Open Source Source Code Analysis Tools - Page 4
Sort By:
Source Code Analysis Tools
View 5982 business solutions-
AI-powered SAST and AppSec platform that helps companies find and fix vulnerabilities.ZeroPath (YC S24) is an AI-native application security platform that delivers comprehensive code protection beyond traditional SAST. Founded by security engineers from Tesla and Google, ZeroPath combines large language models with advanced program analysis to find and automatically fix vulnerabilities.
-
The sales CRM that makes your life easy, so all you have to do is sell.Welcome to the simpler way to sell. Pipedrive is CRM software that makes your life easy, for less legwork and more sales. Let us track your sales conversations, eliminate admin tasks, get you more leads and uncover how you win, because your day belongs to you. Join more than 100,000 sales teams around the world that use the CRM rated #1 by SoftwareReviews in 2019. Start your free 14-day trial and get full access – no credit card needed.
-
1
coan
"The C preprocessor chainsaw"
Coan is a software engineering tool for analysing preprocessor-based configurations of C or C++ source code. Its principal use is to simplify a body of source code by eliminating any parts that are redundant with respect to a specified configuration. -
2
Web Application Protection
Tool to detect and correct vulnerabilities in PHP web applications
WAP automatic detects and corrects input validation vulnerabilities in web applications written in PHP Language (version 4.0 or higher) and with a low rate of false positives. WAP detects the following vulnerabilities: - SQL injection using MySQL, PostgreSQL and DB2 DBMS - Reflected cross-site scripting (XSS) - Stored XSS - Remote file inclusion - Local file inclusion - Directory traversal - Source code disclosure - OS command injection - PHP code injection WAP is a static analysis tool that performs taint analysis to detect vulnerabilities, tracking malicious users inputs and checking if they reach calls of sensitive functions. It has a low rate of false positives because has implemented a data mining module to predict false positives when detects vulnerabilities. The output of the tool is: - shows the vulnerabilities found and how they are corrected - new files with the corrections -
3
A general purpose source code indexer and cross-referencer that provides web-based browsing of source code with links to the definition and usage of any identifier. Supports multiple languages. Up-to-date information in http://lxr.sourceforge.net
-
4
PASTE
An app for storing code, text & more. A popular Open Source pastebin.
Paste is a PHP application for storing code, text and more. DEMO: https://paste.boxlabs.uk/ Initially forked from the freely available source pastebin.com used before the domain was sold in 2010, lots of improvements have been included over the years such as user accounts and a featureful administration backend. See https://github.com/boxlabss/PASTE/blob/master/docs/CHANGELOG.md -
JS7 JobScheduler is an open source workload automation solution.JS7 JobScheduler is an open source workload automation solution. It is used to run executable files, shell scripts etc. and database procedures.
-
5
Angular ESLint
Monorepo for all the tooling related to using ESLint with Angular
Monorepo for all the tooling which enables ESLint to lint Angular projects. Follow the latest Getting Started guide on angular.io in order to install the Angular CLI. Create a new Angular CLI workspace in the normal way, optionally using any of the supported command line arguments and following the interactive prompts. As well as installing all relevant dependencies, the ng add command will automatically detect that you have a workspace with a single project in it, which does not have a linter configured yet. It can therefore go ahead and wire everything up for you! -
6
Cross Platform Node Guide
Improve front-end engineer workflow & standard, powered by TypeScript
A command-line tool aims to improve front-end engineer workflow and standards, powered by Node.js. Feflow (pronounced /ˈfefləʊ/) is a front-end flow and rule tool to improve engineering efficiency., and is hosted on Github: feflow. At present, it has been used in many applications, such as Now, Huayang Live, Huayang Friends, Mobile QQ Near Hand, Group Video, Group Gift, Huiyin, Tencent Myapp, Penguins and etc. With 80+ WEB/IOS/Andriod stable users, the cumulative production project reached 240+. Feflow refers to the thinking of Pipeline and divides work into five steps: init, develop, build, test, deploy. And corresponding to five basic commands: init, dev, build, test, and deploy. In addition to serving basic development workflows and specifications, Feflow provides an easy-to-expand plug-in mechanism for creating a team-wide toolchain ecosystem. Feflow only provides a CLI and kernel. The CLI is responsible for interacting with the command line terminal. -
7
Infer
A static analyzer for Java, C, C++, and Objective-C
Infer is a static analysis tool - if you give Infer some Java or C/C++/Objective-C code it produces a list of potential bugs. Anyone can use Infer to intercept critical bugs before they have shipped to users, and help prevent crashes or poor performance. Infer checks for null pointer exceptions, resource leaks, annotation reachability, missing lock guards, and concurrency race conditions in Android and Java code. Infer checks for null pointer dereferences, memory leaks, coding conventions and unavailable API’s. Start with the Getting Started guide and our other docs to download and try Infer yourself. Infer is still evolving, and we want to continue to develop it in the open. We hope it will be useful for other projects, so please try it out or contribute to it, join the community and give us feedback! -
8
JSHint
A tool that helps to detect errors and in your JavaScript code
