User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome Static Analysis & Code Quality

⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: Oct. 20, 2021, 9:10 a.m.

Thank you analysis-tools-dev & contributors
View Topic on GitHub:
analysis-tools-dev/static-analysis

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Programming Languages

Qt-oriented static code analyzer based on the Clang framework

388
57
1y 29d
n/a

CMetrics measures size and complexity for C files

49
15
6y 7m
GPL-2.0

Style guides for Google-originated open-source projects

27.01K
10.26K
8m
Apache-2.0

C Quality Metrics

40
9
1y 90d
n/a

Flint++ is cross-platform, zero-dependency port of flint, a lint program for C++ developed and used at Facebook.

239
21
2y 26d
BSL-1.0

Static analyzer for C/C++ based on the theory of Abstract Interpretation.

1.31K
92
1y 103d
n/a

A C# architecture test library to specify and assert architecture rules in C# for automated testing.

29
10
1y 39d
Apache-2.0

C# Essentials is a collection of Roslyn diagnostic analyzers, code fixes and refactorings that make it easy to work with C# 6 language features.

155
27
5y 4m
n/a

Infer# is an interprocedural and scalable static code analyzer for C#. Via the capabilities of Facebook's Infer, this tool detects null pointer dereferences and resource leak.

199
7
10m
MIT

A collection of 500+ analyzers, refactorings and fixes for C#, powered by Roslyn.

1.98K
168
7m
n/a

A collection of static analyzers based on Roslyn that integrate with VS

65
15
1y 53d
GPL-2.0

.NET Compiler Platform ("Roslyn") diagnostic analyzers and code fixes written by Wintellect

83
9
4y 11m
n/a

A linter for Clojure code that sparks joy.

1.07K
151
7m
EPL-1.0

An opinionated, community-driven set of lint rules for Dart and Flutter projects. Like pedantic but stricter

87
6
1y 5m
Apache-2.0

Swiss-army knife for D source code

219
66
1y 46d
BSL-1.0

A static code analysis tool for the Elixir language with a focus on code consistency and teaching.

3.76K
306
8m
MIT

Mix tasks to simplify use of Dialyzer in Elixir projects.

1.28K
106
8m
n/a

Security-focused static analysis for the Phoenix Framework

1.08K
65
9m
Apache-2.0

Erlang Style Reviewer

383
85
9m
Apache-2.0

Primitive Erlang Security Tool

75
10
1y 4m
MIT

i-Code CNES is a static code analysis tool to help developpers write code compliant with CNES coding rules.

32
9
1y 36d
EPL-1.0

Analyzer: checks whether HTTP response body is closed and a re-use of TCP connection is not blocked.

165
11
1y 50d
MIT

Standalone repo of deadcode package from http://github.com/remyoudompheng/go-misc

38
13
2y 11m
n/a

Static analyser for finding Deadlocks in Go

263
21
2y 7m
Apache-2.0

dogsled is a Go static analysis tool to find assignments/declarations with too many blank identifiers.

60
1
2y 11m
MIT

a tool for code clone detection

224
14
10m
MIT

errcheck checks that you checked errors.

1.65K
119
9m
MIT

Go tool to wrap and fix errors with the new %w verb directive

309
9
11m
n/a

Flen provides stats on functions/methods lengths in a Golang package.

48
3
3y 7m
MIT

Source code analyzer that helps you to make your Go programs more consistent.

272
6
1y 6m
MIT

The most opinionated Go source code linter for code audit.

860
68
8m
MIT

Check that no globals are present in Go code.

28
6
2y 6m
MIT

Find in Go repeated strings that could be replaced by a constant

132
8
1y 7m
MIT

Calculate cyclomatic complexities of functions in Go source code.

653
59
1y 41d
BSD-3-Clause

[mirror] This is a linter for Go source code.

3.82K
511
10m
BSD-3-Clause

An interactive tool to analyze Golang goroutine dump.

263
10
2y 11m
BSD-2-Clause

Detect ineffectual assignments in Go code.

