souvenir
Tag cloud
Picture wall
Daily
RSS Feed
  • RSS Feed
  • Daily Feed
Filters

Links per page

  • 20 links
  • 50 links
  • 100 links

Filters

Untagged links
page 1 / 2
24 results tagged staticanalysis  ✕   ✕
Semgrep https://github.com/semgrep/semgrep
04/02/2025 cluster icon
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • TheHive Project : A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to...
  • Lynis : Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your ...
  • GoCD : Open source continuous delivery server to model and visualize complex workflows with ease. Automate and streamline your build-test-release cycle for r...

Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supports 30+ languages and can run in an IDE, as a pre-commit check, and as part of CI/CD workflows.

opensource staticanalysis security bugs continuousintegration
Flake8 https://flake8.pycqa.org/en/latest/
04/06/2023 cluster icon
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...
  • refurb : A tool for refurbishing and modernizing Python codebases.
  • Black : By using Black, you agree to cede control over minutiae of hand-formatting. In return, Black gives you speed, determinism, and freedom from pycodestyl...
  • Locust : A modern load testing framework Define user behaviour with Python code, and swarm your system with millions of simultaneous users.
  • code-forensics : code-forensics is a toolset for analysing codebases stored in a version control system. It leverages the repository logs, or version history data, to ...

flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.

python staticanalysis tool
Gitleaks https://github.com/gitleaks/gitleaks
23/05/2023 cluster icon
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • Lynis : Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your ...
  • Semgrep : Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supp...
  • Lighthouse : Lighthouse is an open-source, automated tool for improving the quality of web pages. You can run it against any web page, public or requiring authenti...
  • sqlmap : sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of databa...
thumbnail

Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords, API keys and tokens in Git repositories. It can be used as a Git pre-commit hook or in the CI/CD pipeline.

opensource staticanalysis security test tool
TruffleHog https://github.com/trufflesecurity/trufflehog
23/05/2023 cluster icon
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • Lynis : Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your ...
  • Bazel : Bazel is an open-source build and test tool similar to Make, Maven, and Gradle. It uses a human-readable, high-level build language. Bazel supports pr...
  • Lighthouse : Lighthouse is an open-source, automated tool for improving the quality of web pages. You can run it against any web page, public or requiring authenti...
  • Skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursi...
thumbnail

TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab repositories are the most popular use cases, it can also be used to scan cloud storage buckets like S3 and GCS, local files and directories and CircleCI logs. Developers can set up TruffleHog as a pre-commit hook or scan the history of existing repositories in an entire GitHub organization to detect secrets.

opensource staticanalysis security test tool
refurb https://github.com/dosisod/refurb
08/10/2022 cluster icon
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...
  • Flake8 : flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code....
  • Phan : Phan is a static analyzer that looks for common issues and will verify type compatibility on various operations when type information is available or ...
  • PHP Insights : PHP Insights was carefully crafted to simplify the analysis of your code directly from your terminal, and is the perfect starting point to analyze the...
  • Snyk : Snyk helps you use open source and stay secure. Continuously find & fix vulnerabilities in your dependencies.
thumbnail

A tool for refurbishing and modernizing Python codebases.

python staticanalysis tool
tfsec https://github.com/aquasecurity/tfsec
12/04/2022 cluster icon
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • webhint : webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and co...
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • Semgrep : Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supp...
thumbnail

tfsec uses static analysis of your terraform code to spot potential misconfigurations.

