#1
π₯ ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
5.5K starsJun 3, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add mgechev/reviveAlternatives
Gosec alternatives for AI agents.
Compare similar skills by workflow fit, trust score, quality, GitHub adoption, maintenance, and install readiness.
Current skill
Gosec
Go security checker
100
Quality
100
Trust
8.9K
Stars
#2
Security risk analysis for Kubernetes resources
1.5K starsJun 9, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add controlplaneio/kubesec#3
Static analysis for GitHub Actions
5.5K starsJun 5, 2026 pushdevelopmentRustStatic Analysis
$ npx skills add zizmorcore/zizmor#4
A vulnerability scanner for container images and filesystems
12K starsJun 5, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add anchore/grype#5
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
9.1K starsJun 8, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add anchore/syft#6
Staticcheck - The advanced Go linter
6.8K starsMay 24, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add dominikh/go-tools#7
Static analysis tool to detect potential nil panics in Go code
3.8K starsMay 28, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add uber-go/nilaway#8
KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
3.5K starsJun 4, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add stackrox/kube-linter#9
A static analyzer for Java, C, C++, and Objective-C
16K starsJun 6, 2026 pushdevelopmentOCamlStatic Analysis
$ npx skills add facebook/infer#10
PHP Static Analysis Tool - discover bugs in your code without running it!
14K starsJun 6, 2026 pushdevelopmentPHPStatic Analysis
$ npx skills add phpstan/phpstan#11
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
8.9K starsJun 8, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add checkstyle/checkstyle#12
A static analysis security vulnerability scanner for Ruby on Rails applications
7.2K starsJun 5, 2026 pushdevelopmentRubyStatic Analysis
$ npx skills add presidentbeef/brakeman#13
It's not just a linter that annoys you!
5.7K starsJun 6, 2026 pushdevelopmentPythonStatic Analysis
$ npx skills add pylint-dev/pylint#14
Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
5.6K starsMay 12, 2026 pushdevelopmentPHPStatic Analysis
$ npx skills add phan/phan#15
A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
4.1K starsJun 5, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add uber/NullAway#16
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
3.9K starsJun 10, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add spotbugs/spotbugsHow to choose
When should you switch?
Use an alternative when it has a clearer install path, higher trust score, fresher maintenance, or better platform fit for your current agent stack. Keep Gosec if it already passes your workflow test and repository review.
Next step
Compare top candidates side by side
Open the compare page, test the install commands in a sandbox, and check each repository before using a skill in production.