Top 23 Python Static Analysis Projects
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.Project mention: Tools and Skills to be the Bug Bounty Hunting. | dev.to | 2021-05-08
MobiSRF:Mobile Appliation testing)Mobile Security System (MobSF) is an integrated, all-in-one mobile device pen-testing, malware analysis, and vulnerability evaluation system capable of conducting static and dynamic analysis (Android/iOS/Windows). MobSF accepts mobile app binaries (APK, XAPK, IPA, and APPX) as well as zipped source code and offers REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.You may use the Dynamic Analyzer to conduct runtime security assessments and immersive instrumented monitoring.
Awesome autocompletion, static analysis and refactoring library for pythonProject mention: What are your bad python habits? | reddit.com/r/Python | 2021-11-27
Or better, use refactoring tool like rope, jedi, or whatever you have in your IDE to rename them.
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
It's not just a linter that annoys you!Project mention: When is it bad to use OOP? | reddit.com/r/learnpython | 2021-09-30
So it doesn't say it isn't justified, it indicates that you might want to reconsider. So by leaving out that nuance, you're promoting this to a binary bad/wrong label which it really isn't. Also consider it's a bit obsolete in context of for example dataclasses and custom exceptions, as those often have 0 methods unless you need something extra from them. See for example complaint tickets about these https://github.com/PyCQA/pylint/issues/4464 and https://github.com/PyCQA/pylint/issues/3732. So to summarize, using a linter's best effort to indicate something that can easily be a non-issue isn't exactly the best source for programming style rules.
A static type analyzer for Python codeProject mention: mypy alternatives - pytype and pyright | libhunt.com/r/mypy | 2021-10-30
another library to check typing in python code (by google)
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.Project mention: Container security best practices: Comprehensive guide | dev.to | 2021-11-16
If you are using infrastructure as code, incorporate IaC scanning tools like Apolicy, Checkov, tfsec, or cfn_nag to validate the configuration of your infrastructure before it is created or updated. Similar to other linting tools, apply IaC scanning tools locally and in your pipeline, and consider blocking changes that introduce security issues.
Scanning APK file for URIs, endpoints & secrets.Project mention: dwisiswant0/apkleaks - Scanning APK file for URIs, endpoints & secrets | reddit.com/r/bag_o_news | 2021-03-05
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web ApplicationsProject mention: python-security/pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications | reddit.com/r/GithubSecurityTools | 2021-03-16
Run Linux Software Faster and Safer than Linux with Unikernels.
flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.Project mention: Python Code Quality - Improve the quality of your Python code with linters, code formatters, and security vulnerability scanners | reddit.com/r/Python | 2021-11-07
yaml repos: - repo: https://github.com/myint/autoflake rev: v1.4 hooks: - id: autoflake args: - --in-place - --remove-all-unused-imports - --expand-star-imports - --remove-duplicate-keys - --remove-unused-variables - repo: https://github.com/asottile/pyupgrade rev: v2.29.0 hooks: - id: pyupgrade args: [--py36-plus] - repo: https://github.com/PyCQA/isort rev: 5.9.3 hooks: - id: isort - repo: https://github.com/psf/black rev: 21.10b0 hooks: - id: black args: [--safe, --quiet] - repo: https://github.com/PyCQA/flake8 rev: 4.0.1 hooks: - id: flake8 - repo: local hooks: - id: pylint name: pylint entry: pylint language: system types: [python] args: [ "-rn", "-sn", ] - repo: https://github.com/pre-commit/mirrors-mypy rev: v0.910-1 hooks: - id: mypy name: mypy entry: mypy language: python types: [python] args:  require_serial: true - repo: https://github.com/pre-commit/mirrors-prettier rev: v2.4.1 hooks: - id: prettier args: [--prose-wrap=always, --print-width=88]
Static Analyzer for SolidityProject mention: Smart Contract Security for Pentesters | news.ycombinator.com | 2021-04-22
A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certificationProject mention: What Vulnerability Scanning Services do you use? | reddit.com/r/sysadmin | 2021-04-06
a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activitiesProject mention: 2 Widespread Attacks on Your Containerized Environment and 7 Rules to Prevent it. | dev.to | 2021-07-23
Dagda uses a static analysis approach to find viruses, malware, and fake sub-images and trojans. It is based on Red Hat Security Advisories (RHSA) libraries of existing vulnerabilities databases.
