Open Source Source Code Analysis Tools
Sort By:
Source Code Analysis Tools
View 5964 business solutionsBrowse free open source Source Code Analysis tools and projects below. Use the toggles on the left to filter open source Source Code Analysis tools by OS, license, language, programming language, and project status.
-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
1
tkdiff
Side-by-side diff viewer, editor and merge preparer
tkdiff is a graphical front end to the diff program. It provides a side-by-side view of the differences between two text files, along with several innovative features such as diff bookmarks, a graphical map of differences for quick navigation, and a facility for slicing diff regions to achieve exactly the merge output desired. -
2
SonarQube
Continuous inspection
SonarQube empowers all developers to write cleaner and safer code. Thousands of automated Static Code Analysis rules, protecting your app on multiple fronts, and guiding your team. Catch tricky bugs to prevent undefined behavior from impacting end-users. Fix vulnerabilities that compromise your app, and learn AppSec along the way with Security Hotspots. Make sure your codebase is clean and maintainable, to increase developer velocity! We embrace progress - whether it's multi-language applications, teams composed of different backgrounds or a workflow that's a mix of modern and legacy, SonarQube has you covered. SonarQube fits with your existing tools and pro-actively raises a hand when the quality or security of your codebase is at risk. SonarQube can analyse branches of your repo, and notify you directly in your Pull Requests! -
3
Eclipse Checkstyle Plug-in
Integrates Checkstye into the Eclipse IDE
The Eclipse Checkstyle plug-in integrates the Checkstyle Java code auditor into the Eclipse IDE. The plug-in provides real-time feedback to the user about violations of rules that check for coding style and possible error prone code constructs. -
4
VisualCodeGrepper V2.3.2
Code security review tool for C/C++, C#, VB, PHP, Java, PL/SQL, COBOL.
VCG is an automated code security review tool for C++, C#, VB, PHP, Java, PL/SQL and COBOL, which is intended to speed up the code review process by identifying bad/insecure code. New beta functionality has been added for R. It has a few features that should make it useful. In addition to performing some more complex checks it also has a config file for each language that basically allows you to add any bad functions (or other text) that you want to search for. It attempts to find phrases within comments that can indicate broken code and it provides stats and a pie chart (for the entire codebase and for individual files) showing relative proportions of code, whitespace, comments, 'ToDo'-style comments and bad code. I've tried to produce something which searches intelligently for buffer overflows and signed/unsigned comparison in C, violations of OWASP recommendations in Java code, etc. Current version: 2.3.2 -
Go from Code to Production URL in SecondsSkip the Kubernetes configs. Cloud Run handles HTTPS, scaling, and infrastructure automatically. Two million requests free per month.
-
5
Roslyn
The .NET Compiler Platform
Roslyn provides rich, code analysis APIs to open source C# and Visual Basic compilers. This enables you to access a wealth of information about your code from compilers, which you can then use for code-related tasks in your tools and applications. Roslyn dramatically lowers the barrier to entry for creating code-focused tools and applications, creating many opportunities for innovation. -
6
Flow
A static type checker for JavaScript
Flow is a static type checker for JavaScript. It was designed to help improve code quality and developer productivity. It does this through several smart capabilities. First, it identifies problems as you code, so you no longer have to waste time guessing and checking again and again. Second, it understands your code and makes its knowledge available, allowing you to build other smart tools on top of it. Third, it helps you refactor safely so you can focus on the changes you want to make and not on what you might break. Lastly, it can help prevent bad rebases and protect your carefully designed library, which is especially relevant when working with a large group of developers. Flow integrates with many tools, so you can easily and seamlessly insert it into your existing workflow and toolchain. -
7
Pylint
It's not just a linter that annoys you!
