flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.
Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords, API keys and tokens in Git repositories. It can be used as a Git pre-commit hook or in the CI/CD pipeline.
TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab repositories are the most popular use cases, it can also be used to scan cloud storage buckets like S3 and GCS, local files and directories and CircleCI logs. Developers can set up TruffleHog as a pre-commit hook or scan the history of existing repositories in an entire GitHub organization to detect secrets.
A tool for refurbishing and modernizing Python codebases.
tfsec uses static analysis of your terraform code to spot potential misconfigurations.
code-forensics is a toolset for analysing codebases stored in a version control system. It leverages the repository logs, or version history data, to perform deep analyses with regards to complexity, logical coupling, authors coupling and to inspect the evolution in time of different parts of a software system with respect to metrics like code churn and number of revisions.
Code Maat is a command line tool used to mine and analyze data from version-control systems (VCS).
Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providing instantaneous feedback to developers as they write code.
Pyre ships with Pysa, a security focused static analysis tool we've built on top of Pyre that reasons about data flows in Python applications.
semgrep is a tool for easily detecting and preventing bugs and anti-patterns in your codebase. It combines the convenience of grep with the correctness of syntactical and semantic search. Developers, DevOps engineers, and security engineers use semgrep to write code with confidence.
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'what's in it' using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
tickgit is a tool to help you manage tickets, todo items, and checklists within a codebase. Use the tickgit command to view pending tasks, progress reports, completion summaries and historical data (using git history).
PHP Insights was carefully crafted to simplify the analysis of your code directly from your terminal, and is the perfect starting point to analyze the code quality of your PHP projects.
By using Black, you agree to cede control over minutiae of hand-formatting. In return, Black gives you speed, determinism, and freedom from pycodestyle nagging about formatting. You will save time and mental energy for more important matters.
Black makes code review faster by producing the smallest diffs possible. Blackened code looks the same regardless of the project you’re reading. Formatting becomes transparent after a while and you can focus on the content instead.
Engineering managers and maintainers of large code bases are starting to realize the potential of Code as Data or how source code can be treated as an analyzable dataset proving valuable information. Think Business Intelligence and processes optimization based on the source code engineers write, rather than adjacent metrics.
coala provides a unified interface for linting and fixing code with a single configuration file, regardless of the programming languages used. You can use coala from within your favorite editor, integrate it with your CI, get the results as JSON, or customize it to your needs with its flexible configuration syntax.
coala has a set of official bears (plugins) for several languages, including popular languages such as C/C++, Python, JavaScript, CSS, Java and many more, in addition to some generic language independent algorithms.
webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and common errors. Use the online scanner or the CLI to start checking your site for errors.
Psalm is a static analysis tool for finding errors in PHP applications.
CodeScene identifies patterns in the evolution of your code. This gives you the power to predict its future and to find the code that is hard to evolve and prone to defects. The investigation takes only minutes but saves you from future limitations, bottlenecks or maintenance issues.
CodeScene gives you a better understanding of your software systems. Here are just a few of all the questions that CodeScene will help you find answers to:
Which part of the code might become productivity bottlenecks?
Which parts of the code will be hard to maintain?
What is the technical risk when a key developer leaves the project?
Which parts of the code should we improve to get a real productivity and quality gain?
How is the knowledge distribution between teams in your codebase?
The goal of this site is to enable you do very quickly create and maintain your own coding standard.
PHP Mess Detector rule sets files and PHP Code Sniffer rulesets are supported.
Phan is a static analyzer that looks for common issues and will verify type compatibility on various operations when type information is available or can be deduced. Phan does not make any serious attempt to understand flow control and narrow types based on conditionals.
Sick and tired of defending code quality over and over again? GrumPHP will do it for you! This composer plugin will register some git hooks in your package repository. When somebody commits changes, GrumPHP will run some tests on the committed code. If the tests fail, you won't be able to commit your changes. This handy tool will not only improve your codebase, it will also teach your co-workers to write better code following the best practices you've determined as a team.
GrumPHP has a set of common tasks built-in. You will be able to use GrumPHP with a minimum of configuration.
SonarQube is an open source platform for continuous inspection of code quality.
PhpMetrics provides various metrics about PHP projects. PhpMetrics is designed to be understable and easy to use. Thanks to d3js, it will scores your project with beautiful graphs. PhpMetrics interacts with Jenkins or Sonar. It provides reports in many formats (XML, violations, HTML, CSV...). PhpMetrics can be extended with plugins (Symfony2...).