security staticanalysis infrastructureascode
code-forensics https://github.com/smontanari/code-forensics
12/09/2020 cluster icon
  • Code Maat : Code Maat is a command line tool used to mine and analyze data from version-control systems (VCS).
  • Lazygit : A simple terminal UI for git commands.
  • PHP Insights : PHP Insights was carefully crafted to simplify the analysis of your code directly from your terminal, and is the perfect starting point to analyze the...
  • GRV : GRV is a terminal based interface for viewing git repositories. It allows refs, commits and diffs to be viewed, searched and filtered. The behaviour a...
  • scriv : Scriv is a command-line tool for helping developers maintain useful changelogs. It manages a directory of changelog fragments. It aggregates them into...
thumbnail

code-forensics is a toolset for analysing codebases stored in a version control system. It leverages the repository logs, or version history data, to perform deep analyses with regards to complexity, logical coupling, authors coupling and to inspect the evolution in time of different parts of a software system with respect to metrics like code churn and number of revisions.

git staticanalysis technicaldebt cli tool
Code Maat https://github.com/adamtornhill/code-maat
12/09/2020 cluster icon
  • code-forensics : code-forensics is a toolset for analysing codebases stored in a version control system. It leverages the repository logs, or version history data, to ...
  • PHP Insights : PHP Insights was carefully crafted to simplify the analysis of your code directly from your terminal, and is the perfect starting point to analyze the...
  • GRV : GRV is a terminal based interface for viewing git repositories. It allows refs, commits and diffs to be viewed, searched and filtered. The behaviour a...
  • Lazygit : A simple terminal UI for git commands.
  • scriv : Scriv is a command-line tool for helping developers maintain useful changelogs. It manages a directory of changelog fragments. It aggregates them into...
thumbnail

Code Maat is a command line tool used to mine and analyze data from version-control systems (VCS).

cli git staticanalysis technicaldebt tool
Pyre https://pyre-check.org/
10/08/2020 cluster icon
  • Bandit : Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs approp...
  • Flake8 : flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code....
  • refurb : A tool for refurbishing and modernizing Python codebases.
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • Harpoon : CLI tool for open source and threat intelligence. Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written ...

Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providing instantaneous feedback to developers as they write code.

Pyre ships with Pysa, a security focused static analysis tool we've built on top of Pyre that reasons about data flows in Python applications.

python staticanalysis security tool
semgrep https://github.com/returntocorp/semgrep
14/05/2020 cluster icon
  • ack : ack is a tool like grep, optimized for programmers Designed for programmers with large heterogeneous trees of source code, ack is written purely in po...
  • Sourcegraph : Sourcegraph Server is a free, self-hosted code search server that integrates with your code host and supports multi-repository, regexp, and diff searc...
  • howdoi : Instant coding answers via the command line.
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...
  • code-forensics : code-forensics is a toolset for analysing codebases stored in a version control system. It leverages the repository logs, or version history data, to ...
thumbnail

semgrep is a tool for easily detecting and preventing bugs and anti-patterns in your codebase. It combines the convenience of grep with the correctness of syntactical and semantic search. Developers, DevOps engineers, and security engineers use semgrep to write code with confidence.

code search tool staticanalysis
ApplicationInspector https://github.com/microsoft/ApplicationInspector
29/01/2020 cluster icon
  • Black : By using Black, you agree to cede control over minutiae of hand-formatting. In return, Black gives you speed, determinism, and freedom from pycodestyl...
  • tickgit : tickgit is a tool to help you manage tickets, todo items, and checklists within a codebase. Use the tickgit command to view pending tasks, progress re...
  • SonarQube : SonarQube is an open source platform for continuous inspection of code quality.
  • semgrep : semgrep is a tool for easily detecting and preventing bugs and anti-patterns in your codebase. It combines the convenience of grep with the correctnes...
  • code-forensics : code-forensics is a toolset for analysing codebases stored in a version control system. It leverages the repository logs, or version history data, to ...
thumbnail