269
15
1y 72d
MIT

A linter that suggests interface types

709
15
3y 50d
BSD-3-Clause

Line length linter

53
6
1y 6m
MIT

Tool to detect Go structs that would take less memory if their fields were sorted.

285
34
1y 7m
BSD-3-Clause

Correct commonly misspelled English words in source files

934
91
1y 46d
MIT

nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.

69
6
1y 8m
MIT

nargs is a Go static analysis tool to find unused arguments in function declarations.

75
2
1y 6m
MIT

prealloc is a Go static analysis tool to find slice declarations that could potentially be preallocated.

402
11
1y 6m
MIT

Static analysis tool for Golang that protects against SQL injections

504
40
2y 41d
MIT

Remove unnecessary type conversions from Go source

306
17
1y 7m
BSD-3-Clause

Find unused parameters in Go

299
13
1y 5m
BSD-3-Clause

␊ Whitespace Linter - Forces you to use empty lines!

79
18
1y 37d
MIT

haskell source code formatter

604
65
1y 52d
AGPL-3.0

Haskell source code suggestions

1.03K
131
1y 34d
BSD-3-Clause

A re-implementation of weeder using HIE files

77
8
1y 41d
BSD-3-Clause

Code metrics for Java code by means of static analysis

148
62
1y 40d
Apache-2.0

Policeman's Forbidden API Checker

201
26
1y 48d
Apache-2.0

Reformats Java source code to comply with Google Java Style.

3.51K
618
1y 35d
Apache-2.0

Java bytecode static analyzer

305
34
1y 36d
Apache-2.0

A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

2.9K
224
7m
MIT

Automatically exported from code.google.com/p/closure-linter

103
30
2y 10m
Apache-2.0

UNMAINTAINED Software complexity analysis for JavaScript projects

165
23
1y 5m
MIT

JavaScript source code visualization, static analysis, and complexity tool

165
29
1y 93d
MIT

Software complexity analysis of JavaScript-family abstract syntax trees.

218
25
1y 5m
MIT

The JavaScript Code Quality Tool

3.42K
453
11m
n/a

JavaScript source code visualization, static analysis, and complexity tool

4.45K
313
2y 88d
MIT

❤️ JavaScript/TypeScript linter (ESLint wrapper) with great defaults

6.16K
317
13d
MIT

[UNMAINTAINED] Javascript code metrics

24
2
4y 10m
MIT

Static Code Analysis for Julia

51
12
1y 44d
n/a

A tool for linting and static analysis of Lua code.

1.37K
230
3y 10d
MIT

lua linter

78
17
3y 8m
n/a

Nim code formatter / linter / style checker

39
3
11m
GPL-3.0

Sys: A Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code

133
24
1y 44d
GPL-2.0

Research prototype tool for modular formal verification of C and Java programs

193
47
10m
n/a

Discover files in need of refactoring.

1K
51
1y 63d
MIT

Detect flaws in your architecture, before they drag you down into the depths of dependency hell ...

442
20
11m
MIT

Keep your architecture clean.

1.45K
64
8m
MIT

detection of design patterns in PHP code

101
12
4y 5m
MIT

A PHP code-quality tool

3.24K
322
1y 47d
MIT

⚗️ Adds static analysis to Laravel improving developer productivity and code quality.

2.87K
194
91d
MIT

This tool check syntax of PHP files faster than serial check with fancier output.

49
8
1y 39d
n/a

Parse: A Static Security Scanner

296
39
3y 75d
n/a

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

5.02K
332
8m
n/a

PHP Architecture Tester - Easy to use architectural testing tool for PHP

484
16
9m
MIT

Tool to detect assumptions

139
10
2y 6m
MIT

Compares two source sets and determines the appropriate semantic versioning to apply.

413
20
10m
MIT

A PHP parser written in PHP

14.22K
799
8m
BSD-3-Clause

PHP spell check library

47
14
1y 61d
MIT

Library emulating the PHP internal reflection using just the tokenized source code

193
39
4y 10m
n/a

PHP 7 Compatibility Checker

1.54K
126
3y 7m
MIT

PHP 7 Migration Assistant Report (MAR)

773
86
2y 4m
GPL-3.0

PhpCodeAnalyzer scans codebase and analyzes which non-built-in php extensions used

83
6
2y 5m
BSD-3-Clause

Copy/Paste Detector (CPD) for PHP code.