Pylint is a static code analyzer for Python 2 or 3. The latest version supports Python 3.7.2 and above. Pylint analyses your code without actually running it. It checks for errors, enforces a coding standard, looks for code smells, and can make suggestions about how the code could be refactored. Projects that you might want to use alongside pylint include flake8 (faster and simpler checks with very few false positives), mypy, pyright or pyre (typing checks), bandit (security-oriented checks), black and isort (auto-formatting), autoflake (automated removal of unused import or variable), pyupgrade (automated upgrade to newer python syntax) and pydocstringformatter (automated pep257). Pylint isn't smarter than you: it may warn you about things that you have conscientiously done or checks for some things that you don't care about. During adoption, especially in a legacy project where pylint was never enforced. -
8
Static Analysis Tools for PHP
Docker image that provides static analysis tools for PHP
Docker image providing static analysis tools for PHP. The list of available tools and the installer is actually managed in the jakzal/toolbox repository. Docker image with quality analysis tools for PHP. To run the selected tool inside the container, you'll need to mount the project directory on the container with -v "$(pwd):/project". Some tools like to write to the /tmp directory (like PHPStan, or Behat in some cases), therefore it's often useful to share it between docker runs, i.e. with -v "$(pwd)/tmp-phpqa:/tmp". If you want to be able to interrupt the selected tool if it takes too much time to complete, you can use the --init option. Some tools are not included in the docker image, to use them refer to their documentation. Provides utilities to report legacy tests and usage of deprecated code. -
9
Sentry
Cross-platform application monitoring and error tracking software
Sentry is a cross-platform, self-hosted error monitoring solution that helps software teams discover, monitor and fix errors in real-time. The most users and logs will have to provide are the clues, and Sentry provides the answers. Sentry offers enhanced application performance monitoring through information-laden stack traces. It lets you build better software faster and more efficiently by showing you all issues in one place and providing the trail of events that lead to errors. It also provides real-time monitoring and data visualization through dashboards. Sentry’s server is in Python, but its API enables for sending events from any language, in any application. More than fifty-thousand companies already ship better software faster thanks to Sentry; let yours be one of them! -
Train ML Models With SQL You Already KnowBuild and deploy ML models using familiar SQL. Automate data prep with built-in Gemini. Query 1 TB and store 10 GB free monthly.
-
10
Asm-Dude
Visual Studio extension for syntax highlighting assembly
Visual Studio extension for assembly syntax highlighting and code completion in assembly files and the disassembly window. Assembly syntax highlighting and code assistance for assembly source files and the disassembly window for Visual Studio 2015, 2017 and 2019. This extension can be found in the visual studio extensions gallery or download latest installer AsmDude.vsix (v1.9.6.14). If assembly is too much of a hassle but you still want access to specific machine instructions, consider Intrinsics-Dude. The instruction sets of the x86 and the x64, but also SSE, AVX, AVX2, Xeon-Phi (Knights Corner) instructions with their descriptions are provided. Most of the regularly used Masm directives are supported and some Nasm directives. If you are not happy with highlighting or the descriptions. Mnemonics and descriptions can be added and changed by updating the AsmDudeData.xml file that will be stored next to the binaries when installing the plugin (.vsix). -
11
HTMLHint
The static code analysis tool you need for your HTML
Static code analysis tool you need for your HTML. By default, htmlhint looks for a .htmlhintrc file in the current directory and all parent directories and applies its rules when parsing a file. -
12
PHP_CodeSniffer
Tokenize PHP files and detects violations of coding standards
PHP_CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP_CodeSniffer is an essential development tool that ensures your code remains clean and consistent. PHP_CodeSniffer requires PHP version 5.4.0 or greater, although individual sniffs may have additional requirements such as external applications and scripts. See the Configuration Options manual page for a list of these requirements. If you're using PHP_CodeSniffer as part of a team, or you're running it on a CI server, you may want to configure your project's settings using a configuration file. If you use PEAR, you can install PHP_CodeSniffer using the PEAR installer. This will make the phpcs and phpcbf commands immediately available for use. -
13
SonarJS
SonarSource Static Analyzer for JavaScript and TypeScript
This SonarSource project is a static code analyzer for JavaScript, TypeScript and CSS languages. In order to analyze JavaScript, TypeScript or CSS code, you need to have a supported version of Node.js installed on the machine running the scan. Recommended versions are the previous LTS version v14 and the latest version - v16. We recommend using the latest available LTS version (v16 as of today) for optimal stability and performance. v12 is still supported, but it already reached end-of-life and is deprecated. If node is not available in the PATH, you can use property sonar.nodejs.executable to set an absolute path to Node.js executable. If you have a community plugin for CSS analysis installed on your SonarQube instance it will conflict with the analysis of CSS, so it should be removed. -
14
Code Climate CLI
Code Climate CLI
Align initiatives with strategic priorities, accelerate software delivery, and drive continuous improvement with the leading Engineering Intelligence Solution. Software development teams used to operate in the dark, forced to make decisions based on gut feel and anecdotes, causing friction, creating silos, and leading to mediocre outcomes. Today, forward-thinking engineering leaders leverage data-driven insights to build a culture of trust and high performance. Align on business priorities with improved transparency across every level of your organization, and ensure optimal resource allocation for your engineering teams. Deliver high-quality code quickly and consistently to achieve true Continuous Delivery and out-innovate your competition. Improve your team’s processes and engineering skills to create a high-performance culture, boost pipeline efficiency, and increase employee engagement. code climate is a command-line interface for the Code Climate analysis platform. -