JSHint is a community-driven tool that detects errors and potential problems in JavaScript code. Since JSHint is so flexible, you can easily adjust it in the environment you expect your code to execute. JSHint is publicly available and will always stay this way. The project aims to help JavaScript developers write complex programs without worrying about typos and language gotchas. Any code base eventually becomes huge at some point, so simple mistakes, that would not show themselves when written, can become show stoppers and add extra hours of debugging. So, static code analysis tools come into play and help developers spot such problems. JSHint scans a program written in JavaScript and reports about commonly made mistakes and potential bugs. The potential problem could be a syntax error, a bug due to an implicit type conversion, a leaking variable, or something else entirely. -
9
OpenCover
Code coverage tool for .NET 2 and above
OpenCover is a free and open source code coverage tool for .NET 2 and above (Windows OSs only - no MONO), with support for 32 and 64 processes and covers both branch and sequence points. It uses the profiler API that is currently only available to .NET Frameworks running on the Windows platform. OpenCover is an attempt at building a code coverage utility that addresses certain issues in maintaining PartCover support for 64-bit processes. -
Apify is a full-stack web scraping and automation platform helping anyone get value from the web.Actors are serverless cloud programs that extract data, automate web tasks, and run AI agents. Developers build them using JavaScript, Python, or Crawlee, Apify's open-source library. Build once, publish to Store, and earn when others use it. Thousands of developers do this - Apify handles infrastructure, billing, and monthly payouts.
-
10
PHP Depend
PHP_Depend is an adaptation of the established Java development tool
PHP_Depend is an adaptation of the established Java development tool JDepend. This tool shows you the quality of your design in terms of extensibility, reusability and maintainability. The maintainers of PHP Depend and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. -
11
PromiseKit
Promises for Swift & ObjC
Promises simplify asynchronous programming, freeing you up to focus on the more important things. They are easy to learn, easy to master and result in clearer, more readable code. Your co-workers will thank you. PromiseKit is a thoughtful and complete implementation of promises for any platform that has a swiftc. It has excellent Objective-C bridging and delightful specializations for iOS, macOS, tvOS and watchOS. It is a top-100 pod used in many of the most popular apps in the world. We are testing PromiseKit 7 alpha, it is Swift 5 only. It is tagged and thus importable in all package managers. PromiseKit 6, 5 and 4 support Xcode 8.3, 9.x and 10.0; Swift 3.1, 3.2, 3.3, 3.4, 4.0, 4.1, 4.2, 4.3 and 5.0 (development snapshots); iOS, macOS, tvOS, watchOS, Linux and Android; CocoaPods, Carthage and SwiftPM; (CI Matrix). For Carthage, SwiftPM, Accio, etc., or for instructions when using older Swifts or Xcodes, see our Installation Guide. We recommend Carthage or Accio. -
12
Static Analysis Tools for PHP
Docker image that provides static analysis tools for PHP
Docker image providing static analysis tools for PHP. The list of available tools and the installer is actually managed in the jakzal/toolbox repository. Docker image with quality analysis tools for PHP. To run the selected tool inside the container, you'll need to mount the project directory on the container with -v "$(pwd):/project". Some tools like to write to the /tmp directory (like PHPStan, or Behat in some cases), therefore it's often useful to share it between docker runs, i.e. with -v "$(pwd)/tmp-phpqa:/tmp". If you want to be able to interrupt the selected tool if it takes too much time to complete, you can use the --init option. Some tools are not included in the docker image, to use them refer to their documentation. Provides utilities to report legacy tests and usage of deprecated code. -
13
elasticsearc-php
PHP low-level client for Elasticsearch
Introducing Elasticsearch DSL library to provide objective query builder for Elasticsearch bundle and elasticsearch-php client. You can easily build any Elasticsearch query and transform it to an array. This agnostic package is a lightweight wrapper on top of the Elasticsearch PHP client. Its main goal is to allow for easier structuring of queries and indices in your application. It does not want to hide or replace the functionality of the Elasticsearch PHP client. Feature complete, object oriented, composable, extendable Elasticsearch query DSL builder for PHP. Deliberately built to be as simple as possible, easily usable and with explicit naming. Elasticsearch Bundle was created in order to serve the need for professional Elasticsearch integration with enterprise level Symfony 2 systems. Automatically generate mappings using a serializer. Listeners for Doctrine events for automatic indexing. -
14
eslint-plugin-jsx-a11y
Static AST checker for a11y rules on JSX elements
Static AST checker for accessibility rules on JSX elements. This plugin does a static evaluation of the JSX to spot accessibility issues in React apps. Because it only catches errors in static code, use it in combination with axe-core/react to test the accessibility of the rendered DOM. Consider these tools just as one step of a larger a11y testing process and always test your apps with assistive technology. If you installed ESLint globally (using the -g flag in npm, or the global prefix in yarn) then you must also install eslint-plugin-jsx-a11y globally. To enable your custom components to be checked as DOM elements, you can set global settings in your configuration file by mapping each custom component name to a DOM element type. Enforce all elements that require alternative text have meaningful information to relay back to the end user. -
15
node-rs
Node.js bindings Rust crates
When Node.js meets Rust. Make rust crates binding to Node.js use napi-rs. -
16
prettier standard
Formats with Prettier and lints with ESLint+Standard!