An analysis tool for Python that blurs the line between testing and type systems.Project mention: Klara: Python automatic test generations and static analysis library | reddit.com/r/Python | 2021-09-13
The main difference that Klara bring to the table, compared to similar tool like pynguin and Crosshair is that the analysis is entirely static, meaning that no user code will be executed, and you can easily extend the test generation strategy via plugin loading (e.g. the options arg to the Component object returned from function above is not needed for test coverage).
A GitHub :octocat: app to automatically review Python code style over Pull Requests
An experimental Python-to-C transpiler and domain specific language for embedded high-performance computingProject mention: GitHub - zanellia/prometeo: An experimental Python-to-C transpiler and domain specific language for embedded high-performance computing | reddit.com/r/programming | 2021-11-20
A linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).Project mention: Is it bad to capture a bare Exception? | news.ycombinator.com | 2021-07-22
Automatic test case generation for python and static analysis libraryProject mention: Klara: Python automatic test generations and static analysis library | reddit.com/r/Python | 2021-09-13
Klara is an automatic python unit test generation tool based on SMT (z3) solver. It's currently in early stage and still have many limitation (looping, comprehension, importing is not supported to name a few).
A linter, formatter for finding and removing unused import statements.
Android Mobile Device HardeningProject mention: Open source app like Bouncer for temporary permissions? | reddit.com/r/fdroid | 2021-04-05
If your device gets android 11 update it would have been easier . For now you can harden android and thus avoid any access to your data from 3rd party . Since you have old version its better to root and install stock ram that does that or install app like App ops and Storage isolation
OPEM (Open Source PEM Fuel Cell Simulation Tool)Project mention: OPEM 1.3 Released : Open Source PEM Fuel Cell Simulation Tool | reddit.com/r/coolgithubprojects | 2021-06-30
Static Python call graph generatorProject mention: Static Python call graph generation – PyCG | news.ycombinator.com | 2021-06-03
Fearless interactivity for Jupyter notebooks.Project mention: Does Netflix use Jupyter Notebooks in production? | reddit.com/r/datascience | 2021-05-18
Check out https://github.com/nbsafety-project/nbsafety
Python source code auditing and static analysis on a large scale (by SourceCode-AI)Project mention: A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI | news.ycombinator.com | 2021-07-30
I've done extensive research in this area and looked at existing tools including bandit to scan the whole pypi repository and monitor what is being uploaded there, the conclusion was that most of the tools are not up for this task so I made a new framework from scratch that is specially design for this purpose, to scan the whole PyPI repository, it's called Aura: https://github.com/SourceCode-AI/aura
An extensible linter for SQL queries and migrations.Project mention: Postgres to TypeScript Interfaces and Enums | news.ycombinator.com | 2021-06-20
Python Static Analysis related posts
What are your bad python habits?
3 projects | reddit.com/r/Python | 27 Nov 2021
Get jedi working in Kate
2 projects | reddit.com/r/kde | 12 Oct 2021
When is it bad to use OOP?
1 project | reddit.com/r/learnpython | 30 Sep 2021
Policy-as-Code for Everyone
1 project | news.ycombinator.com | 20 Sep 2021
Klara: Python automatic test generations and static analysis library
5 projects | reddit.com/r/Python | 13 Sep 2021
3 projects | reddit.com/r/backtickbot | 12 Sep 2021
Počet úmrtí vs vek
5 projects | reddit.com/r/Slovakia | 12 Sep 2021
What are some of the best open-source Static Analysis projects in Python? This list will help you:
|13||PEP 8 Speaks||561|
Are you hiring? Post a new remote job listing for free.