Python Static Analysis

Open-source Python projects categorized as Static Analysis | Edit details

Top 23 Python Static Analysis Projects

  • GitHub repo Mobile-Security-Framework-MobSF

    Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

    Project mention: Tools and Skills to be the Bug Bounty Hunting. | | 2021-05-08

    MobiSRF:Mobile Appliation testing)Mobile Security System (MobSF) is an integrated, all-in-one mobile device pen-testing, malware analysis, and vulnerability evaluation system capable of conducting static and dynamic analysis (Android/iOS/Windows). MobSF accepts mobile app binaries (APK, XAPK, IPA, and APPX) as well as zipped source code and offers REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.You may use the Dynamic Analyzer to conduct runtime security assessments and immersive instrumented monitoring.

  • GitHub repo jedi

    Awesome autocompletion, static analysis and refactoring library for python

    Project mention: What are your bad python habits? | | 2021-11-27

    Or better, use refactoring tool like rope, jedi, or whatever you have in your IDE to rename them.

  • Scout APM

    Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.

  • GitHub repo Pylint

    It's not just a linter that annoys you!

    Project mention: When is it bad to use OOP? | | 2021-09-30

    So it doesn't say it isn't justified, it indicates that you might want to reconsider. So by leaving out that nuance, you're promoting this to a binary bad/wrong label which it really isn't. Also consider it's a bit obsolete in context of for example dataclasses and custom exceptions, as those often have 0 methods unless you need something extra from them. See for example complaint tickets about these and So to summarize, using a linter's best effort to indicate something that can easily be a non-issue isn't exactly the best source for programming style rules.

  • GitHub repo pytype

    A static type analyzer for Python code

    Project mention: mypy alternatives - pytype and pyright | | 2021-10-30

    another library to check typing in python code (by google)

  • GitHub repo checkov

    Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

    Project mention: Container security best practices: Comprehensive guide | | 2021-11-16

    If you are using infrastructure as code, incorporate IaC scanning tools like Apolicy, Checkov, tfsec, or cfn_nag to validate the configuration of your infrastructure before it is created or updated. Similar to other linting tools, apply IaC scanning tools locally and in your pipeline, and consider blocking changes that introduce security issues.

  • GitHub repo apkleaks

    Scanning APK file for URIs, endpoints & secrets.

    Project mention: dwisiswant0/apkleaks - Scanning APK file for URIs, endpoints & secrets | | 2021-03-05
  • GitHub repo pyt

    A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

    Project mention: python-security/pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications | | 2021-03-16
  • Nanos

    Run Linux Software Faster and Safer than Linux with Unikernels.

  • GitHub repo Flake8

    flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.

    Project mention: Python Code Quality - Improve the quality of your Python code with linters, code formatters, and security vulnerability scanners | | 2021-11-07

    yaml repos: - repo: rev: v1.4 hooks: - id: autoflake args: - --in-place - --remove-all-unused-imports - --expand-star-imports - --remove-duplicate-keys - --remove-unused-variables - repo: rev: v2.29.0 hooks: - id: pyupgrade args: [--py36-plus] - repo: rev: 5.9.3 hooks: - id: isort - repo: rev: 21.10b0 hooks: - id: black args: [--safe, --quiet] - repo: rev: 4.0.1 hooks: - id: flake8 - repo: local hooks: - id: pylint name: pylint entry: pylint language: system types: [python] args: [ "-rn", "-sn", ] - repo: rev: v0.910-1 hooks: - id: mypy name: mypy entry: mypy language: python types: [python] args: [] require_serial: true - repo: rev: v2.4.1 hooks: - id: prettier args: [--prose-wrap=always, --print-width=88]

  • GitHub repo slither

    Static Analyzer for Solidity

    Project mention: Smart Contract Security for Pentesters | | 2021-04-22
  • GitHub repo anchore-engine

    A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification

    Project mention: What Vulnerability Scanning Services do you use? | | 2021-04-06
  • GitHub repo dagda

    a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

    Project mention: 2 Widespread Attacks on Your Containerized Environment and 7 Rules to Prevent it. | | 2021-07-23

    Dagda uses a static analysis approach to find viruses, malware, and fake sub-images and trojans. It is based on Red Hat Security Advisories (RHSA) libraries of existing vulnerabilities databases.