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'what's in it' using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

staticanalysis code scan
tickgit https://github.com/augmentable-dev/tickgit
19/01/2020 cluster icon
  • ApplicationInspector : A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'what's in it' using static analysis ...
  • semgrep : semgrep is a tool for easily detecting and preventing bugs and anti-patterns in your codebase. It combines the convenience of grep with the correctnes...
  • Black : By using Black, you agree to cede control over minutiae of hand-formatting. In return, Black gives you speed, determinism, and freedom from pycodestyl...
  • SonarQube : SonarQube is an open source platform for continuous inspection of code quality.
  • Carbon : Create and share beautiful images of your source code. Start typing, or drop a file into the text area to get started.
thumbnail

tickgit is a tool to help you manage tickets, todo items, and checklists within a codebase. Use the tickgit command to view pending tasks, progress reports, completion summaries and historical data (using git history).

code task staticanalysis
PHP Insights https://phpinsights.com/
13/12/2019 cluster icon
  • Phan : Phan is a static analyzer that looks for common issues and will verify type compatibility on various operations when type information is available or ...
  • GrumPHP : Sick and tired of defending code quality over and over again? GrumPHP will do it for you! This composer plugin will register some git hooks in your pa...
  • Phinx : Phinx makes it ridiculously easy to manage the database migrations for your PHP app. In less than 5 minutes you can install Phinx and create your firs...
  • PhpMetrics : PhpMetrics provides various metrics about PHP projects. PhpMetrics is designed to be understable and easy to use. Thanks to d3js, it will scores your ...
  • Code Maat : Code Maat is a command line tool used to mine and analyze data from version-control systems (VCS).

PHP Insights was carefully crafted to simplify the analysis of your code directly from your terminal, and is the perfect starting point to analyze the code quality of your PHP projects.

php cli tool staticanalysis quality
Black https://black.readthedocs.io/en/stable/
16/12/2018 cluster icon
  • Flake8 : flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code....
  • refurb : A tool for refurbishing and modernizing Python codebases.
  • stylefmt : stylefmt is a tool that automatically formats your stylesheets.
  • SonarQube : SonarQube is an open source platform for continuous inspection of code quality.
  • tickgit : tickgit is a tool to help you manage tickets, todo items, and checklists within a codebase. Use the tickgit command to view pending tasks, progress re...

By using Black, you agree to cede control over minutiae of hand-formatting. In return, Black gives you speed, determinism, and freedom from pycodestyle nagging about formatting. You will save time and mental energy for more important matters.

Black makes code review faster by producing the smallest diffs possible. Blackened code looks the same regardless of the project you’re reading. Formatting becomes transparent after a while and you can focus on the content instead.

python code formatting staticanalysis
source{d} Engine https://sourced.tech/engine/
18/11/2018 cluster icon
  • mirador : Mirador is a tool for visual exploration of complex datasets. It enables users to discover correlation patterns and derive new hypotheses from the dat...
  • Superset : Superset is a data exploration platform designed to be visual, intuitive and interactive. Superset's main goal is to make it easy to slice, dice and v...
  • DuckRails : DuckRails is a development tool. Its main purpose is to allow developers to quickly mock API endpoints that for many possible reasons can't reach at a...
  • Overtone : Overtone is an open source audio environment designed to explore new musical ideas from synthesis and sampling to instrument building, live-coding and...
  • webhint : webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and co...

Engineering managers and maintainers of large code bases are starting to realize the potential of Code as Data or how source code can be treated as an analyzable dataset proving valuable information. Think Business Intelligence and processes optimization based on the source code engineers write, rather than adjacent metrics.

development data analysis staticanalysis
coala https://coala.io/
04/01/2018 cluster icon
  • GrumPHP : Sick and tired of defending code quality over and over again? GrumPHP will do it for you! This composer plugin will register some git hooks in your pa...
  • PhpMetrics : PhpMetrics provides various metrics about PHP projects. PhpMetrics is designed to be understable and easy to use. Thanks to d3js, it will scores your ...
  • semgrep : semgrep is a tool for easily detecting and preventing bugs and anti-patterns in your codebase. It combines the convenience of grep with the correctnes...
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • refurb : A tool for refurbishing and modernizing Python codebases.

