52 repository-uri
Software that examines source code without executing it to identify potential bugs, vulnerabilities, and style violations.
Explore 52 awesome GitHub repositories matching testing & quality assurance · Static Code Analysis Tools. Refine with filters or upvote what's useful.
This project is a comprehensive, curated directory of high-quality libraries, tools, and educational resources for C and C++ development. It serves as an ecosystem discovery index, helping developers navigate the vast landscape of third-party components, frameworks, and technical documentation available for the language. The collection is distinguished by its focus on high-performance systems programming and technical mastery. It provides deep coverage of specialized domains including SIMD-accelerated data processing, compile-time template metaprogramming, and asynchronous event-driven archit
Pinpoints utilities for static analysis to detect bugs, vulnerabilities, and style violations in source code.
p3c is a Java static analysis tool and code quality linter designed to enforce professional coding guidelines and quality standards. It utilizes a set of custom rules based on the PMD engine to scan source code for style violations, performance bottlenecks, and potential bugs. The project is distributed as an IDE linting plugin that provides real-time feedback and warnings during development. It also includes functionality for pre-commit code quality gates, allowing modified files to be scanned and blocked if they violate defined rules before being committed to version control. The analysis
Examines Java source code without execution to identify potential bugs, style violations, and performance bottlenecks.
Standard is a suite of static analysis tools for JavaScript, comprising a linter, formatter, and a predefined style guide. It functions as a static code analyzer that scans source code for style violations and potential errors without executing the program. The project provides an automatic code fixer that rewrites source code to resolve formatting issues and enforce syntax consistency. It implements a standardized set of rules for JavaScript formatting and syntax to ensure a uniform appearance across different projects. The system covers a wide range of static analysis capabilities, includi
Scans JavaScript source code without executing it to identify style violations and potential programming errors.
Standard is a zero-configuration static analyzer, linter, and formatter for JavaScript. It functions as a style guide that enforces consistent coding rules and identifies programming errors without requiring manual configuration files. The tool distinguishes itself by providing an automatic code fixer that scans source files to correct style violations and ensure a uniform codebase. It implements a predefined rule set to eliminate the need for project-specific configuration. The project covers a broad range of static analysis capabilities, including support for experimental language syntax a
The tool's core engine that analyzes source code to identify style inconsistencies and programmer errors.
Biome is a unified developer tooling suite that provides code formatting, linting, and static analysis for JavaScript and TypeScript projects. It functions as a command-line interface designed to automate the maintenance of code quality and style consistency throughout the development lifecycle. The tool distinguishes itself through a high-performance engine built in Rust, which utilizes a single-pass abstract syntax tree to perform formatting and linting simultaneously. By leveraging parallel multi-threaded execution and incremental file system caching, it minimizes latency during analysis t
Inspects source code for bugs and vulnerabilities without execution as a core static analysis utility.
Ruby is a general-purpose, dynamic programming language built on an object-oriented runtime environment. It treats every piece of data as an object, ensuring a consistent interface for manipulation across the entire system. The language is designed to support programmer productivity through a focus on natural syntax and flexible metaprogramming capabilities. The runtime distinguishes itself through a pure object model that allows for dynamic class modification and runtime method definition. It supports functional programming patterns by encapsulating code blocks as objects that capture their
Supports static analysis to identify type inconsistencies and structural improvements without execution.
This project serves as a comprehensive, community-driven directory for the .NET ecosystem. It functions as a curated index of high-quality libraries, frameworks, and tools designed to assist developers in identifying recommended solutions for a wide range of project requirements and software engineering tasks. The repository distinguishes itself by providing a categorized catalogue that simplifies the discovery of resources across the entire .NET development lifecycle. By maintaining a standardized collection of community-contributed utilities, it helps developers navigate the ecosystem to fi
Examines source code without execution to identify potential bugs, vulnerabilities, and style violations.
mypy is a static type checker for Python that analyzes source code to detect type errors and inconsistencies without executing the program. It functions as a static analysis tool and type inference engine, providing a gradual typing system that allows type hints to be added to a codebase incrementally while maintaining compatibility with dynamic typing. The project distinguishes itself through a combination of performance and precision features. It utilizes a daemon-based incremental checking system and multi-process parallel analysis to manage large codebases, supported by binary cache persi
Scans source code to identify bugs and type inconsistencies before runtime execution.
Strix is an automated security research and vulnerability scanning platform that leverages language models to orchestrate complex security analysis tasks. It functions as a comprehensive framework for penetration testing and continuous security integration, allowing users to embed automated vulnerability research directly into development pipelines or execute it within isolated, containerized environments. The platform distinguishes itself through a multi-agent orchestration engine that coordinates specialized autonomous agents to perform parallel security assessments. By integrating LLM-agno
Inspects source code using structural pattern matching and syntax tree parsing to identify security vulnerabilities.
SwiftLint is a static analysis tool and code formatter designed to enforce consistent coding styles and identify semantic issues within Swift source code. It functions as a command-line utility that evaluates code against established conventions to ensure uniform structure and architectural standards across a project. The tool distinguishes itself through a custom linting engine that leverages compiler-integrated syntax analysis to perform deep inspections of code structure. Beyond simple pattern matching, it supports automated source code transformation to correct formatting violations and r
Enforces consistent Swift coding styles and identifies semantic issues using compiler-level syntax analysis.
