28 个仓库
Comprehensive suites for scanning, visualizing, and managing code quality and security across multiple languages.
Explore 28 awesome GitHub repositories matching part of an awesome list · Code Analysis Platforms. Refine with filters or upvote what's useful.
This project is a static analysis engine designed to identify patterns, enforce coding standards, and automate code quality improvements in software projects. By parsing source code into structured abstract syntax trees, it enables deep programmatic inspection and the automated remediation of identified programming issues. The engine functions as a pluggable linting framework, allowing developers to extend its core capabilities through a modular architecture. Users can inject custom rules, parsers, and processors to support non-standard file formats or domain-specific logic. This extensibilit
Extensible linting framework for JavaScript and ECMAScript.
oxc is a high-performance JavaScript toolchain developed in Rust for parsing, transforming, and analyzing JavaScript and TypeScript source code. It provides a set of core utilities including a parser that converts code into an abstract syntax tree, a linter for identifying problematic patterns, a formatter for standardizing visual style, and a minifier for reducing production file sizes. The project focuses on high-performance execution through a system design that utilizes single-pass parsing, zero-copy string slicing, and parallel worker processing to handle large codebases. It further opti
High-performance toolchain for JavaScript and TypeScript analysis.
Ale is a Neovim LSP client and asynchronous linter wrapper designed to integrate language servers and syntax checkers into the editor. It provides infrastructure for background syntax validation and automated code fixing without blocking the editor interface. The project implements the Language Server Protocol to enable advanced semantic navigation, including symbol renaming, definition jumping, and the application of automatic refactoring changes. It functions as an automatic code fixer that applies formatting and repairs based on feedback from linting tools and language servers. The plugin
Asynchronous linting and fixing for Vim and NeoVim.
TabNine is an AI-powered code completion engine that runs a deep-learning model to generate real-time code suggestions across all programming languages. It operates as an editor plugin that communicates with a backend through a JSON message-passing interface, processing code entirely on the local machine or within a private cloud to keep source code secure and private. The system provides a completion request API that accepts cursor context and returns ranked text completions, with features for configuring completion regions, prefetching files for indexing, and managing binary versions and up
Processes code locally or in a private cloud to ensure no code is sent to external servers.
CodeQL is a semantic code analysis engine and vulnerability scanning tool that treats source code as data. It utilizes a static analysis query language to define complex patterns and security vulnerabilities within a code graph database. The system represents source code as a relational database, enabling the execution of structural queries and data flow analysis. This approach allows for the detection of security flaws and coding errors across large-scale repositories. The tool provides capabilities for automated code auditing, static analysis security testing, and custom vulnerability dete
Semantic code analysis using dataflow queries for multiple languages.
DeepAudit is a privacy-preserving code audit platform that combines multiple specialized AI agents to identify and verify security vulnerabilities in source code. It functions as a local LLM vulnerability scanner, an automated security report generator, and a sandboxed exploit verifier, all operating entirely within an internal network to keep sensitive code and data on premises. What distinguishes DeepAudit is its multi-agent cooperative approach: teams of AI agents jointly plan, analyze, and cross-check findings across the codebase, moving beyond single-pass scanning. The platform also sand
Runs entirely within the internal network, ensuring source code and analysis remain on premises.
ApplicationInspector 是一个多语言静态分析工具,旨在检测源代码中的特定功能和特征。它利用声明式 JSON 规则引擎来识别项目目录中的模式和结构标签,而无需重新编译分析器。 该系统通过代码版本差异比较器脱颖而出,该比较器比较两个不同的源路径以报告检测到的功能变化。它还提供用于创建和验证自定义基于 JSON 的规则的实用程序,包括用于验证语法和标识符唯一性的验证流水线。 该工具涵盖了广泛的能力领域,包括代码功能发现、软件组件审计以及通过基于 glob 的过滤进行分析范围管理。结果可以导出为 HTML、Markdown 或 JSON 格式的摘要。 提供了用于自动化规则语法验证和在不同项目迭代之间执行版本比较的命令行实用程序。
Feature detection and rule-based reporting for application codebases.
An uber-fast parallelized Java classpath scanner and module scanner.
Scans and queries class metadata and module paths.
Quick automated code review of your changes
Automated code review runner supporting multiple languages.
Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co
Security-focused analysis to identify and prioritize sensitive data exposure risks.
weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.
Semantic search tool for identifying patterns in C/C++.
Tools for code analysis, visualizations, or style-preserving source transformation.
Tools for code analysis, visualization, and source transformation.
A simple code complexity analyser without caring about the C/C++ header files or Java imports, supports most of the popular languages.
Cyclomatic complexity analyzer supporting numerous programming languages.
A static code analyzer for C++, C#, Lua
Fast static analysis for C, C++, C#, and Lua.
The Microsoft.CodeAnalysis.NetAnalyzers package moved into the dotnet/sdk repository for further development and respond to issues formerly in this repository.
Roslyn-based implementation of standard code analyzers.
Undebt is a fast, straightforward, reliable tool for performing massive, automated code refactoring used @Yelp. Undebt lets you define complex find-and-replace rules using standard, straightforward Python that can be applied quickly to an entire code base with a simple command.
Programmable refactoring tool based on pattern definitions.
DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.
Regex-based security analysis for various IDEs and languages.
T.J. Watson Libraries for Analysis, with front ends for Java, Android, and JavaScript, and many common static program analyses.
Static analysis framework for Java bytecode and JavaScript.
🐊 Pluggable and configurable JavaScript Linter, code transformer and formatter with superpowers 💪: built-in support of js, jsx, ts, markdown, yaml, toml, json and ignore. Write declarative codemods in a simplest possible way 😏
Pluggable code transformer for JS, TS, and configuration files.
Sqlvet performs static analysis on raw SQL queries in your Go code base to surface potential runtime errors at build time.
Static analysis for detecting runtime errors in raw SQL.