SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Python Static Analysis Projects
-
owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Project mention: More ways to identify independently security tested apps on Google Play | news.ycombinator.com | 2023-11-03 -
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Checkov is another great tool that examines your Terraform files (.tf), parsing the configurations and evaluating them against a comprehensive set of predefined policies. It scans Terraform-managed infrastructure and detects misconfigurations that could lead to security issues or non-compliance with best practices and regulations.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
A little introduction about pylint. Pylint is a static code analyzer, it analyses your code without actually running it. Pylint looks for potential errors, gives suggestions on coding standards that your code is not adhering to, potential places where refactoring might help, and also warnings about smelly code.
-
Project mention: Hidden Risks Lurking in Ethereum's Smart Contract Proxies | /r/ethereum | 2023-04-19
Yes exactly! However, >99% of the time this wouldn't happen unintentionally, and typically static analysis frameworks will detect function clashing like slither: https://github.com/crytic/slither.
-
-
Pytype checks and infers types for your Python code - without requiring type annotations. Pytype can catch type errors in your Python code before you even run it.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Flake8
flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.
Flake8. This library is a wrapper around pycodestyle (PEP8), pyflakes, and Ned Batchelder’s McCabe script. It is a great toolkit for checking your code base against coding style (PEP8), programming errors (like SyntaxError, NameError, etc) and to check cyclomatic complexity.
-
-
codechecker
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy
-
dagda
a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
Project mention: General Docker Troubleshooting, Best Practices & Where to Go From Here | dev.to | 2024-01-19Dagda. A tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in Docker images/containers.
-
Project mention: Show HN: Marimo – an open-source reactive notebook for Python | news.ycombinator.com | 2024-01-12
You're probably referring to nbgather (https://github.com/microsoft/gather), which shipped with VSCode for a while.
nbgather used static slicing to get all the code necessary to reconstruct some cell. I actually worked with Andrew Head (original nbgather author) and Shreya Shankar to implement something similar in ipyflow (but with dynamic slicing and a not-as-nice interface): https://github.com/ipyflow/ipyflow?tab=readme-ov-file#state-...
I have no doubt something like this will make its way into marimo's roadmap at some point :)
-
-
betterscan-ce
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
-
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.
1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.
-
prometeo
An experimental Python-to-C transpiler and domain specific language for embedded high-performance computing
-
-
mobsfscan
mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.
-
astroid
A common base representation of python source code for pylint and other projects (by pylint-dev)
-
-
tryceratops
A linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
The latest post mention was on 2024-03-26.
Python Static Analysis related posts
- Pylyzer – A fast static code analyzer and language server for Python
- W1203: logging-fstring-interpolation (Solved)
- Mypy 1.6 Released
- Oils 0.17.0 – YSH Is Becoming Real
- Enhancing Python Code Quality: A Comprehensive Guide to Linting with Ruff
- GitHub - ipyflow/ipyflow: A reactive Python kernel for Jupyter notebooks
- Options for configuration of python libraries - Stack Overflow
-
A note from our sponsor - SaaSHub
www.saashub.com | 16 Apr 2024
Index
What are some of the best open-source Static Analysis projects in Python? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | owasp-mastg | 11,241 |
| 2 | checkov | 6,492 |
| 3 | jedi | 5,648 |
| 4 | Pylint | 5,096 |
| 5 | slither | 4,968 |
| 6 | apkleaks | 4,558 |
| 7 | pytype | 4,530 |
| 8 | Flake8 | 3,246 |
| 9 | pyt | 2,161 |
| 10 | codechecker | 2,079 |
| 11 | dagda | 1,105 |
| 12 | ipyflow | 1,070 |
| 13 | CrossHair | 944 |
| 14 | betterscan-ce | 675 |
| 15 | packj | 612 |
| 16 | prometeo | 610 |
| 17 | PEP 8 Speaks | 604 |
| 18 | mobsfscan | 528 |
| 19 | astroid | 510 |
| 20 | aura | 483 |
| 21 | tryceratops | 419 |
| 22 | ford | 387 |
| 23 | pyanalyze | 302 |
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com