Search Results for "clang static analyzer"
Sort By:
Showing 54 open source projects for "clang static analyzer"
View related business solutions-
Custom VMs From 1 to 96 vCPUs With 99.95% UptimeLive migration and automatic failover keep workloads online through maintenance. One free e2-micro VM every month.
-
$300 in Free Credit Towards Top Cloud ServicesStart your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale.
-
1
CodeChecker
CodeChecker is an analyzer tooling, defect database
CodeChecker is a static analysis infrastructure built on the LLVM/Clang Static Analyzer toolchain, replacing scan-build in a Linux or macOS (OS X) development environment. Executes Clang-Tidy and Clang Static Analyzer with Cross-Translation Unit analysis, Statistical Analysis (when checkers are available). Creates the JSON compilation database by wiretapping any build process (e.g., CodeChecker log -b "make"). -
2
JS Analyzer
Burp Suite extension for JavaScript static analysis
JS Analyzer is a powerful static analysis tool implemented as a Burp Suite extension that helps security researchers and web developers automatically uncover important artifacts in JavaScript files during web application testing. It parses JavaScript responses intercepted by Burp Suite and intelligently extracts API endpoints, full URLs (including cloud storage links), secrets like API keys or tokens, and email addresses while filtering out noise from irrelevant code patterns. ... -
3
F·W·K
3D game engine/framework in C, with Luajit and Python bindings now
3D game framework in C, with Luajit and Python bindings now. -
4
Phan
Phan is a static analyzer for PHP
Phan is a static analyzer for PHP. Phan prefers to avoid false positives and attempts to prove incorrectness rather than correctness. Phan looks for common issues and will verify type compatibility on various operations when type information is available or can be deduced. Phan has a good (but not comprehensive) understanding of flow control and can track values in a few use cases (e.g. arrays, integers, and strings). -
AI-powered service management for IT and enterprise teamsGive your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.
-
5
RuboCop
A Ruby static code analyzer and formatter, based on the community Ruby
RuboCop is a Ruby static code analyzer (a.k.a. linter) and code formatter. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide. RuboCop packs a lot of features on top of what you’d normally expect from a linter. Works with every major Ruby implementation. Autocorrection of many of the code offenses it detects. -
6
SonarJS
SonarSource Static Analyzer for JavaScript and TypeScript
This SonarSource project is a static code analyzer for JavaScript, TypeScript and CSS languages. In order to analyze JavaScript, TypeScript or CSS code, you need to have a supported version of Node.js installed on the machine running the scan. Recommended versions are the previous LTS version v14 and the latest version - v16. We recommend using the latest available LTS version (v16 as of today) for optimal stability and performance. v12 is still supported, but it already reached end-of-life and is deprecated. ... -
7
pytype
A static type analyzer for Python code
pytype is a static type analyzer that checks and infers types for Python code without executing it, catching errors at “compile time” and generating actionable diagnostics. It grew alongside Python typing at Google and can understand both inline annotations and unannotated code via powerful inference. The tool consumes stub files (.pyi) for the standard library and third-party packages (from typeshed and its own built-ins), enabling accurate checks even in large, mixed-quality codebases. ... -
8
Cosmopolitan
Build-once run-anywhere c library
Cosmopolitan Libc makes C a build-once run-anywhere language, like Java, except it doesn't need an interpreter or virtual machine. Instead, it reconfigures stock GCC and Clang to output a POSIX-approved polyglot format that runs natively on Linux + Mac + Windows + FreeBSD + OpenBSD + NetBSD + BIOS with the best possible performance and the tiniest footprint imaginable. Cosmopolitan can be compiled from source on any Linux distro. GNU make needs to be installed beforehand. This is a freestanding hermetic repository that bootstraps using a vendored static gcc9 executable. ... -
9
The LLVM Compiler Infrastructure
Collection of modular and reusable compiler and toolchain technologies
The LLVM Project is a collection of modular and reusable compiler and toolchain technologies. Despite its name, LLVM has little to do with traditional virtual machines. LLVM began as a research project at the University of Illinois, with the goal of providing a modern, SSA-based compilation strategy capable of supporting both static and dynamic compilation of arbitrary programming languages. Since then, LLVM has grown to be an umbrella project consisting of a number of subprojects, many of... -
AI-generated apps that pass security reviewRetool lets you generate dashboards, admin panels, and workflows directly on your data. Type something like “Build me a revenue dashboard on my Stripe data” and get a working app with security, permissions, and compliance built in from day one. Whether on our cloud or self-hosted, create the internal software your team needs without compromising enterprise standards or control.
-
10
Infer
A static analyzer for Java, C, C++, and Objective-C
Infer is a static analysis tool - if you give Infer some Java or C/C++/Objective-C code it produces a list of potential bugs. Anyone can use Infer to intercept critical bugs before they have shipped to users, and help prevent crashes or poor performance. Infer checks for null pointer exceptions, resource leaks, annotation reachability, missing lock guards, and concurrency race conditions in Android and Java code. Infer checks for null pointer dereferences, memory leaks, coding conventions... -
11
Code Quality and Security for Java
SonarSource Static Analyzer for Java Code Quality and Security
Hundreds of unique rules to find Java bugs, code smells & vulnerabilities. Sonar static analysis helps you build and maintain high-quality Java code. Covering popular build systems, standards and versions, Sonar elevates your coding game while keeping vulnerabilities at bay. With each Java version, we create dedicated rules so you learn shiny, new features and avoid pitfalls. Consistently find tricky, hard-to-spot issues in your regular expressions. Allow you to effortlessly repair your Java... -
12
Slither
Static Analyzer for Solidity
Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses. Slither is the first open-source static analysis framework for Solidity. Slither is fast and precise; it can find real vulnerabilities in a few seconds... -
13
Pylint
It's not just a linter that annoys you!
