#1
A static analyzer for Java, C, C++, and Objective-C
16K starsJun 6, 2026 pushdevelopmentOCamlStatic Analysis
$ npx skills add facebook/inferAlternatives
Semgrep alternatives for AI agents.
Compare similar skills by workflow fit, trust score, quality, GitHub adoption, maintenance, and install readiness.
Current skill
Semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
100
Quality
100
Trust
15K
Stars
#2
Performant type-checking for python.
7.2K starsJun 5, 2026 pushdevelopmentOCamlStatic Analysis
$ npx skills add facebook/pyre-check#3
Security risk analysis for Kubernetes resources
1.5K starsJun 9, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add controlplaneio/kubesec#4
An extremely fast Python linter and code formatter, written in Rust.
48K starsJun 6, 2026 pushdevelopmentRustStatic Analysis
$ npx skills add astral-sh/ruff#5
A vulnerability scanner for container images and filesystems
12K starsJun 5, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add anchore/grype#6
Vulnerability Static Analysis for Containers
11K starsJun 4, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add quay/clair#7
Continuous Inspection
11K starsJun 5, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add SonarSource/sonarqube#8
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
9.1K starsJun 8, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add anchore/syft#9
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
8.9K starsJun 8, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add checkstyle/checkstyle#10
Go security checker
8.9K starsJun 3, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add securego/gosec#11
A static analysis security vulnerability scanner for Ruby on Rails applications
7.2K starsJun 5, 2026 pushdevelopmentRubyStatic Analysis
$ npx skills add presidentbeef/brakeman#12
The modern Java bytecode editor
7.2K starsJun 4, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add Col-E/Recaf#13
Catch common Java mistakes as compile-time errors
7.2K starsJun 5, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add google/error-prone#14
Staticcheck - The advanced Go linter
6.8K starsMay 24, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add dominikh/go-tools#15
Validate and visualize dependencies. Your rules. JavaScript, TypeScript, CoffeeScript. ES6, CommonJS, AMD.
6.7K starsJun 6, 2026 pushdevelopmentJavaScriptStatic Analysis
$ npx skills add sverweij/dependency-cruiser#16
static analysis of C/C++ code
6.6K starsJun 5, 2026 pushdevelopmentC++Static Analysis
$ npx skills add cppcheck-opensource/cppcheckHow to choose
When should you switch?
Use an alternative when it has a clearer install path, higher trust score, fresher maintenance, or better platform fit for your current agent stack. Keep Semgrep if it already passes your workflow test and repository review.
Next step
Compare top candidates side by side
Open the compare page, test the install commands in a sandbox, and check each repository before using a skill in production.