2.04K
169
10m
n/a

Dead Code Detector (DCD) for PHP code.

396
48
6y 10d
n/a

Analyzer of PHP code to search issues with deprecated functionality in newer interpreter versions.

259
20
10m
BSD-3-Clause

Add scalar type hints and return types to existing PHP projects using PHPDoc annotations

230
17
2y 6m
MIT

A tool for quickly measuring the size of a PHP project.

2.08K
164
10m
n/a

PHP Magic Number Detector

408
28
1y 39d
MIT

Docker image that provides static analysis tools for PHP

783
40
1y 39d
MIT

PHPQA all-in-one Analyzer CLI tool

338
30
3y 10m
MIT

Smart/Static Analyzer(sis) for PHP

651
46
2y 7m
n/a

A static analysis tool for security

223
51
8m
MIT

Tool helping us to analyze software projects

493
32
1y 10m
AGPL-3.0

A static analysis engine

178
8
5y 12m
MIT

Standalone twig linter.

107
33
3y 10m
MIT

Custom Python linting through AST expressions

184
5
1y 10m
MIT

A tool for measuring Python class cohesion.

117
2
2y 77d
GPL-3.0

Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.

40
2
1y 4m
BSD-3-Clause

IT, Inspector Tiger is a modern python code review tool / framework.

73
2
1y 29d
MIT

Surface lint errors during code review

178
26
1y 7m
n/a

Look for SQL injection attacks in python source code

108
31
2y 7m
n/a

Static type checker for Python

6.35K
289
7m
n/a

Rate your Python packages package friendliness

95
19
1y 7m
MIT

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

1.98K
231
1y 7m
GPL-2.0

Find dead Python code

1.19K
67
9m
MIT

A Python application for tracking, reporting on timing and complexity in Python code

594
31
1y 36d
Apache-2.0

Cyclomatic complexity of R functions and expressions

31
2
3y 103d
n/a

Static Code Analysis for R

812
137
8m
n/a

Code quality threshold checking as part of your build

1.33K
77
2y 10m
n/a

Don't make your Rubies go fast. Make them go fasterer ™.

1.41K
57
8m
MIT

A tool for measuring code complexity in Ruby class files. Its analysis generates scores based on cyclomatic complexity algorithms with no added "opinions".

27
7
2y 10m
MIT

Static analysis and style linter for Ruby code.

389
18
1y 84d
AGPL-3.0

Static analysis Lint-type tool to improve your OO Ruby code

446
21
6y 9m
n/a

Query Method Calls from Ruby Programs

208
16
1y 107d
MIT

Code smell detector for Ruby

3.47K
255
8m
MIT

a ruby code dependency graph interactive visualizer

517
21
1y 76d
MIT

A Ruby code quality reporter

2.69K
191
8m
MIT

The Ruby Formatter

657
45
1y 40d
MIT

🌟 Ruby Style Guide, with linter & automatic code fixer

1.13K
82
1y 5d
n/a

Gradual Typing for Ruby

741
30
12m
MIT

Find unused dependencies in Cargo.toml

385
11
11m
n/a

Subcommand to show result of macro expansion

864
18
8m
n/a

Pssst!... see what Rust is doing behind the curtains 🕵🤫

263
9
1y 56d
n/a

Checks all your documentation for spelling and grammar mistakes with hunspell (ready) and languagetool (preview)

163
9
10m
n/a

A rustc plugin to check for numerical instability

169
4
5y 54d
MPL-2.0

Linting your Rust-files in Atom, using rustc and cargo.

42
22
1y 56d
MIT

Rust mid-level IR Abstract Interpreter

428
35
1y 33d
MIT

This crate provides a convenient macro that allows you to generate type wrappers that promise to always uphold arbitrary invariants that you specified.