  • GitHub repo CrossHair

    An analysis tool for Python that blurs the line between testing and type systems.

    Project mention: Klara: Python automatic test generations and static analysis library | | 2021-09-13

    The main difference that Klara bring to the table, compared to similar tool like pynguin and Crosshair is that the analysis is entirely static, meaning that no user code will be executed, and you can easily extend the test generation strategy via plugin loading (e.g. the options arg to the Component object returned from function above is not needed for test coverage).

  • GitHub repo PEP 8 Speaks

    A GitHub :octocat: app to automatically review Python code style over Pull Requests

  • GitHub repo prometeo

    An experimental Python-to-C transpiler and domain specific language for embedded high-performance computing

    Project mention: GitHub - zanellia/prometeo: An experimental Python-to-C transpiler and domain specific language for embedded high-performance computing | | 2021-11-20
  • GitHub repo tryceratops

    A linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).

    Project mention: Is it bad to capture a bare Exception? | | 2021-07-22
  • GitHub repo klara

    Automatic test case generation for python and static analysis library

    Project mention: Klara: Python automatic test generations and static analysis library | | 2021-09-13

    Klara is an automatic python unit test generation tool based on SMT (z3) solver. It's currently in early stage and still have many limitation (looping, comprehension, importing is not supported to name a few).

  • GitHub repo unimport

    A linter, formatter for finding and removing unused import statements.

  • GitHub repo AMDH

    Android Mobile Device Hardening

    Project mention: Open source app like Bouncer for temporary permissions? | | 2021-04-05

    If your device gets android 11 update it would have been easier . For now you can harden android and thus avoid any access to your data from 3rd party . Since you have old version its better to root and install stock ram that does that or install app like App ops and Storage isolation

  • GitHub repo opem

    OPEM (Open Source PEM Fuel Cell Simulation Tool)

    Project mention: OPEM 1.3 Released : Open Source PEM Fuel Cell Simulation Tool | | 2021-06-30
  • GitHub repo pycg

    Static Python call graph generator

    Project mention: Static Python call graph generation – PyCG | | 2021-06-03
  • GitHub repo nbsafety

    Fearless interactivity for Jupyter notebooks.

    Project mention: Does Netflix use Jupyter Notebooks in production? | | 2021-05-18

    Check out

  • GitHub repo aura

    Python source code auditing and static analysis on a large scale (by SourceCode-AI)

    Project mention: A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI | | 2021-07-30

    I've done extensive research in this area and looked at existing tools including bandit to scan the whole pypi repository and monitor what is being uploaded there, the conclusion was that most of the tools are not up for this task so I made a new framework from scratch that is specially design for this purpose, to scan the whole PyPI repository, it's called Aura:

  • GitHub repo squabble

    An extensible linter for SQL queries and migrations.

    Project mention: Postgres to TypeScript Interfaces and Enums | | 2021-06-20
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-11-27.

Python Static Analysis related posts


What are some of the best open-source Static Analysis projects in Python? This list will help you:

Project Stars
1 Mobile-Security-Framework-MobSF 10,104
2 jedi 5,022
3 Pylint 3,702
4 pytype 3,523
5 checkov 3,479
6 apkleaks 2,675
7 pyt 2,057
8 Flake8 1,666
9 slither 1,409
10 anchore-engine 1,368
11 dagda 900
12 CrossHair 702
13 PEP 8 Speaks 561
14 prometeo 444
15 tryceratops 257
16 klara 230
17 unimport 114
18 AMDH 106
19 opem 102
20 pycg 97
21 nbsafety 97
22 aura 67
23 squabble 53
Find remote jobs at our new job board There are 33 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives