Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 6 OCaml Static Analysis Projects
-
Project mention: An Introduction to Temporal Logic (With Applications to Concurrency Problems) | news.ycombinator.com | 2024-01-22
I think most development occurs on problems that can't be formally modeled anyway. Most developers work on things like, "can you add this feature to the e-commerce site? And can the pop-up be blue?" which isn't really model-able.
But that's not to say that formal methods are useless! We can still prove some interesting aspects of programs -- for example, that every lock that gets acquired later gets released. I think tools like Infer[0] could become common in the coming years.
[0]: https://fbinfer.com/
-
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
For the SAST stage, I used SonarQube tool. SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on more than 30 programming languages. I preferred SonarQube instead of other SAST tools because it has a detailed documentation and plugins about integration with Jenkins and SonarQube works with Java projects pretty well. Of course you can similar multi-language-supported tools such as Semgrep or language-specific tools such as Bandit.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Pyre is a performant type-checker developed by Facebook. Pyre can analyse codebases with millions of lines of code incrementally – providing instantaneous feedback to developers as they write code.
-
-
-
Project mention: Is there a way to create namespaces/hierarchy in the documentation with LDoc? | /r/lua | 2023-05-31
LDoc isn't really meant for this, but you can generate on each file individually and then hack in links with some post-processing. Alternatively, if you have the time to dig into an even less documented format, illuaminate natively supports multi-file docs. (See here for an example config file.)
OCaml Static Analysis related posts
- Creating a DevSecOps pipeline with Jenkins — Part 1
- Should I Rust or should I Go
- Top 10 Snyk Alternatives for Code Security
- Semgrep: Semantic Grep for Code
-
semgrep VS bearer - a user suggested alternative
2 projects | 10 Jul 2023
- Powerful SAST project for Android Application Security
- Interesting ocaml mention in buck2 by fb
-
A note from our sponsor - InfluxDB
www.influxdata.com | 28 Mar 2024
Index
What are some of the best open-source Static Analysis projects in OCaml? This list will help you:
Project | Stars | |
---|---|---|
1 | infer | 14,657 |
2 | semgrep | 9,603 |
3 | pyre-check | 6,663 |
4 | bap | 1,958 |
5 | bolt | 519 |
6 | illuaminate | 49 |