26
3
103d
Unlicense

Rust Memory Safety & Undefined Behavior Detection

550
8
57d
n/a

Repository for the Rust Language Server (aka RLS)

3.08K
219
1y 45d
n/a

Make production Rust binaries auditable

99
1
1y 43d
n/a

Automatically apply the suggestions made by rustc

583
41
8m
n/a

Format Rust code

3.51K
565
8m
n/a

Interactively Visualizing Ownership and Borrowing

1.21K
19
6m
MIT

Show unused code from multi-crate Rust projects

52
1
5m
n/a
54
0
5m
BSD-3-Clause

Automatically identify anti-patterns in SQL queries

1.96K
85
1y 6m
Apache-2.0

Simple SQL linter supporting ANSI and PostgreSQL syntaxes

327
22
1y 47d
MIT

Configurable linting for TSQL

107
39
1y 35d
MIT

TSQL Static Code Analysis Rules for SQL Server

19
4
4y 8m
MIT

Static Analysis Compiler Plugin for Scala

271
33
3y 103d
Apache-2.0

Scala compiler plugin for static code analysis

411
68
8m
Apache-2.0

Code style enforcement for bash programs. Mirror of code maintained at opendev.org.

255
17
1y 8d
Apache-2.0

The corrective bash syntax highlighter

4.07K
133
6m
MPL-2.0

A command-line tool and Xcode Extension for formatting Swift code

5.1K
389
85d
MIT

Tcl Dev Kit (TDK)

30
17
1y 4m
BSD-3-Clause

A set of TSLint rules used on some Microsoft projects.

694
215
1y 96d
MIT

CLI to generate an interactive graph of functions and calls from your TypeScript files

28
3
1y 76d
MIT

Monorepo for all the tooling which enables ESLint to support TypeScript

8.99K
1.38K
8m
n/a

Fast and Highly Extensible Vim script Language Lint implemented in Python.

582
27
1y 41d
MIT

copyright: - Detects run-time and logic errors.

copyright: - Provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in source code.

copyright: - Static analysis and formal verification toolset for Ada.

Warns about constructs that are dubious or nonportable to other awk implementations.

copyright: - Sound static analyzer based on abstract interpretation for C/C++, detecting memory, type and concurrency defects, and MISRA violations.

warning: :copyright: - Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity.

Frama-C is a static analysis and formal proof framework for C and C++

copyright: - Enterprise-grade static analysis for embedded software. Supports MISRA, CERT, and AUTOSAR coding standards.

copyright: - A tool suite including static analysis (TBVISION) to various standards including MISRA C & C++, JSF++ AV, CWE, CERT C, CERT C++ & Custom Rules.

copyright: - Identifies run-time errors, concurrency issues, security vulnerabilities, and other defects in C and C++ embedded software.

copyright: - Provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in C and C++ source code.

Analyzes C/C++ code using LLVM at compile-time.

Vera++ is a programmable tool for verification, analysis and transformation of C++ source code.

Compute source code metrics and detect a variety of implementation, design, and architecture smells for C#.

copyright: - A free IDE Plugin for static code analysis. A Pro edition includes a command line tool for automation purposes.

copyright: - A static code analysis tool with numerous reports. A free Lite version is available with limited reporting.

copyright: - IDE plugin for code analysis. Includes a subset of Pascal Analyzer reporting capabilities and is available for Delphi versions 2007 and later.

Find inefficiently packed structs.

Checks missing or unreferenced package imports.

Syntactic and semantic analysis similar to the Go compiler.

Pluggable type systems. Includes nullness types, physical units, immutability types and more. (GPL-2.0-only WITH Classpath-exception-2.0)

copyright: - DesigniteJava supports detection of various architecture, design, and implementation smells along with computation of various code quality metrics.

copyright: - Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity.

copyright: - An analyzer for JavaScript which targets runtime errors and quality issues rather than coding conventions.

:information_source: - Detect errors and potential problems in JavaScript code and enforce your team's coding conventions.

copyright: - Check MATLAB code files for possible problems.

Critique Perl source code for best-practices.

Safe code refactoring for modern Python.

copyright: - A full IDE with static code analysis for Micro Focus Unified Functional Testing VBScript-based automated tests.

