Top 23 Python Static Analysis Projects

Static Analysis

• Add a project

1. owasp-mastg

   1 23 12,218 9.8 Python

   The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

   

   Project mention: The Case for Standards in Mobile App Security | dev.to | 2024-07-31

   The OWASP Mobile Application Security (MAS) flagship project provides a robust security standard for mobile apps, known as the OWASP MASVS, along with a comprehensive testing guide (OWASP MASTG). These resources cover the processes, techniques, and tools used during a mobile app security test, ensuring consistent and complete results.

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. checkov

   2 61 7,562 9.9 Python

   Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

   

   Project mention: DevOps in 2025: the future is automated, git-ified, and kinda scary but fun. | dev.to | 2025-05-09

   Checkov infrastructure-as-code misconfig detection

4. jedi

   3 7 5,940 6.8 Python

   Awesome autocompletion, static analysis and refactoring library for python

   

5. slither

   4 36 5,688 9.3 Python

   Static Analyzer for Solidity and Vyper

   

6. Pylint

   5 30 5,467 9.6 Python

   It's not just a linter that annoys you!

   

   Project mention: From Vibe Coder to AI-Assisted Architect | dev.to | 2025-05-07

   I noticed this issue only after running a linter. Sometimes we’re not familiar with the tricky edge cases or conventions of a particular language. A convenient way to catch and fix such issues — including formatting, styling, and even some security problems — is to use linters. For example, you can use golangci-lint for Go, ESLint for JavaScript, and Pylint for Python. In fact, almost every widely used programming language has its own linter or code quality tool. Linters are especially helpful when generating code with AI — they help keep your code clean and safe, at least to some degree.

7. apkleaks

   6 9 5,279 4.1 Python

   Scanning APK file for URIs, endpoints & secrets.

   

8. pytype

   7 27 4,890 9.1 Python

   A static type analyzer for Python code

   

   Project mention: Writing that changed how I think about PL | news.ycombinator.com | 2025-05-14

   pytype is based in part upon byterun https://github.com/google/pytype/blob/main/docs/developers/i...

   I learnt a lot about bytecode interpreters from working on it, and it helped me understand the cpython source code a lot more easily from having played with a python translation of it first.

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. Flake8

    8 38 3,607 5.9 Python

    flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.

    

    Project mention: Top Tools for Static Analysis Help in Your Python Projects | dev.to | 2025-03-18

    Flake8: This tool checks for style errors and simple programming mistakes.

11. codechecker

    9 8 2,393 9.4 Python

    CodeChecker is an analyzer tooling, defect database and viewer extension for static and dynamic analyzer tools.

    

    Project mention: PVS\-Studio 7\.34: support for Apple Silicon ARM64, \.NET 9, taint analysis in Java analyzer, and more | dev.to | 2024-12-18

    Starting with the CodeChecker 6.25.0 release, users can upload PVS-Studio reports directly into the web interface for a streamlined review of code analysis results. For more details on this integration, please consult the documentation.

12. pyt

    10 2 2,186 0.0 Python

    A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

    

13. vulnhuntr

    11 2 1,780 7.6 Python

    Zero shot vulnerability discovery using LLMs

    

    Project mention: [Let's Have LLMs Read OSS Too!] Creating a Code Reading Agent Is Great | dev.to | 2025-05-01

14. ipyflow

    12 21 1,221 8.3 Python

    A reactive Python kernel for Jupyter notebooks.

    

    Project mention: Ipyflow: A reactive Python kernel for Jupyter notebooks | news.ycombinator.com | 2024-12-13

15. dagda

    13 4 1,184 0.0 Python

    a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

    

16. CrossHair

    14 11 1,152 9.4 Python

    An analysis tool for Python that blurs the line between testing and type systems.

    

    Project mention: CrossHair: Analysis [Python] that blurs the line between testing and [types] | news.ycombinator.com | 2024-12-24

17. betterscan

    15 34 860 9.8 Python

    Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan

    

18. packj

    16 39 662 7.2 Python

    Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

    

    Project mention: A Study of Malware Prevention in Linux Distributions | news.ycombinator.com | 2024-11-21

    Good to see Packj[1] as one of the malware scanners used.

    1. https://github.com/ossillate-inc/packj

    Packj detects malicious PyPI/NPM/Ruby/PHP/etc. dependencies using behavioral analysis. It uses static+dynamic code analysis to scan for indicators of compromise (e.g., spawning of shell, use of SSH keys, network communication, use of decode+eval, etc). It also checks for several metadata attributes to detect bad actors (e.g., typo squatting).

19. mobsfscan

    17 1 660 7.1 Python

    mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

    

20. prometeo

    18 11 635 0.0 Python

    An experimental Python-to-C transpiler and domain specific language for embedded high-performance computing

    

21. PEP 8 Speaks

    19 0 615 9.3 Python

    A GitHub :octocat: app to automatically review Python code style over Pull Requests

    

22. astroid

    20 2 544 9.3 Python

    A common base representation of python source code for pylint and other projects (by pylint-dev)

    

23. privado

    21 21 532 7.9 Python

    Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.

    

24. aura

    22 3 493 4.3 Python

    Python source code auditing and static analysis on a large scale (by SourceCode-AI)

    

25. tryceratops

    23 4 443 6.7 Python

    A linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Python Static Analysis related posts

• [Let's Have LLMs Read OSS Too!] Creating a Code Reading Agent Is Great

  2 projects | dev.to | 1 May 2025

• CrossHair: Analysis [Python] that blurs the line between testing and [types]

  1 project | news.ycombinator.com | 24 Dec 2024

• Symbolic Execution by Overloading __bool__

  3 projects | news.ycombinator.com | 24 Dec 2024

• PVS\-Studio 7\.34: support for Apple Silicon ARM64, \.NET 9, taint analysis in Java analyzer, and more

  1 project | dev.to | 18 Dec 2024

• Ipyflow: A reactive Python kernel for Jupyter notebooks

  1 project | news.ycombinator.com | 13 Dec 2024

• CodeChecker - code quality control using PVS-Studio

  1 project | dev.to | 13 Dec 2024

• Contracts for C++ (DbC) [pdf]

  1 project | news.ycombinator.com | 14 Nov 2024
• A note from our sponsor - InfluxDB
  www.influxdata.com | 23 May 2025

  InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com

Do not miss the trending Python projects with our weekly report!