#1
Tfsec is now part of Trivy
7.0K starsMar 25, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add aquasecurity/tfsecAlternatives
Checkov alternatives for AI agents.
Compare similar skills by workflow fit, trust score, quality, GitHub adoption, maintenance, and install readiness.
Current skill
Checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
100
Quality
100
Trust
8.8K
Stars
#2
It's not just a linter that annoys you!
5.7K starsJun 6, 2026 pushdevelopmentPythonStatic Analysis
$ npx skills add pylint-dev/pylint#3
Interactive architecture diagrams for codebases
2.1K starsJun 6, 2026 pushdevelopmentPythonStatic Analysis
$ npx skills add CodeBoarding/CodeBoarding#4
A tool to enforce Swift style and conventions.
20K starsJun 6, 2026 pushdevelopmentSwiftStatic Analysis
$ npx skills add realm/SwiftLint#5
A vulnerability scanner for container images and filesystems
12K starsJun 5, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add anchore/grype#6
Program for determining types of files for Windows, Linux and MacOS.
11K starsJun 6, 2026 pushdevelopmentJavaScriptStatic Analysis
$ npx skills add horsicq/Detect-It-Easy#7
Build, Manage and Deploy AI/ML Systems
10K starsJun 5, 2026 pushdevelopmentPythonLLMOps
$ npx skills add Netflix/metaflow#8
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
9.1K starsJun 8, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add anchore/syft#9
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
8.9K starsJun 8, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add checkstyle/checkstyle#10
Static code analysis for Kotlin
7.0K starsJun 5, 2026 pushdevelopmentKotlinStatic Analysis
$ npx skills add detekt/detekt#11
A PHP static analysis tool for finding errors and security vulnerabilities in PHP applications
5.8K starsJun 8, 2026 pushdevelopmentPHPStatic Analysis
$ npx skills add vimeo/psalm#12
π₯ ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
5.5K starsJun 3, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add mgechev/revive#13
An extensible multilanguage static code analyzer.
5.4K starsJun 5, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add pmd/pmd#14
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.
13K starsJun 5, 2026 pushdevelopmentPythonStatic Analysis
$ npx skills add OWASP/mastg#15
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
3.9K starsJun 10, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add spotbugs/spotbugs#16
KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
3.5K starsJun 4, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add stackrox/kube-linterHow to choose
When should you switch?
Use an alternative when it has a clearer install path, higher trust score, fresher maintenance, or better platform fit for your current agent stack. Keep Checkov if it already passes your workflow test and repository review.
Next step
Compare top candidates side by side
Open the compare page, test the install commands in a sandbox, and check each repository before using a skill in production.