Static Analysis

Top 23 Static Analysis Open-Source Projects

Static Analysis
  1. ImHex

    🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

    Project mention: Capstone Disassembler Framework | news.ycombinator.com | 2024-09-25
  2. CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo
  3. ShellCheck

    ShellCheck, a static analysis tool for shell scripts

    Project mention: Matanuska ADR 017 - Vitest, Vite, Grabthar, Oh My! | dev.to | 2025-02-09

    Unfortunately, this did mean that configuration began to sprawl. At this point, I had configurations not just for Vite (shared with Vitest) and tsc, but also for Prettier, ESLint and even ShellCheck. Many of these files had shared settings that needed to match each other. This was somewhat manageable, until Vite was also in the mix.

  4. ruff

    An extremely fast Python linter and code formatter, written in Rust.

    Project mention: The State of Vim | news.ycombinator.com | 2025-01-24

    At work I often switched to VSCode because I couldn't get pyright to work with our django project. The errors everywhere were just annoying to look at. So I looked around and found "ruff" and "jedi_language_server". This combination seems to do the trick. I don't have to configure anything. I source my venv and it "just works". I assume our python codebase is something around the 10k LOC, too. I am not mainly responsible for the python part, so I don't spent excessive amount of time in there, but for the time I do, it works nicely

    - https://github.com/pappasam/jedi-language-server

    - https://github.com/astral-sh/ruff

  5. SwiftLint

    A tool to enforce Swift style and conventions.

    Project mention: Add SwiftLint to Xcode 15.4 on M1 mac | dev.to | 2024-08-06

    if [[ "$(uname -m)" == arm64 ]]; then export PATH="/opt/homebrew/bin:$PATH" fi if which swiftlint > /dev/null; then swiftlint --fix && swiftlint else echo "warning: SwiftLint not installed, download from https://github.com/realm/SwiftLint" fi

  6. Mobile-Security-Framework-MobSF

    Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

  7. PHP Parser

    A PHP parser written in PHP

    Project mention: PHP 8.4 Released | news.ycombinator.com | 2024-11-21

    Once rector gets 8.4 rules out, this will be pretty awesome:

    https://github.com/rectorphp/rector/issues/8701

    https://github.com/nikic/PHP-Parser/commit/7b0384cdbe03431c4...

  8. infer

    A static analyzer for Java, C, C++, and Objective-C

  9. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  10. bytecode-viewer

    A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

  11. static-analysis

    ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

  12. PHPStan

    PHP Static Analysis Tool - discover bugs in your code without running it!

    Project mention: Build a Symfony 7 boilerplate using FrankenPHP, Docker, PostgreSQL and php 8.4 | dev.to | 2024-12-23

    To do so simply install the runtime/frankenphp-symfony composer package. Then we install the bare minimum for a kick ass developer experience, a linter using Code Sniffer, phpstan as code quality audit tool, Rector to ease and automate code maintenance, some useful Symfony components and package and of course the Doctrine ORM. Here the composer.json file located at the symfony folder root.

  13. PHP CS Fixer

    A tool to automatically fix PHP Coding Standards issues

    Project mention: Automate Your PHP Code Formatting with PHP-CS-Fixer | news.ycombinator.com | 2024-08-15
  14. cmake-examples

    Useful CMake Examples

  15. awesome-malware-analysis

    Defund the Police.

  16. owasp-mastg

    The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

    Project mention: The Case for Standards in Mobile App Security | dev.to | 2024-07-31

    The OWASP Mobile Application Security (MAS) flagship project provides a robust security standard for mobile apps, known as the OWASP MASVS, along with a comprehensive testing guide (OWASP MASTG). These resources cover the processes, techniques, and tools used during a mobile app security test, ensuring consistent and complete results.

  17. semgrep

    Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

    Project mention: Análise Estática de Código com AST | dev.to | 2025-02-04
  18. hadolint

    Dockerfile linter, validate inline bash, written in Haskell

    Project mention: 10 Docker Security Best Practices | dev.to | 2025-01-08

    One such linter is hadolint. It parses a Dockerfile and shows a warning for any errors that do not match its best practice rules.

  19. clair

    Vulnerability Static Analysis for Containers

    Project mention: Dockerfile Best Practices: Building Efficient and Secure Containers | dev.to | 2024-08-16

    Regularly scan your Docker images for vulnerabilities using tools like Trivy or Clair.

  20. grype

    A vulnerability scanner for container images and filesystems

    Project mention: Deep Dive 🤿: Where Does Grype Data Come From? | dev.to | 2024-11-12
  21. SonarQube

    Continuous Inspection

    Project mention: Top 12 AI Test Automation Tools for Smarter Software Testing in 2025 | dev.to | 2025-01-13

    SonarQube - Multi-language code analysis for maintainability and quality.

  22. Checkstyle

    Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

    Project mention: Contribution Instructions: Formate Code and Linting | dev.to | 2024-11-01

    We had a list of suggested code formation tools, as my code was written in Java I decided to use suggested formatter GoogleJavaFormat. However, I didn't decide to pick suggested tool for Linter. I picked Checkstyle; for the reason, that SpotBugs wasn't available for JDK 22.

  23. Scanners-Box

    A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

  24. reviewdog

    🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

  25. Detect-It-Easy

    Program for determining types of files for Windows, Linux and MacOS.

  26. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Static Analysis discussion

Log in or Post with

Static Analysis related posts

  • Análise Estática de Código com AST

    1 project | dev.to | 4 Feb 2025
  • Lessons Learned #3: Is your random UUID really random? (Account takeover with the sandwich 🥪 attack)

    1 project | dev.to | 19 Jan 2025
  • Zizmor – static analysis for GitHub Actions

    1 project | news.ycombinator.com | 8 Jan 2025
  • Bill requiring US agencies to share source code with each other becomes law

    3 projects | news.ycombinator.com | 26 Dec 2024
  • CrossHair: Analysis [Python] that blurs the line between testing and [types]

    1 project | news.ycombinator.com | 24 Dec 2024
  • Symbolic Execution by Overloading __bool__

    3 projects | news.ycombinator.com | 24 Dec 2024
  • What are some common strategies for preventing SQL injection vulnerabilities in Rails beyond ActiveRecord?

    2 projects | dev.to | 23 Dec 2024
  • A note from our sponsor - CodeRabbit
    coderabbit.ai | 9 Feb 2025
    Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR. Learn more →

Index

What are some of the best open-source Static Analysis projects? This list will help you:

# Project Stars
1 ImHex 46,941
2 ShellCheck 36,872
3 ruff 35,459
4 SwiftLint 18,793
5 Mobile-Security-Framework-MobSF 18,004
6 PHP Parser 17,160
7 infer 15,085
8 bytecode-viewer 14,835
9 static-analysis 13,559
10 PHPStan 13,199
11 PHP CS Fixer 12,991
12 cmake-examples 12,580
13 awesome-malware-analysis 12,226
14 owasp-mastg 11,943
15 semgrep 10,981
16 hadolint 10,656
17 clair 10,487
18 grype 9,332
19 SonarQube 9,281
20 Checkstyle 8,446
21 Scanners-Box 8,388
22 reviewdog 8,140
23 Detect-It-Easy 7,993

Sponsored
CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai

Did you know that PHP is
the 14th most popular programming language
based on number of references?