This project is a dependency reduction tool and ESLint plugin designed to remove heavy utility libraries from JavaScript projects. It functions as a static analysis tool that identifies third-party library method calls and suggests native ECMAScript alternatives to decrease bundle size. The tool provides a curated replacement guide consisting of native JavaScript code snippets that replicate the behavior of common external utility functions. This allows developers to migrate older codebases to current language standards and reduce project complexity. The system integrates into the linting li
Examines source code without execution to identify non-native patterns and recommend ECMAScript equivalents.
This project is a static code analysis tool and local-first code indexer that builds a persistent dependency graph of functions, classes, and imports. It functions as an AI context optimizer and codebase dependency graph, designed to reduce token usage by providing AI assistants with only the most relevant code fragments and impact analysis for a given change. The system implements a Model Context Protocol server that exposes code intelligence and architectural graph queries to external AI coding tools. It distinguishes itself by computing the change blast radius and risk scores of modificati
Implements a static analysis pipeline that parses source code into structural maps and automated architectural documentation.
This project is a static analysis framework and linting engine designed to inspect TypeScript codebases. It functions as a plugin suite that enables standard linting workflows to parse source code into abstract syntax trees, allowing for the automated enforcement of coding standards and the identification of potential bugs through a modular, rule-based visitor pattern. The engine distinguishes itself by integrating directly with the TypeScript compiler to perform type-aware analysis. By accessing compiler type information, it can identify complex errors and unsafe patterns that standard synta
Provides a framework for parsing source code into syntax trees to identify bugs and enforce consistency.
Semgrep is a static analysis security testing tool designed to identify vulnerabilities and logic errors by matching source code against declarative patterns. It functions as an automated scanner that integrates into development workflows to detect insecure code patterns and enforce coding standards before deployment. The engine utilizes a language-agnostic intermediate representation and a modular parser architecture to normalize diverse programming languages into a unified format. This allows for consistent rule execution across different codebases, enabling users to perform custom structur
Identifies security vulnerabilities and logic errors by matching source code patterns against defined rules.
This project is a front-end development study guide and technical roadmap designed to introduce the tools, libraries, and patterns used in modern web application development. It serves as an educational resource covering single page application architecture, the integration of modern web tech stacks, and the design of components using static typing. The guide focuses on the orchestration of front-end CI/CD pipelines, providing a walkthrough for automating the linting, testing, bundling, and deployment of static assets to cloud hosting. It specifically addresses the implementation of reusable
Covers the use of automated tools to scan source code for bugs, vulnerabilities, and style violations.
This project is a comprehensive, curated directory of static analysis, linting, and security scanning utilities. It serves as a central resource for developers to discover, compare, and select tools based on specific programming languages, licensing models, and integration requirements. The directory distinguishes itself by providing deep metadata for each listed utility, including community-driven popularity rankings, maintenance status, and deployment methods. By aggregating these tools into a single searchable index, it enables teams to identify solutions for enforcing coding standards, ma
Parses source code to detect runtime errors and quality issues without execution.
Lark CLI is a terminal-based tool designed for automating tasks and managing resources across the Lark and Feishu productivity ecosystem. It functions as a cloud workspace automator and REST API client, providing a command line interface to programmatically manage organizational documents, calendars, emails, and tasks. The project distinguishes itself through an AI agent skill framework that allows for the integration and deployment of both bundled and custom skills. It features an identity-aware execution context that enables switching between user and bot identities, and employs a sidecar-b
Executes custom source-level checks to enforce coding conventions and detect contract violations.
This project is a static analysis engine and type checker designed for PHP codebases. It evaluates source code structure and type annotations to identify potential bugs, type mismatches, and logic errors without executing the application. By parsing code into an abstract syntax tree and applying a rule-based validation framework, it enforces code quality and safety standards across a project. What distinguishes this tool is its sophisticated type inference engine, which models dynamic language features, magic methods, and conditional types to maintain accuracy even in unconventional code. It
Identifies bugs, type mismatches, and logic errors by scanning source code without executing the application.
Ale is an asynchronous code analysis tool and integrated development environment plugin designed for lightweight text editors. It functions as a language server protocol client, enabling real-time code intelligence and diagnostic feedback by running analysis tasks in the background to ensure the editor interface remains responsive during intensive operations. The plugin utilizes an event-driven architecture to monitor text buffers and trigger linting or formatting routines automatically. It distinguishes itself through a modular extensibility framework that supports a wide range of language-s
Identifies syntax errors and style violations in the background without interrupting the user typing experience.
This tool is a command-line utility designed to automatically detect and correct coding standard violations in PHP source files. It functions as a static analysis and refactoring engine that ensures consistent project-wide formatting by applying predefined community conventions or custom organizational rules. The project distinguishes itself through a modular rule-based engine that supports both automated style correction and codebase modernization. It allows developers to update legacy syntax to align with newer language versions and testing framework requirements, facilitating the adoption
Inspects PHP source code for stylistic inconsistencies and syntax patterns without requiring manual intervention or execution.