Multiple languages

Check syntax in Vim asynchronously and fix files, with Language Server Protocol (LSP) support

9.93K
1.11K
1y 35d
BSD-2-Clause

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'what's in it' using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

3.69K
270
1y 36d
MIT

Find out what takes most of the space in your executable.

889
20
1y 42d
MIT

Continuum Analytics linter, formatter and test suite helper.

21
7
3y 9m
MIT

An uber-fast parallelized Java classpath scanner and module scanner.

1.93K
213
8m
MIT

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise

1.55K
390
1y 16d
MIT

C to Rust translator

2.04K
110
4y 6m
GPL-2.0

Code Quality Checker - Check your code quality by running one command.

323
17
2y 5m
n/a

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

642
85
2y 10m
MIT

Depends is a fast, comprehensive code dependency analysis tool

83
33
1y 37d
MIT

DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities.

466
63
1y 43d
MIT

Find and fix problems in your JavaScript code.

19.33K
3.47K
1d
MIT

The official GitHub mirror of https://gitlab.com/pycqa/flake8

972
120
1y 35d
n/a

DEPRECATED: Use https://github.com/golangci/golangci-lint

3.55K
281
2y 7m
MIT

A static analysis tool for securing Go code

1.53K
58
49d
Apache-2.0

goone finds N+1 query in go

20
1
7m
MIT

A Golang tool that does static analysis, unit testing, code review and generate code quality report.

2.73K
226
2y 11m
Apache-2.0

Goal-directed static analysis tool for JVM languages.

49
9
5y 5m
Apache-2.0

A static-analysis bot for Github

213
36
1y 47d
MIT

This is a small C++ based commandline-tool which analyzes include statements in C/C++ code.

49
26
1y 11m
n/a

A simple code complexity analyser without caring about the C/C++ header files or Java imports, supports most of the popular languages.

1.09K
182
4m
n/a

Run multiple python linters easily

29
6
1y 90d
ISC

Tools for code analysis, visualizations, or style-preserving source transformation.

2.41K
213
2y 6m
n/a

Polymer Tools Monorepo

377
194
1y 96d
n/a

Quick automated code review of your changes

2.31K
207
1y 81d
MIT

Inspects Python source files and provides information about type and location of classes, methods etc

1.38K
119
12m
GPL-2.0

An engine for searching patterns in the source code, based on Unified AST or UST. At present time C#, Java, PHP, PL/SQL, T-SQL, MySql, and JavaScript are supported. Patterns can be described within the code or using a DSL.

57
11
1y 4m
n/a

Quality is a tool that runs quality checks on your code using community tools, and makes sure your numbers don't get any worse over time. Just add 'rake quality' as part of your Continuous Integration.

147
19
1y 5m
MIT

QuantifiedCode Community Edition - Protect Your Codebase. Warning: For experimentation only, not stable. 🔬

102
25
3y 86d
BSD-3-Clause

Regular Expression based static file linter.

22
3
1y 100d
MIT

Automated code review tool integrated with any code analysis tools regardless of programming language

2.47K
136
1y 34d
MIT
902
268
1y 47d
Apache-2.0

Program analysis platform

247
30
2y 8m
Apache-2.0

Combination of multiple linters to install as a GitHub Action

5.58K
270
1y 34d
MIT

A static code analyzer for annotated TODO comments

290
10
1y 16d
MIT

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

6.45K
567
8m
Apache-2.0

A static code analyzer for C++, C#, Lua

1.02K
364
2y 10m
n/a

A fast, straightforward, reliable tool for performing massive, automated code refactoring

1.63K
57
4y 103d
n/a

Java library for parsing report files from static code analysis.

84
19
1y 36d
Apache-2.0

T.J. Watson Libraries for Analysis

368
166
11m
EPL-2.0

Pluggable TypeScript and JavaScript linter

266
16
1y 4m
Apache-2.0

Based on IntelliJ IDEA, and comes bundled with tools for Android including Android Lint.

copyright: - Static analysis for C/C++/C#, PHP and Java.

copyright: - Tracks down error-prone code locations, style violations, cloned or dead code, cyclic dependencies and more for C/C++, C#/.NET, Java and Ada 83/Ada 95.

copyright: - Better Code Hub checks your GitHub codebase against 10 engineering guidelines devised by the authority in software quality, Software Improvement Group.

copyright: - Commercial Static Code Analysis which runs locally, but uploads the results to its cloud for presentation.