Pylint is a static code analyzer for Python 2 or 3. The latest version supports Python 3.7.2 and above. Pylint analyses your code without actually running it. It checks for errors, enforces a coding standard, looks for code smells, and can make suggestions about how the code could be refactored. Projects that you might want to use alongside pylint include flake8 (faster and simpler checks with very few false positives), mypy, pyright or pyre (typing checks), bandit (security-oriented checks), black and isort (auto-formatting), autoflake (automated removal of unused import or variable), pyupgrade (automated upgrade to newer python syntax) and pydocstringformatter (automated pep257). ... -
14
Code Quality and Security for C#
Code analyzer for C# and VB.NET projects
Sonar offers a single cohesive solution with a consistent set of metrics and hundreds of static analysis rules to detect your coding issues early. Plus fast and high-precision analysis means high value, low noise, and reliable results always. A single solution for dozens of popular languages, development frameworks and IaC platforms. Our powerful language-specific analysis not only detects coding issues but also helps you understand what's wrong and how to fix it. Our publicly available... -
15
Simd Library
C++ image processing and machine learning library with using of SIMD
...In particular, the library supports the following CPU extensions: SSE, AVX, AVX-512, and AMX for x86/x64, and NEON for ARM. The Simd Library has C API and also contains useful C++ classes and functions to facilitate access to C API. The library supports dynamic and static linking, 32-bit and 64-bit Windows and Linux, MSVS, G++ and Clang compilers, MSVS projects, and CMake build systems. -
16
TOTVS Developer Studio para VSCode
Totvs Developer Studio for vscode
The TOTVS Developer Studio for VS Code extension provides a development suite for the Protheus/Logix ecosystem. Using the LSP ( Language Server Protocol ) and DAP ( Debug Adapter Protocol ) communication protocols , both widely used and extensible to other IDEs on the market, such as Atom, Visual Studio, Eclipse, Eclipse Theia, Vim and Emacs. When starting VS Code with the TDS-VSCode extension installed, open (or create) the main folder that contains (or will contain) your source and... -
17
pmd
An extensible multilanguage static code analyzer
PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, PLSQL, Apache Velocity, XML, and XSL. Additionally, it includes CPD, the copy-paste-detector. CPD finds duplicated code in Java, C, C++, C#, Groovy, PHP, Ruby, Fortran, JavaScript, PLSQL, Apache Velocity, Scala, Objective C, Matlab, Python, Go, Swift and Salesforce.com Apex,... -
18
doctest
Fastest feature-rich C++11/14/17/20 single-header testing framework
doctest is a new C++ testing framework but is by far the fastest both in compile times (by orders of magnitude) and runtime compared to other feature-rich alternatives. It brings the ability of compiled languages such as D / Rust / Nim to have tests written directly in the production code thanks to a fast, transparent and flexible test runner with a clean interface. The framework is and will stay free but needs your support to sustain its development. There are lots of new features and... -
19
PlatformIO Core
Professional collaborative platform for embedded development
PlatformIO is a professional collaborative platform for embedded development. A place where Developers and Teams have true Freedom! No more vendor lock-in! A user-friendly and extensible integrated development environment with a set of professional development instruments, providing modern and powerful features to speed up yet simplify the creation and delivery of embedded products. A lightweight but powerful cross-platform source code editor. Smart code completions are based on variable... -
20
EMBA
The firmware security analyzer
EMBA is designed as the central firmware analysis tool for penetration testers and product security teams. It supports the complete security analysis process starting with firmware extraction, doing static analysis and dynamic analysis via emulation and finally generating a web report. EMBA automatically discovers possible weak spots and vulnerabilities in firmware. Examples are insecure binaries, old and outdated software components, potentially vulnerable scripts, or hard-coded passwords.... -
21
Application Inspector
A source code analyzer built for surfacing features of interest
Microsoft Application Inspector is a software source code characterization tool that helps identify coding features of first or third party software components based on well-known library/API calls and is helpful in security and non-security use cases. It uses hundreds of rules and regex patterns to surface interesting characteristics of source code to aid in determining what the software is or what it does from what file operations it uses, encryption, shell operations, cloud API's,... -
22
libgit2
A cross-platform, portable, linkable Git implementation library
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language which supports C bindings. Libgit2 is developed with CMake, and this is be the easiest way to build a binary from the source. The CMake build system provides lots of options to configure the libgit2 build for your particular needs. It’s highly recommended that you build libgit2 as a static... -
23
AWStats
AWStats Log Analyzer
AWStats is a free powerful and featureful server logfile analyzer that shows you all your Web/Mail/FTP statistics including visits, unique visitors, pages, hits, rush hours, os, browsers, search engines, keywords, robots visits, broken links and more -
24
Gnu Tools
Unix Tools For Windows
CodeBlocks With A full development environment. Took a while but CodeBlocks is now upto speed and in sync with the current release version. New version of CodeBlocks supports XML based configuration, so users can do specialized compiler support if needed. Changed away from the old Msys in favor of Msys2 which has better support for a lot of things like miktex. Old package is still there if you still need it but wont be developed on anymore. Loads of modifications compared to the... -
25
GIXY
Nginx configuration static analyzer
Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection. Currently supported Python versions are 2.7, 3.5, 3.6 and 3.7. Gixy is well tested only on GNU/Linux, other OSs may have some issues. You can find things that Gixy is learning to detect at Issues labeled with "new plugin". By default Gixy will try to analyze Nginx configuration placed in /etc/nginx/nginx.conf. Or something else, you can find all other gixy...