15
Feflow
How to write cross-platform Node.js code
How to write cross-platform Node.js code. Why you should care: according to the 2018 Node.js user survey, 24% of Node.js developers use Windows locally and 41% use Mac. In production, 85% use Linux and 1% use BSD. Installers for each major OS are available on the Node.js website. To install, switch and update Node.js versions nvm can be used on Linux/Mac. It does not support Windows but nvm-windows, nvs and ps-nvm (for PowerShell) are alternatives that do. nve can be used to run a single command with one or several different Node.js versions. nvexeca can be used to do the same programmatically. The character encoding can be specified using an encoding option with most relevant Node.js core methods. While ASCII characters display correctly on all terminals, this is not the case for all characters. -
16
Semantic
Parsing, analyzing, and comparing source code across many languages
semantic is a Haskell library and command line tool for parsing, analyzing, and comparing source code. Run semantic --help for complete list of up-to-date options. Semantic uses tree-sitter to generate parse trees, but layers in a more generalized notion of syntax terms across all supported programming languages. We'll see why this is important when we get to diffs and program analysis, but for now let's just inspect some output. It helps to have a simple program to parse. Symbols are named identifiers driven by the ASTs. This is the format that github.com uses to generate code navigation information allowing c-tags style lookup of symbolic names for fast, incremental navigation in all the supported languages. The incremental part is important because files change often so we want to be able to parse just what's changed and not have to analyze the entire project again. -
17
SimpleCov
Code coverage for Ruby with a powerful configuration library
Code coverage for Ruby with a powerful configuration library and automatic merging of coverage across test suites. SimpleCov is a code coverage analysis tool for Ruby. It uses Ruby's built-in Coverage library to gather code coverage data, but makes processing its results much easier by providing a clean API to filter, group, merge, format, and display those results, giving you a complete code coverage suite that can be set up with just a couple lines of code. SimpleCov/Coverage track covered ruby code, gathering coverage for common templating solutions like erb, slim and haml is not supported. In most cases, you'll want overall coverage results for your projects, including all types of tests, Cucumber features, etc. SimpleCov automatically takes care of this by caching and merging results when generating reports, so your report actually includes coverage across your test suites and thereby gives you a better picture of blank spots. -
18
diff-so-fancy
Make your diffs human readable instead of machine readable
diff-so-fancy strives to make your diffs human readable instead of machine readable. This helps improve code quality and helps you spot defects faster. diff-so-fancy is also available from NPM, Nix, brew, and as a package on Arch and Debian Linux. Windows users may need to install MinGW or the Windows subsystem for Linux. By default, the separator for the file header uses Unicode line-drawing characters. If this is causing output errors on your terminal, set this to false to use ASCII characters instead. By default, the separator for the file header spans the full width of the terminal. Use this setting to set the width of the file header manually. Pull requests are quite welcome, and should target the next branch. You can simplify git header chunks to a more human readable format. We are also looking for any feedback or ideas on how to make diff-so-fancy even fancier. -
19
FTP LiveSync
Remote code synchronization tool
Livesync allows edit server side scripts on the fly by modifying its local copy. basically it's a ftp client which can monitor changes in filesystem and upload modified file to remote server. -
20
CSS Scanner
CSS Scanner helps you clean and tidy up your css/stylesheet
CSS Scanner scans your projects (HTML, ASPX, PHP, JavaScript, jQuery) use of css classes and selectors and compares it to your CSS/stylesheet files. It then lists you those CSS selectors and classes that are not used or not defined and those which are used. This way it helps you get an overview of your CSS/stylesheet definitions and lets you easily clean them up. There's a precompiled .msi installer for Windows avaliable for download. Just install and find CSS Scanner in your start menu folder "CSS Scanner". Click on the info icons of the GUI if you need help. -
21
CodeCounter
Recursive source code line counter for C, BASIC, and web files.
Recursively count lines of source code and comments through files and sub-directories. Created to parse entire projects rather than individual files. C, BASIC, and web files (general) supported. -
22
CoFlo
C and C++ control flow graph generator and analyzer
CoFlo generates Control-Flow Graphs from C and C++ source code. It can then output the graphs in a number of ways and perform various control flow analyses. NOTE: CoFlo has not been under active development for several years. At this time, I suggest you look into LLVM-based tooling to see if there is anything similar to CoFlo which will meet your needs. -
23
CvsChangelogBuilder is an utility to generate advanced, differential and/or graphical changelogs, for a project hosted on a CVS server (CVS change log). It provides a better output than the 'cvs log' command, and accept a lot of options.
-
24
1st.global_site
torrents test
upload/donwload/fun -
25
AdLint
Open source and free source code static analyzer
AdLint is a source code static analyzer. It can point out insecure or nonportable code fragments, and can measure various quality metrics of the source code. It (currently) can analyze source code compliant with ANSI C89 / ISO C90 and partly ISO C99. AdLint is written in Ruby. So, it is available for Windows, Mac OS X, GNU/Linux, FreeBSD and any other platforms supported by Ruby.
