Qodana alternatives for AI agents.

🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

DeepAudit：人人拥有的 AI 黑客战队，让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行，自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ，一键生成报告。支持中转站。​让安全不再昂贵，让审计不再复杂。

🚫 Stop saying "you forgot to …" in code review (in Ruby)

⚠️ Stop saying "you forgot to …" in code review

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

An extensible and friendly code review tool for projects and companies of all sizes.

⚙️ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle

Catch the slop AI coding agents leave in your code: narrative comments, swallowed exceptions, as-any casts, dead code, oversized functions. 50+ rules across 8 languages (TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP). Sub-second, deterministic, no LLM at runtime. MIT-licensed.

AI code reviews grounded in 12 classic engineering books — decay risk diagnostics with book citations, severity labels, and 6 analysis modes including full-sweep auto-fix

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

nodejsscan is a static security code scanner for Node.js applications.

The developer platform for on-demand cloud development environments to create software faster and more securely.

🚀 PR Agent: The Original Open-Source PR Reviewer. This project It is not the Qodo free tier.

Your agent writes bad React. This catches it

Codebase intelligence for TypeScript and JavaScript. Free static layer: unused code, duplication, circular deps, complexity hotspots, architecture boundaries. Optional paid runtime layer: hot-path review and cold-path deletion evidence from real production traffic. Rust-native, sub-second, zero-config framework support.

Static Code Analysis - 静态代码分析