.svg){kind=icon}
An interpreter for Rust's mid-level intermediate representation.
Miri is an Undefined Behavior detection tool for Rust. It can run binaries and test suites of cargo projects and detect unsafe code that fails to uphold its safety requirements.
grep rough audit - source code auditing tool.
graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
pylyzer is a static code analyzer / language server for Python, written in Rust.
A tool to detect bugs in Java and C/C++/Objective-C code before it ships
Infer is a static analysis tool - if you give Infer some Java or C/C++/Objective-C code it produces a list of potential bugs. Anyone can use Infer to intercept critical bugs before they have shipped to users, and help prevent crashes or poor performance.
Understand. Improve. Code.
AST Metrics is a blazing-fast static code analyzer that works across programming languages.. It empowers you to gain deep insights into your code structure, identify potential problems early on, and improve code quality. Leveraging the efficiency of Go, AST Metrics delivers exceptional performance for large codebases.
Attributes to define PHP language extensions (to be enforced by static analysis).
This library provides attributes that are used by static analysers to enforce new language features. The intention, at least initially, is that these extra language features are enforced by static analysis tools (such as Psalm, PHPStan and, ideally, PhpStorm) and NOT at runtime.
An extensible multilanguage static code analyzer.
PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports many languages. It can be extended with custom rules. It uses JavaCC and Antlr to parse source files into abstract syntax trees (AST) and runs rules against them to find violations. Rules can be written in Java or using a XPath query.