynamic analysis tools that identify addressability issues, uninitialized memory usage, and memory safety bugs in applications. The toolset includes a thread safety analyzer to identify data races and deadlocks in concurrent code, as well as an undefined behavior sanitizer to detect operations that violate language specifications. The system covers broad capabilities in memory safety monitoring and
OSS-Fuzz is a distributed, containerized platform for continuous fuzzing and memory safety analysis. It functions as a bug hunting infrastructure that identifies security vulnerabilities and stability bugs through automated, coverage-guided fuzz testing across a scalable cluster of containers. The system provides a continuous security testing pipeline that manages the entire lifecycle of vulnerability discovery, from bootstrapping project templates and compiling targets to executing long-running batch tests. It specifically focuses on memory safety, utilizing sanitizers to detect buffer overf
This project serves as a comprehensive tutorial and technical resource for developing network applications in the C programming language. It focuses on the practical application of the Berkeley socket interface, guiding users through the implementation of low-level network protocols and the management of data transmission across both connection-oriented and connectionless streams. The material distinguishes itself by covering the full lifecycle of network communication, from initializing system-level protocol stacks and resolving domain names to managing complex connection behaviors. It provi
This project is a C++ template tutorial and metaprogramming guide. It provides instructional content on using templates to implement generic programming and execute Turing-complete logic during the compilation process. The guide serves as a reference for static type dispatching, substitution failure, and the use of concepts to ensure type safety. It covers methods for selecting function implementations at compile time to eliminate runtime branching. The material addresses compile-time type manipulation, including the transformation of type qualifiers and the use of constraints to prevent inv
This project is a static analysis tool and linter for Ruby on Rails designed to identify architectural smells and violations of best practices. It serves as a code quality linter, architectural auditor, security scanner, and performance analyzer for Rails applications. The tool evaluates the separation of concerns between controllers, models, and view templates to reduce technical debt. It identifies suboptimal coding patterns and enforces stylistic consistency, while specifically scanning for security vulnerabilities such as unprotected mass assignment in models. The analysis surface covers
Pyre is a high-performance static type checker and analysis tool for Python. It identifies type errors and ensures type safety without executing the program, utilizing a static type inference engine to maintain consistency across functions. The project is distinguished by an incremental type analysis engine that operates as a background daemon. This system monitors filesystem changes to re-validate only modified parts of a project, reducing the time required for repeated analysis. It also includes a static analysis security tool that uses taint analysis to track untrusted data flows and ident
This project is a curated collection of guidelines and technical resources designed to improve C++ code safety, maintainability, and performance. It provides a comprehensive set of coding standards and best practices for establishing consistent naming, formatting, and structural patterns across C++ codebases. The guide offers specific technical advice on performance optimization, including methods for minimizing object copying, optimizing memory allocation, and reducing compilation cycles. It also provides a directory of tooling recommendations for implementing static analysis, fuzz testing,
This project is an AI-powered code reviewer and static analysis server that identifies low-quality files and generates automated critiques. It functions as an automated quality scoring tool that evaluates source code structure and complexity through local parsing. The system utilizes a standardized context protocol to stream analysis results to AI agents and editors. It integrates large language models to produce automated reviews and suggestions for improvement based on quantitative quality metrics. The tool includes a weight-based scoring engine and an asynchronous analysis pipeline for pr
AFL is a coverage-guided fuzzer and security vulnerability scanner used to identify software bugs and memory corruption by feeding programs mutated data. It functions as a binary instrumentation tool and a test case minimizer to locate crashes and isolate the smallest set of bytes causing a fault. The project distinguishes itself through its ability to operate as a parallel fuzzing orchestrator, distributing workloads across multiple CPU cores or networked machines. It utilizes dictionary-based mutation for complex file formats and performs input sensitivity analysis to identify critical sect
GrumPHP is a Git commit validator and PHP code quality orchestrator. It functions as a Git hook manager that automates the installation and execution of script triggers to enforce code quality standards within PHP projects. The tool prevents non-compliant code from being committed by running a suite of validation and linting tasks during the Git workflow. It integrates automated quality checks directly into the local development environment to maintain project standards. The system manages pre-commit testing workflows by executing quality tests and automating Git hooks. It uses a task-based
js-assessment is a JavaScript technical assessment framework and code quality evaluator. It provides a test-driven environment for evaluating programming skills by requiring candidates to implement logic that resolves a set of failing test cases. The system includes a mock API testing environment that simulates external data sources by loading local JSON files via network requests. This allows for the validation of how code handles API data during the assessment process. The framework covers code quality verification through automated linting scripts and technical skill evaluation via a scri
This project is a comprehensive knowledge base and educational resource for JavaScript developers, focused on establishing industry-standard methodologies for automated software testing. It provides a structured collection of design patterns and actionable guidelines designed to improve code reliability, maintainability, and overall software quality across the development lifecycle. The repository distinguishes itself by offering a granular, pattern-based approach to testing that spans unit, integration, and end-to-end verification. It emphasizes specific architectural strategies such as comp
This project is a comprehensive, curated directory of static analysis, linting, and security scanning utilities. It serves as a central resource for developers to discover, compare, and select tools based on specific programming languages, licensing models, and integration requirements. The directory distinguishes itself by providing deep metadata for each listed utility, including community-driven popularity rankings, maintenance status, and deployment methods. By aggregating these tools into a single searchable index, it enables teams to identify solutions for enforcing coding standards, ma