Formats with prettier (actually prettierx) and lints with eslint preconfigured with standard rules. You don't have to fix any whitespace errors and waste time configuring eslint presets. Prettier-standard is best used with the prettier-standard --lint command which formats and lints all non-ignored files in the repository. -
17
reviewdog
Automated code review tool integrated with any code analysis tools
I’d like to introduce reviewdog! An automated code review tool working with any lint tools and supports local run as well. “reviewdog” provides a way to post review comments to code hosting services, such as GitHub, automatically by integrating with any linter tools with ease. It uses any output of lint tools, with translation if required, and posts them as a comment if the file and line are in diff of patches to review. reviewdog also supports running in a local environment to filter the output of lint tools by diff. We can use various linters and static code analysis tools to detect such problems in local machines, editors, CI services. However, here is the problem. Static analysis tools may report false-positive results. Reporting false-positive results itself is ok, but due to the false-positive results we cannot make build fail and it becomes difficult for us to find true positive results from messed up analysis results. -
18
vim‑javascript
Vastly improved Javascript indentation and syntax support in Vim
vim‑javascript is a Vim bundle enhancing JavaScript editing by providing advanced syntax highlighting, indentation, and support for modern JavaScript constructs through enhanced syntax files. Enables some additional syntax highlighting for NGDocs. Requires JSDoc plugin to be enabled as well. You can customize concealing characters, if your font provides the glyph you want, by defining one or more variables. Distributed under the same terms as Vim itself. Vastly improved JavaScript indentation and syntax support in Vim. -
19
vscode-pull-request-github
GitHub Pull Requests for Visual Studio Code
This extension allows you to review and manage GitHub pull requests and issues in Visual Studio Code. The support includes authenticating and connecting VS Code to GitHub. GitHub Enterprise is supported by the community, please see this PR for how to set it up. Listing and browsing PRs from within VS Code. Reviewing PRs from within VS Code with in-editor commenting. Validating PRs from within VS Code with easy checkouts. Terminal integration that enables UI and CLIs to co-exist. Listing and browsing issues from within VS Code. Hover cards for "@" mentioned users and for issues. Completion suggestions for users and issues. A "Start working on issue" action which can create a branch for you. Code actions to create issues from "todo" comments. -
20
A drop-in replacement for the src.zip shipped with Oracle Java 7, that contains sources to all Java classes that are shipped or generated by the OpenJDK project (the official src.zip only covers public classes), plus tools to generate it.
-
21
AdaControl
Ada source code controller
A tool that detects the use of many constructs in Ada programs. Use it to control style or programming rules, but also as a powerful tool to search for use (or non-use) of various forms of programming styles or design patterns. -
22
UCDetector
Eclipse Plugin to find unused Java code
UCDetector (Unnecessary Code Detector) is a Open Source Eclipse Plugin Tool. UCDetector finds unnecessary (dead) public Java code. It suggests to make code final, protected or private. -
23
Project Line Counter (QtCreator Plugin)
Plugin for Qt Creator IDE
This plugin adds info string to the Qt Creator Editor toolbar that counts lines in the current file and whole project if pro-file opened. Required Qt Creator 3.4.0. If you use Qt Creator above 3.4.0 version - download source files and follow the instructions in README (Part 1: MAKING FROM SOURCE). Check README for installation and building instructions. v.0.9.4 2015-04-09 * Ported to Qt5 and QtCreator 3.4.0 rc1. * Internationalization added. * Russian translation added. * Fixed zero project lines count at the begining Qt Creator session. * Minor tests improvements. -
24
JSCover
JSCover - JavaScript code coverage
JSCover is a tool that measures code coverage for JavaScript programs. It is an enhanced Java implementation of the excellent JSCoverage tool. -
25
Diff-ext is an extension for filemanagers such as Windows Explorer and Nautilus that allows to launch diff/merge tools on selected files.