Automated Code Review for Ruby, Rails, JS, PHP, Python etc. Security, Coverage & Quality.

copyright: - Code quality and technical debt management platform that supports 10+ languages.

copyright: - Static Code Analysis for C#, C, C++, CoffeeScript, CSS, Groovy, GO, JAVA, JavaScript, Less, Python, Ruby, Scala, SCSS, TypeScript.

copyright: - Automated code analysis tool to deal with technical depth. Integrates with Bitbucket and Gitlab. (free for Open Source Projects)

copyright: - CodeIt.Right™ provides a fast, automated way to ensure that your source code adheres to (your) predefined design and style guidelines as well as best coding practices.

copyright: - Automated SAST code reviews driven by security, supports 15+ languages and includes security training.

copyright: - Advanced, whole program, deep path, static analysis of C and C++ with easy-to-understand explanations and code and path visualization.

copyright: - Synopsys Coverity supports 20 languages and over 70 frameworks including Ruby on rails, Scala, PHP, Python, JavaScript, TypeScript, Java, Fortran, C, C++, C#, VB.NET.

DeepCode finds bugs, security vulnerabilities, performance and API issues based on AI. DeepCode's speed of analysis allow us to analyse your code in real time and deliver results when you hit the save button in your IDE. Supported languages are Java, C/C++, JavaScript, Python, and TypeScript. Integrations with GitHub, BitBucket and Gitlab. Free for open source and private repos, free up to 30 developers.

copyright: - Intelligent software analytics platform that identifies design issues, code issues, duplication and metrics. Supports Java, C, C++, C#, JavaScript, TypeScript, Python, Go, Kotlin and more.

copyright: - A commercial static analysis platform that supports the scanning of C/C++, C#, VB.NET, VB6, ABAP/BSP, ActionScript, Apex, ASP.NET, Classic ASP, VB Script, Cobol, ColdFusion, HTML, Java, JS, JSP, MXML/Flex, Objective-C, PHP, PL/SQL, T-SQL, Python (2.6, 2.7), Ruby (1.9.3), Swift, Scala, VB, and XML.

Review your Ruby code for style guide violations.

copyright: - Quality and Security Static analysis for C/C++, Java and C#.

Automated Git code review for GitHub and Bitbucket pull requests for finding security vulnerabilities and code quality issues.

copyright: - Automated PHP code review.

A framework for managing and maintaining multi-language pre-commit hooks

conditionally free for FOSS and individual developers) static analysis of C, C++, C# and Java code. For advertising purposes you can propose a large FOSS project for analysis by PVS employees. Supports CWE mapping, MISRA and CERT coding standards.

more for JavaScript, TypeScript, JSON, HTML, Markdown, and CSS.

copyright: - An automated code reviewing tool. Improving developers' productivity.

Can find and fix known security vulnerabilities in your open source dependencies. Unlimited tests and remediation for open source projects. Limited to 200 tests/month for your private projects.

copyright: - Multilanguage cloud-based static code analysis. History, trends, security hot-spots, pull request analysis and more. Free for open source.

SonarQube is an open platform to manage code quality

copyright: - Find flaws in binaries and bytecode without requiring source. Support all major programming languages: Java, .NET, JavaScript, Swift, Objective-C, C, C++ and more.

Clang's static code analyzer (C/C++, Obj-C).

Other

A powerful and user-friendly binary analysis platform!

4.85K
793
8m
BSD-2-Clause

Raw binary firmware analysis software

171
30
1y 112d
Apache-2.0

A binary static analysis tool that provides security and correctness results for Windows Portable Executable and *nix ELF binary formats

466
101
1y 4m
n/a

Bloaty McBloatface: a size profiler for binaries

2.86K
181
1y 13d
Apache-2.0

cwe_checker finds vulnerable patterns in binary executables

361