This project is a comprehensive, curated directory of static analysis, linting, and security scanning utilities. It serves as a central resource for developers to discover, compare, and select tools based on specific programming languages, licensing models, and integration requirements.
The main features of analysis-tools-dev/static-analysis are: Static Analysis, Code Quality and Analysis, Analysis Tool Comparators, Static Analysis Tools, Semantic Versioning Systems, Awesome List, Security Scanners, Security Code Scanners.
Open-source alternatives to analysis-tools-dev/static-analysis include: checkstyle/checkstyle — Checkstyle is a Java static analysis tool and linter designed to identify and enforce coding standards and best… golangci/golangci-lint — This project is a static analysis runner designed to identify bugs, performance bottlenecks, and stylistic… voltagent/awesome-claude-code-subagents — This project provides a framework for managing multi-agent systems, designed to automate complex software development,… semgrep/semgrep — Semgrep is a static analysis security testing tool designed to identify vulnerabilities and logic errors by matching… facebook/flow — Flow is a JavaScript static type checker and AST parser that identifies type errors and prevents runtime failures… keygraphhq/shannon — Shannon is an integrated security platform designed for autonomous penetration testing, static and dynamic analysis,…
Checkstyle is a Java static analysis tool and linter designed to identify and enforce coding standards and best practices. It functions as a code quality auditor and Javadoc validation tool, checking source code against configurable rulesets to ensure structural and stylistic consistency. The project allows for the creation of custom linting rules by extending a core API to inspect the abstract syntax tree. It further enables specialized validation through the use of XPath expressions to query the syntax tree for specific code patterns and violations. Capability areas include the enforcement
This project is a static analysis runner designed to identify bugs, performance bottlenecks, and stylistic inconsistencies within Go codebases. It functions as a comprehensive quality assurance suite that executes multiple analysis tools concurrently to provide a unified diagnostic report. By parsing source code into a structured representation, the tool enforces coding standards, validates import structures, and ensures consistent formatting across entire projects. The tool distinguishes itself through its ability to automate the remediation of identified issues, applying programmatic fixes
This project provides a framework for managing multi-agent systems, designed to automate complex software development, infrastructure, and business workflows. It functions as a multi-agent workflow orchestrator that routes tasks to domain-specific workers while maintaining state persistence and infrastructure automation. By leveraging large language models, the system decomposes high-level objectives into actionable plans, ensuring that complex operations are executed with consistency and reliability. The framework distinguishes itself through its hierarchical agent registry and policy-driven
Semgrep is a static analysis security testing tool designed to identify vulnerabilities and logic errors by matching source code against declarative patterns. It functions as an automated scanner that integrates into development workflows to detect insecure code patterns and enforce coding standards before deployment. The engine utilizes a language-agnostic intermediate representation and a modular parser architecture to normalize diverse programming languages into a unified format. This allows for consistent rule execution across different codebases, enabling users to perform custom structur