Security Code Scan alternatives for AI agents.

A powerful C# Roslyn analyzer that uses static analysis to detect bugs, surface security issues, and enforce best practices—helping developers and AI write more reliable code.

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

Work-in-progress tool to reverse unity's IL2CPP toolchain.

:coffee: SonarSource Static Analyzer for Java Code Quality and Security

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Static code analysis for Kotlin

Analyze ELF binaries like a boss 😼🕵️‍♂️

CodeChecker is an analyzer tooling, defect database and viewer extension for static and dynamic analyzer tools.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Code analyzer for C# and VB.NET projects

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

An extremely fast Python linter and code formatter, written in Rust.

ShellCheck, a static analysis tool for shell scripts

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.