coala provides a unified interface for linting and fixing code with a single configuration file, regardless of the programming languages used. You can use coala from within your favorite editor, integrate it with your CI, get the results as JSON, or customize it to your needs with its flexible configuration syntax.

coala has a set of official bears (plugins) for several languages, including popular languages such as C/C++, Python, JavaScript, CSS, Java and many more, in addition to some generic language independent algorithms.

staticanalysis tool
webhint https://webhint.io/
03/11/2017 cluster icon
  • SSL Server Test : This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.
  • Skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursi...
  • BounCA : BounCA is a tool to manage your personal SSL certificates and authorities in a central and easy to use interfaces. It provides an easy accessible web ...
  • Burp Suite : Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the en...
  • WebPagetest : Run a free website speed test from multiple locations around the globe using real browsers (IE and Chrome) and at real consumer connection speeds.
thumbnail

webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and common errors. Use the online scanner or the CLI to start checking your site for errors.

web staticanalysis security performance ssl test cli accessibility
Psalm https://getpsalm.org/
13/06/2017 cluster icon
  • GrumPHP : Sick and tired of defending code quality over and over again? GrumPHP will do it for you! This composer plugin will register some git hooks in your pa...
  • Phan : Phan is a static analyzer that looks for common issues and will verify type compatibility on various operations when type information is available or ...
  • PHP Insights : PHP Insights was carefully crafted to simplify the analysis of your code directly from your terminal, and is the perfect starting point to analyze the...
  • PhpMetrics : PhpMetrics provides various metrics about PHP projects. PhpMetrics is designed to be understable and easy to use. Thanks to d3js, it will scores your ...
  • Composer : Dependency Manager for PHP

Psalm is a static analysis tool for finding errors in PHP applications.

php staticanalysis tool
CodeScene https://codescene.io/
01/04/2017 cluster icon
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • Roam Research : A note-taking tool for networked thought. As easy to use as a document. As powerful as a graph database. Roam helps you organize your research for the...
  • Njalla : A privacy aware domain registration service. When you buy a domain in our system, we're actually purchasing it for ourselves. However, you will still ...
  • Security Headers : I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites we...
  • Mockbin : Mockbin allows you to generate custom endpoints to test, mock, and track HTTP requests & responses between libraries, sockets and APIs.
thumbnail

CodeScene identifies patterns in the evolution of your code. This gives you the power to predict its future and to find the code that is hard to evolve and prone to defects. The investigation takes only minutes but saves you from future limitations, bottlenecks or maintenance issues.

CodeScene gives you a better understanding of your software systems. Here are just a few of all the questions that CodeScene will help you find answers to:

Which part of the code might become productivity bottlenecks?
Which parts of the code will be hard to maintain?
What is the technical risk when a key developer leaves the project?
Which parts of the code should we improve to get a real productivity and quality gain?
How is the knowledge distribution between teams in your codebase?
staticanalysis service legacy refactoring
PHP Coding Standard Generator http://edorian.github.io/php-coding-standard-generator/
18/01/2017 cluster icon
  • HTML2PDF : HTML2PDF is a HTML to PDF converter written in PHP. It allows the conversion of valid HTML 4.01 in PDF format, and is distributed under OSL.
  • ApiGen : ApiGen is the tool for creating professional API documentation from PHP source code, similar to discontinued phpDocumentor/phpDoc.
  • phpDocumentor : phpDocumentor enables you to generate documentation from your PHP source code. This documentation provides an in-depth view of your project to you, yo...
  • Sami : Sami: an API documentation generator
  • DaDaBIK : DataBase Interfaces Kreator - Create a PHP Web front-end for a MySQL PostgreSQL Oracle MS SQL Server database in a minute

The goal of this site is to enable you do very quickly create and maintain your own coding standard.

PHP Mess Detector rule sets files and PHP Code Sniffer rulesets are supported.

php staticanalysis standards generator
page 1 / 2
1636 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Theme by kalvn