Choose skills by scenario, quality, and trust signals.

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

An extremely fast Python linter and code formatter, written in Rust.

ShellCheck, a static analysis tool for shell scripts

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

A tool to enforce Swift style and conventions.

A static analyzer for Java, C, C++, and Objective-C

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

⚡A CLI tool for code structural search, lint and rewriting. Written in Rust

PHP Static Analysis Tool - discover bugs in your code without running it!

A tool to automatically fix PHP Coding Standards issues

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

A vulnerability scanner for container images and filesystems

Dockerfile linter, validate inline bash, written in Haskell

Vulnerability Static Analysis for Containers

Program for determining types of files for Windows, Linux and MacOS.

Continuous Inspection

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Go security checker

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Bandit is a tool designed to find common security issues in Python code.

A static analysis security vulnerability scanner for Ruby on Rails applications

The modern Java bytecode editor

Catch common Java mistakes as compile-time errors

Performant type-checking for python.

Static code analysis for Kotlin

Staticcheck - The advanced Go linter

Validate and visualize dependencies. Your rules. JavaScript, TypeScript, CoffeeScript. ES6, CommonJS, AMD.

static analysis of C/C++ code

Static Analyzer for Solidity and Vyper

A PHP static analysis tool for finding errors and security vulnerabilities in PHP applications

It's not just a linter that annoys you!

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint

Static analysis for GitHub Actions

An extensible multilanguage static code analyzer.

A static code analysis tool for the Elixir language with a focus on code consistency and teaching.

Official ESLint plugin for Vue.js

🦩 Tools for Go projects

Analyze ELF binaries like a boss 😼🕵️‍♂️

Code smell detector for Ruby

A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

Static analysis tool to detect potential nil panics in Go code

flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

Codebase intelligence for TypeScript and JavaScript. Free static layer: unused code, duplication, circular deps, complexity hotspots, architecture boundaries. Optional paid runtime layer: hot-path review and cold-path deletion evidence from real production traffic. Rust-native, sub-second, zero-config framework support.

GitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and various tools.

Mago is a toolchain for PHP that aims to provide a set of tools to help developers write better code.

Static analyzer for C/C++ based on the theory of Abstract Interpretation.

Soot - A Java optimization framework

💎 Code quality CLI for universal linting, auto-formatting, security scanning, and maintainability

Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

Flowistry is an IDE plugin for Rust that helps you focus on relevant code.

A PHP parser written in PHP

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Tfsec is now part of Trivy

CodeChecker is an analyzer tooling, defect database and viewer extension for static and dynamic analyzer tools.

PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.

Work-in-progress tool to reverse unity's IL2CPP toolchain.

TypeScript Compiler API wrapper for static analysis and programmatic code changes.

Converts JavaScript to TypeScript and TypeScript to better TypeScript. 🧫

☔ 敏捷开发最强大易用的接口工具，机器学习零代码测试与 AI 问答、生成代码与静态检查、生成文档与光标悬浮注释，腾讯、华为、SHEIN、传音、工行等使用 ☔ The most advanced tool for HTTP API. Machine learning no-code testing and AI assistant, generating codes and static analysis, generating comments and floating hints. Used by Tencent, Huawei, SHEIN, TRANSSION, ICBC, etc.

Manage translation and localization with static analysis, for Ruby i18n

Interactive architecture diagrams for codebases

Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.

🚀Optimizer for mobile applications

A static type analyzer for Python code

Static analyzer and linter for Clojure code that sparks joy

An easy-to-learn/use static analysis framework for Java and Android

Static Value-Flow Analysis Framework for Source Code

Node.js dependency tracing utility

Next-gen phpDoc parser with support for intersection types and generics

PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.

Security risk analysis for Kubernetes resources

Radare2 and Frida better together.