Python Static Analysis

Open-source Python projects categorized as Static Analysis

Top 23 Python Static Analysis Projects

  • owasp-mastg

    The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

    Project mention: The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS). | | 2023-01-02
  • jedi

    Awesome autocompletion, static analysis and refactoring library for python

    Project mention: :help jedi-vi doesn't work at all after installation via vim-plug | | 2022-08-13

    I don't use jedi at all, but from a quick glance at the README of the package you've installed, the code you've posted in your post installs the wrong repo; it seems davidhalter/jedi is just jedi's backend. To make it work with vim, install one of the plugins suggested in the README instead (it seems that davidhalter/jedi-vim) is the one you're looking for.

  • Sonar

    Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  • checkov

    Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

    Project mention: What are the best static analysis security testing tools for Terraform and infrastructure as code? | | 2023-01-31

    I just had a brief chat with one of the developers of Checkov and it sounds nice (and open source). I haven't had a chance to play with it, but if you want to it's at

  • Pylint

    It's not just a linter that annoys you!

    Project mention: Pylint 2.16.0 released | | 2023-02-01
  • pytype

    A static type analyzer for Python code

    Project mention: The Python Paradox | | 2023-01-26

    Check out

  • slither

    Static Analyzer for Solidity

    Project mention: Slither 0.9.2: finds bugs and auto-creates docs with GPT | | 2023-01-11
  • apkleaks

    Scanning APK file for URIs, endpoints & secrets.

  • InfluxDB

    Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.

  • Flake8

    flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.

    Project mention: Ruff: A new, fast and correct Python checker/linter | | 2023-01-26

    Here are insights about flake8, black, and mypy and the amount of work that went into mypy seems … just massive?!

  • pyt

    A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

  • codechecker

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy

    Project mention: A quick look at free C++ static analysis tools | | 2023-01-04

    Regarding problems on clang-tidy - have you looked into Codechecker? It is based on clang tidy but also supports cppcheck and marking issues as false positives/will not fix etc...

  • dagda

    a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

  • CrossHair

    An analysis tool for Python that blurs the line between testing and type systems.

    Project mention: Try CrossHair while working other Python projects | | 2022-10-14

    Writing some Python for Hacktoberfest? Try out CrossHair while you do that and get credit for a blog post too!

  • PEP 8 Speaks

    A GitHub :octocat: app to automatically review Python code style over Pull Requests

  • prometeo

    An experimental Python-to-C transpiler and domain specific language for embedded high-performance computing

    Project mention: I made a Python compiler, that can compile Python source down to fast, standalone executables. | | 2022-07-26

    Honest question: How does pycom compare to similar tools like Nuitka, prometeo, or mypyc?

  • ipyflow

    Next-generation IPython kernel with reactivity, execution suggestions, syntax extensions, and more.

    Project mention: Ask HN: What have you created that deserves a second chance on HN? | | 2023-01-26

    IPyflow is a new Python kernel for JupyterLab that understands how variables and cells depend on each other, making it easier to reason about notebook state. It adds opt-in reactivity, so that pressing ctrl+shift+enter triggers execution of all cells that depend (recursively) on the current cell. Furthermore, with its `code` function, you can see exactly what code is needed to reproduce a given variable.

  • tryceratops

    A linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).

    Project mention: GitHub - Something we're never really taught in courses - best practises? | | 2022-03-26

    See an example from my biggest project (200+ stars)

  • ford

    Automatically generates FORtran Documentation from comments within the code.

    Project mention: Visualising Fortran | | 2022-02-16

    You could for example use FORD to produce a call-graph for a graphical overview and a debugger (for example photran as frontend to gdb) to follow the code execution.

  • klara

    Automatic test case generation for python and static analysis library

  • pycg

    Static Python call graph generator

  • unimport

    :rocket: A linter, formatter for finding and removing unused import statements.

    Project mention: Unused Import Linter: A Tool for Optimizing Your Code | | 2023-01-17
  • AMDH

    Android Mobile Device Hardening

  • MATE

    MATE is a suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++ code using Code Property Graphs. (by GaloisInc)

    Project mention: Mate: Interactive Program Analysis with Code Property Graphs | | 2022-08-24

    Weird that they'd put out a blog post when their docs <> say

    > MATE is not actively developed by Galois, Inc. Please reach out to the email address “mate at galois dot com” if you’d like to discuss further work on MATE!

    but I'm guessing maybe it's just stale docs, since they pushed the repo 2 weeks ago:

  • opem

    OPEM (Open Source PEM Fuel Cell Simulation Tool)

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-02-01.

Python Static Analysis related posts


What are some of the best open-source Static Analysis projects in Python? This list will help you:

Project Stars
1 owasp-mastg 9,857
2 jedi 5,324
3 checkov 5,213
4 Pylint 4,463
5 pytype 4,086
6 slither 3,749
7 apkleaks 3,545
8 Flake8 2,609
9 pyt 2,115
10 codechecker 1,735
11 dagda 1,025
12 CrossHair 843
13 PEP 8 Speaks 574
14 prometeo 567
15 ipyflow 366
16 tryceratops 363
17 ford 336
18 klara 253
19 pycg 190
20 unimport 184
21 AMDH 157
22 MATE 137
23 opem 134
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives