Python Static Analysis

Open-source Python projects categorized as Static Analysis

Top 23 Python Static Analysis Projects

  • owasp-mastg

    The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

    Project mention: More ways to identify independently security tested apps on Google Play | | 2023-11-03
  • checkov

    Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

    Project mention: Top Terraform Tools to Know in 2024 | | 2024-03-26

    ‍Checkov is another great tool that examines your Terraform files (.tf), parsing the configurations and evaluating them against a comprehensive set of predefined policies. It scans Terraform-managed infrastructure and detects misconfigurations that could lead to security issues or non-compliance with best practices and regulations.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • jedi

    Awesome autocompletion, static analysis and refactoring library for python

  • Pylint

    It's not just a linter that annoys you!

    Project mention: W1203: logging-fstring-interpolation (Solved) | | 2024-01-21

    A little introduction about pylint. Pylint is a static code analyzer, it analyses your code without actually running it. Pylint looks for potential errors, gives suggestions on coding standards that your code is not adhering to, potential places where refactoring might help, and also warnings about smelly code.

  • slither

    Static Analyzer for Solidity and Vyper

    Project mention: Hidden Risks Lurking in Ethereum's Smart Contract Proxies | /r/ethereum | 2023-04-19

    Yes exactly! However, >99% of the time this wouldn't happen unintentionally, and typically static analysis frameworks will detect function clashing like slither:

  • apkleaks

    Scanning APK file for URIs, endpoints & secrets.

  • pytype

    A static type analyzer for Python code

    Project mention: Enhance Your Project Quality with These Top Python Libraries | | 2024-03-18

    Pytype checks and infers types for your Python code - without requiring type annotations. Pytype can catch type errors in your Python code before you even run it.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • Flake8

    flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.

    Project mention: Enhance Your Project Quality with These Top Python Libraries | | 2024-03-18

    Flake8. This library is a wrapper around pycodestyle (PEP8), pyflakes, and Ned Batchelder’s McCabe script. It is a great toolkit for checking your code base against coding style (PEP8), programming errors (like SyntaxError, NameError, etc) and to check cyclomatic complexity.

  • pyt

    A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

  • codechecker

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy

  • dagda

    a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

    Project mention: General Docker Troubleshooting, Best Practices & Where to Go From Here | | 2024-01-19

    Dagda. A tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in Docker images/containers.

  • ipyflow

    A reactive Python kernel for Jupyter notebooks.

    Project mention: Show HN: Marimo – an open-source reactive notebook for Python | | 2024-01-12

    You're probably referring to nbgather (, which shipped with VSCode for a while.

    nbgather used static slicing to get all the code necessary to reconstruct some cell. I actually worked with Andrew Head (original nbgather author) and Shreya Shankar to implement something similar in ipyflow (but with dynamic slicing and a not-as-nice interface):

    I have no doubt something like this will make its way into marimo's roadmap at some point :)

  • CrossHair

    An analysis tool for Python that blurs the line between testing and type systems.

  • betterscan-ce

    Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

  • packj

    Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

    Project mention: Rust Without | | 2023-11-14

    Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.

    1. flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.

  • prometeo

    An experimental Python-to-C transpiler and domain specific language for embedded high-performance computing

  • PEP 8 Speaks

    A GitHub :octocat: app to automatically review Python code style over Pull Requests

  • mobsfscan

    mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

  • astroid

    A common base representation of python source code for pylint and other projects (by pylint-dev)

  • aura

    Python source code auditing and static analysis on a large scale (by SourceCode-AI)

  • tryceratops

    A linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).

  • ford

    Automatically generates FORtran Documentation from comments within the code.

  • pyanalyze

    A Python type checker

    Project mention: GitHub - quora/pyanalyze: A Python type checker | /r/Python | 2023-05-24
  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-03-26.

Python Static Analysis related posts


What are some of the best open-source Static Analysis projects in Python? This list will help you:

Project Stars
1 owasp-mastg 11,241
2 checkov 6,474
3 jedi 5,648
4 Pylint 5,096
5 slither 4,968
6 apkleaks 4,558
7 pytype 4,530
8 Flake8 3,246
9 pyt 2,161
10 codechecker 2,079
11 dagda 1,105
12 ipyflow 1,070
13 CrossHair 944
14 betterscan-ce 675
15 packj 612
16 prometeo 610
17 PEP 8 Speaks 604
18 mobsfscan 528
19 astroid 509
20 aura 483
21 tryceratops 419
22 ford 387
23 pyanalyze 300
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives