diff --git a/README.md b/README.md
index 978e746ee4..599a905557 100644
--- a/README.md
+++ b/README.md
@@ -135,7 +135,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
Assembly
--  [STOKE](http://stoke.stanford.edu/) - A programming-language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations.
+-  [STOKE](http://stoke.stanford.edu/) :warning: - A programming-language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations.
Awk
@@ -148,7 +148,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
- [Astrée](https://www.absint.com/astree/index.htm) :copyright: - Sound static analyzer based on abstract interpretation for C/C++, detecting memory, type and concurrency defects, and MISRA violations.
-  [CBMC](http://www.cprover.org/cbmc/) - Bounded model-checker for C programs, user-defined assertions, standard assertions, several coverage metric analyses.
- [clang-tidy](http://clang.llvm.org/extra/clang-tidy/) - clang static analyser.
--  [CMetrics](https://github.com/MetricsGrimoire/CMetrics) - Measures size and complexity for C files.
+-  [CMetrics](https://github.com/MetricsGrimoire/CMetrics) :warning: - Measures size and complexity for C files.
- [CodeSonar from GrammaTech](https://www.grammatech.com/products/codesonar) :copyright: - Advanced, whole program, deep path, static analysis of C and C++ with easy-to-understand explanations and code and path visualization.
-  [cppcheck](http://cppcheck.sourceforge.net/) - Static analysis of C/C++ code.
- [CppDepend](https://www.cppdepend.com) :warning: :copyright: - Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity.
@@ -156,12 +156,12 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
-  [cqmetrics](https://github.com/dspinellis/cqmetrics) - Quality metrics for C code.
-  [CScout](https://www.spinellis.gr/cscout/) - Complexity and quality metrics for for C and C preprocessor code.
-  [ESBMC](http://esbmc.org/) - ESBMC is an open source, permissively licensed, context-bounded model checker based on satisfiability modulo theories for the verification of single- and multi-threaded C/C++ programs.
--  [flawfinder](https://www.dwheeler.com/flawfinder/) - Finds possible security weaknesses.
--  [flint++](https://github.com/JossWhittle/FlintPlusPlus) - Cross-platform, zero-dependency port of flint, a lint program for C++ developed and used at Facebook.
+-  [flawfinder](https://www.dwheeler.com/flawfinder/) :warning: - Finds possible security weaknesses.
+-  [flint++](https://github.com/JossWhittle/FlintPlusPlus) :warning: - Cross-platform, zero-dependency port of flint, a lint program for C++ developed and used at Facebook.
- [Frama-C](http://frama-c.com/) - A sound and extensible static analyzer for C code.
- [Helix QAC](https://www.perforce.com/products/helix-qac) :copyright: - Enterprise-grade static analysis for embedded software. Supports MISRA, CERT, and AUTOSAR coding standards.
--  [IKOS](https://github.com/nasa-sw-vnv/ikos) - A sound static analyzer for C/C++ code based on LLVM.
--  [include-gardener](https://github.com/feddischson/include_gardener) - A multi-language static analyzer for C/C++/Obj-C/Python/Ruby to create a graph (in dot or graphml format) which shows all `#include` relations of a given set of files.
+-  [IKOS](https://github.com/nasa-sw-vnv/ikos) :warning: - A sound static analyzer for C/C++ code based on LLVM.
+-  [include-gardener](https://github.com/feddischson/include_gardener) :warning: - A multi-language static analyzer for C/C++/Obj-C/Python/Ruby to create a graph (in dot or graphml format) which shows all `#include` relations of a given set of files.
-  [Joern](https://joern.io/) - Open-source code analysis platform for C/C++ based on code property graphs
- [LDRA](https://ldra.com) :copyright: - A tool suite including static analysis (TBVISION) to various standards including MISRA C & C++, JSF++ AV, CWE, CERT C, CERT C++ & Custom Rules.
- [PC-lint](https://www.gimpel.com/) :copyright: - Static analysis for C/C++. Runs natively under Windows/Linux/MacOS. Analyzes code for virtually any platform, supporting C11/C18 and C++17.
@@ -169,7 +169,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
- [Polyspace Bug Finder](https://www.mathworks.com/products/polyspace-bug-finder.html) :copyright: - Identifies run-time errors, concurrency issues, security vulnerabilities, and other defects in C and C++ embedded software.
- [Polyspace Code Prover](https://www.mathworks.com/products/polyspace-code-prover.html) :copyright: - Provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in C and C++ source code.
- [scan-build](https://clang-analyzer.llvm.org/scan-build.html) - Analyzes C/C++ code using LLVM at compile-time.
--  [splint](http://splint.org/) - Annotation-assisted static program checker.
+-  [splint](http://splint.org/) :warning: - Annotation-assisted static program checker.
-  [SVF](http://svf-tools.github.io/SVF/) - A static tool that enables scalable and precise interprocedural dependence analysis for C and C++ programs.
- [vera++](https://bitbucket.org/verateam/vera/wiki/Introduction) - Vera++ is a programmable tool for verification, analysis and transformation of C++ source code.
@@ -179,14 +179,14 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
- [.NET Analyzers](https://github.com/DotNetAnalyzers) - An organization for the development of analyzers (diagnostics and code fixes) using the .NET Compiler Platform.
-  [ArchUnitNET](https://github.com/TNG/ArchUnitNET) - A C# architecture test library to specify and assert architecture rules in C# for automated testing.
- [Code Analysis Rule Collection](https://carc.codeplex.com/) :warning: - Contains a set of diagnostics, code fixes and refactorings built on the Microsoft .NET Compiler Platform "Roslyn".
--  [code-cracker](http://code-cracker.github.io/) - An analyzer library for C# and VB that uses Roslyn to produce refactorings, code analysis, and other niceties.
--  [CSharpEssentials](https://github.com/DustinCampbell/CSharpEssentials) - C# Essentials is a collection of Roslyn diagnostic analyzers, code fixes and refactorings that make it easy to work with C# 6 language features.
+-  [code-cracker](http://code-cracker.github.io/) :warning: - An analyzer library for C# and VB that uses Roslyn to produce refactorings, code analysis, and other niceties.
+-  [CSharpEssentials](https://github.com/DustinCampbell/CSharpEssentials) :warning: - C# Essentials is a collection of Roslyn diagnostic analyzers, code fixes and refactorings that make it easy to work with C# 6 language features.
- [Designite](http://www.designite-tools.com) :copyright: - Designite supports detection of various architecture, design, and implementation smells, computation of various code quality metrics, and trend analysis.
-  [Gendarme](https://www.mono-project.com/docs/tools+libraries/tools/gendarme/) - Gendarme inspects programs and libraries that contain code in ECMA CIL format (Mono and .NET).
- [NDepend](http://www.ndepend.com/) :copyright: - Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity.
-  [Roslynator](https://github.com/JosefPihrt/Roslynator/) - A collection of 190+ analyzers and 190+ refactorings for C#, powered by Roslyn.
--  [VSDiagnostics](https://github.com/Vannevelj/VSDiagnostics) - A collection of static analyzers based on Roslyn that integrates with VS.
--  [Wintellect.Analyzers](https://github.com/Wintellect/Wintellect.Analyzers) - .NET Compiler Platform ("Roslyn") diagnostic analyzers and code fixes.
+-  [VSDiagnostics](https://github.com/Vannevelj/VSDiagnostics) :warning: - A collection of static analyzers based on Roslyn that integrates with VS.
+-  [Wintellect.Analyzers](https://github.com/Wintellect/Wintellect.Analyzers) :warning: - .NET Compiler Platform ("Roslyn") diagnostic analyzers and code fixes.
C++
@@ -194,7 +194,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
- [Astrée](https://www.absint.com/astree/index.htm) :copyright: - Sound static analyzer based on abstract interpretation for C/C++, detecting memory, type and concurrency defects, and MISRA violations.
-  [CBMC](http://www.cprover.org/cbmc/) - Bounded model-checker for C programs, user-defined assertions, standard assertions, several coverage metric analyses.
- [clang-tidy](http://clang.llvm.org/extra/clang-tidy/) - clang static analyser.
--  [CMetrics](https://github.com/MetricsGrimoire/CMetrics) - Measures size and complexity for C files.
+-  [CMetrics](https://github.com/MetricsGrimoire/CMetrics) :warning: - Measures size and complexity for C files.
- [CodeSonar from GrammaTech](https://www.grammatech.com/products/codesonar) :copyright: - Advanced, whole program, deep path, static analysis of C and C++ with easy-to-understand explanations and code and path visualization.
-  [cppcheck](http://cppcheck.sourceforge.net/) - Static analysis of C/C++ code.
- [CppDepend](https://www.cppdepend.com) :warning: :copyright: - Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity.
@@ -202,12 +202,12 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
-  [cqmetrics](https://github.com/dspinellis/cqmetrics) - Quality metrics for C code.
-  [CScout](https://www.spinellis.gr/cscout/) - Complexity and quality metrics for for C and C preprocessor code.
-  [ESBMC](http://esbmc.org/) - ESBMC is an open source, permissively licensed, context-bounded model checker based on satisfiability modulo theories for the verification of single- and multi-threaded C/C++ programs.
--  [flawfinder](https://www.dwheeler.com/flawfinder/) - Finds possible security weaknesses.
--  [flint++](https://github.com/JossWhittle/FlintPlusPlus) - Cross-platform, zero-dependency port of flint, a lint program for C++ developed and used at Facebook.
+-  [flawfinder](https://www.dwheeler.com/flawfinder/) :warning: - Finds possible security weaknesses.
+-  [flint++](https://github.com/JossWhittle/FlintPlusPlus) :warning: - Cross-platform, zero-dependency port of flint, a lint program for C++ developed and used at Facebook.
- [Frama-C](http://frama-c.com/) - A sound and extensible static analyzer for C code.
- [Helix QAC](https://www.perforce.com/products/helix-qac) :copyright: - Enterprise-grade static analysis for embedded software. Supports MISRA, CERT, and AUTOSAR coding standards.
--  [IKOS](https://github.com/nasa-sw-vnv/ikos) - A sound static analyzer for C/C++ code based on LLVM.
--  [include-gardener](https://github.com/feddischson/include_gardener) - A multi-language static analyzer for C/C++/Obj-C/Python/Ruby to create a graph (in dot or graphml format) which shows all `#include` relations of a given set of files.
+-  [IKOS](https://github.com/nasa-sw-vnv/ikos) :warning: - A sound static analyzer for C/C++ code based on LLVM.
+-  [include-gardener](https://github.com/feddischson/include_gardener) :warning: - A multi-language static analyzer for C/C++/Obj-C/Python/Ruby to create a graph (in dot or graphml format) which shows all `#include` relations of a given set of files.
-  [Joern](https://joern.io/) - Open-source code analysis platform for C/C++ based on code property graphs
- [LDRA](https://ldra.com) :copyright: - A tool suite including static analysis (TBVISION) to various standards including MISRA C & C++, JSF++ AV, CWE, CERT C, CERT C++ & Custom Rules.
- [PC-lint](https://www.gimpel.com/) :copyright: - Static analysis for C/C++. Runs natively under Windows/Linux/MacOS. Analyzes code for virtually any platform, supporting C11/C18 and C++17.
@@ -215,7 +215,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
- [Polyspace Bug Finder](https://www.mathworks.com/products/polyspace-bug-finder.html) :copyright: - Identifies run-time errors, concurrency issues, security vulnerabilities, and other defects in C and C++ embedded software.
- [Polyspace Code Prover](https://www.mathworks.com/products/polyspace-code-prover.html) :copyright: - Provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in C and C++ source code.
- [scan-build](https://clang-analyzer.llvm.org/scan-build.html) - Analyzes C/C++ code using LLVM at compile-time.
--  [splint](http://splint.org/) - Annotation-assisted static program checker.
+-  [splint](http://splint.org/) :warning: - Annotation-assisted static program checker.
-  [SVF](http://svf-tools.github.io/SVF/) - A static tool that enables scalable and precise interprocedural dependence analysis for C and C++ programs.
- [vera++](https://bitbucket.org/verateam/vera/wiki/Introduction) - Vera++ is a programmable tool for verification, analysis and transformation of C++ source code.
@@ -227,7 +227,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
CoffeeScript
--  [coffeelint](http://www.coffeelint.org/) - A style checker that helps keep CoffeeScript code clean and consistent.
+-  [coffeelint](http://www.coffeelint.org/) :warning: - A style checker that helps keep CoffeeScript code clean and consistent.
Crystal
@@ -287,42 +287,42 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
- [aligncheck](https://gitlab.com/opennota/check) - Find inefficiently packed structs.
-  [bodyclose](https://github.com/timakin/bodyclose) - Checks whether HTTP response body is closed.
--  [deadcode](https://github.com/tsenart/deadcode) - Finds unused code.
--  [dingo-hunter](https://github.com/nickng/dingo-hunter) - Static analyser for finding deadlocks in Go.
--  [dogsled](https://github.com/alexkohler/dogsled) - Finds assignments/declarations with too many blank identifiers.
--  [dupl](https://github.com/mibk/dupl) - Reports potentially duplicated code.
+-  [deadcode](https://github.com/tsenart/deadcode) :warning: - Finds unused code.
+-  [dingo-hunter](https://github.com/nickng/dingo-hunter) :warning: - Static analyser for finding deadlocks in Go.
+-  [dogsled](https://github.com/alexkohler/dogsled) :warning: - Finds assignments/declarations with too many blank identifiers.
+-  [dupl](https://github.com/mibk/dupl) :warning: - Reports potentially duplicated code.
-  [errcheck](https://github.com/kisielk/errcheck) - Check that error return values are used.
--  [flen](https://github.com/lafolle/flen) - Get info on length of functions in a Go package.
+-  [flen](https://github.com/lafolle/flen) :warning: - Get info on length of functions in a Go package.
- [go tool vet --shadow](https://golang.org/cmd/vet/#hdr-Shadowed_variables) - Reports variables that may have been unintentionally shadowed.
- [go vet](https://golang.org/cmd/vet/) - Examines Go source code and reports suspicious.
-  [go-consistent](https://github.com/Quasilyte/go-consistent) - Analyzer that helps you to make your Go programs more consistent.
-  [go-critic](https://github.com/go-critic/go-critic) - Go source code linter that maintains checks which are currently not implemented in other linters.
- [go/ast](https://golang.org/pkg/go/ast/) - Package ast declares the types used to represent syntax trees for Go packages.
--  [gochecknoglobals](https://github.com/leighmcculloch/gochecknoglobals) - Checks that no globals are present.
--  [goconst](https://github.com/jgautheron/goconst) - Finds repeated strings that could be replaced by a constant.
--  [gocyclo](https://github.com/fzipp/gocyclo) - Calculate cyclomatic complexities of functions in Go source code.
+-  [gochecknoglobals](https://github.com/leighmcculloch/gochecknoglobals) :warning: - Checks that no globals are present.
+-  [goconst](https://github.com/jgautheron/goconst) :warning: - Finds repeated strings that could be replaced by a constant.
+-  [gocyclo](https://github.com/fzipp/gocyclo) :warning: - Calculate cyclomatic complexities of functions in Go source code.
- [gofmt -s](https://golang.org/cmd/gofmt/) - Checks if the code is properly formatted and could not be further simplified.
- [goimports](https://pkg.go.dev/golang.org/x/tools/cmd/goimports) - Checks missing or unreferenced package imports.
-  [GolangCI-Lint](https://golangci-lint.run/) - Alternative to `Go Meta Linter`: GolangCI-Lint is a linters aggregator.
-  [golint](https://github.com/golang/lint) - Prints out coding style mistakes in Go source code.
--  [goroutine-inspect](https://github.com/linuxerwang/goroutine-inspect) - An interactive tool to analyze Golang goroutine dump.
+-  [goroutine-inspect](https://github.com/linuxerwang/goroutine-inspect) :warning: - An interactive tool to analyze Golang goroutine dump.
-  [gosec (gas)](https://securego.io/) - Inspects source code for security problems by scanning the Go AST.
- [gotype](https://pkg.go.dev/golang.org/x/tools/cmd/gotype) - Syntactic and semantic analysis similar to the Go compiler.
-  [ineffassign](https://github.com/gordonklaus/ineffassign) - Detect ineffectual assignments in Go code.
-  [interfacer](https://github.com/mvdan/interfacer) :warning: - Suggest narrower interfaces that can be used.
--  [lll](https://github.com/walle/lll) - Report long lines.
--  [maligned](https://github.com/mdempsky/maligned) - Detect structs that would take less memory if their fields were sorted.
--  [misspell](https://github.com/client9/misspell) - Finds commonly misspelled English words.
--  [nakedret](https://github.com/alexkohler/nakedret) - Finds naked returns.
+-  [lll](https://github.com/walle/lll) :warning: - Report long lines.
+-  [maligned](https://github.com/mdempsky/maligned) :warning: - Detect structs that would take less memory if their fields were sorted.
+-  [misspell](https://github.com/client9/misspell) :warning: - Finds commonly misspelled English words.
+-  [nakedret](https://github.com/alexkohler/nakedret) :warning: - Finds naked returns.
-  [nargs](https://github.com/alexkohler/nargs) - Finds unused arguments in function declarations.
-  [prealloc](https://github.com/alexkohler/prealloc) - Finds slice declarations that could potentially be preallocated.
-  [revive](https://revive.run/) - Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint.
--  [safesql](https://github.com/stripe/safesql) - Static analysis tool for Golang that protects against SQL injections.
+-  [safesql](https://github.com/stripe/safesql) :warning: - Static analysis tool for Golang that protects against SQL injections.
-  [staticcheck](https://staticcheck.io/) - Go static analysis that specialises in finding bugs, simplifying code and improving performance.
- [structcheck](https://gitlab.com/opennota/check) - Find unused struct fields.
- [test](http://golang.org/pkg/testing/) - Show location of test failures from the stdlib testing module.
--  [unconvert](https://github.com/mdempsky/unconvert) - Detect redundant type conversions.
--  [unimport](https://github.com/alexkohler/unimport) - Finds unnecessary import aliases.
+-  [unconvert](https://github.com/mdempsky/unconvert) :warning: - Detect redundant type conversions.
+-  [unimport](https://github.com/alexkohler/unimport) :warning: - Finds unnecessary import aliases.
-  [unparam](https://github.com/mvdan/unparam) - Find unused function parameters.
- [varcheck](https://gitlab.com/opennota/check) - Find unused global variables and constants.
-  [wsl](https://github.com/bombsimon/wsl) - Enforces empty lines at the right places.
@@ -351,7 +351,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
-  [Checker Framework](https://checkerframework.org/) - Pluggable type-checking for Java.
-  [checkstyle](https://checkstyle.org/) - Checking Java source code for adherence to a Code Standard or set of validation rules (best practices).
-  [ck](https://github.com/mauricioaniche/ck) - Calculates Chidamber and Kemerer object-oriented metrics by processing the source Java files.
--  [ckjm](http://www.spinellis.gr/sw/ckjm/) - Calculates Chidamber and Kemerer object-oriented metrics by processing the bytecode of compiled Java files.
+-  [ckjm](http://www.spinellis.gr/sw/ckjm/) :warning: - Calculates Chidamber and Kemerer object-oriented metrics by processing the bytecode of compiled Java files.
-  [CogniCrypt](https://www.eclipse.org/cognicrypt/) - Checks Java source and byte code for incorrect uses of cryptographic APIs.
- [DesigniteJava](http://www.designite-tools.com/designitejava) :copyright: - DesigniteJava supports detection of various architecture, design, and implementation smells along with computation of various code quality metrics.
-  [Error-prone](https://errorprone.info/) - Catch common Java mistakes as compile-time errors.
@@ -363,7 +363,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
- [JBMC](https://www.cprover.org/jbmc/) - Bounded model-checker for Java (bytecode), verifies user-defined assertions, standard assertions, several coverage metric analyses.
-  [NullAway](https://github.com/uber/NullAway) - Type-based null-pointer checker with low build-time overhead; an [Error Prone](http://errorprone.info/) plugin.
-  [OWASP Dependency Check](https://owasp.org/www-project-dependency-check/) - Checks dependencies for known, publicly disclosed, vulnerabilities.
--  [qulice](https://www.qulice.com/) - Combines a few (pre-configured) static analysis tools (checkstyle, PMD, Findbugs, ...).
+-  [qulice](https://www.qulice.com/) :warning: - Combines a few (pre-configured) static analysis tools (checkstyle, PMD, Findbugs, ...).
-  [Soot](https://soot-oss.github.io/soot/) - A framework for analyzing and transforming Java and Android applications.
-  [Spoon](http://spoon.gforge.inria.fr/) - Spoon is a metaprogramming library to analyze and transform Java source code (incl Java 9, 10, 11, 12, 13, 14). It parses source files to build a well-designed AST with powerful analysis and transformation API. Can be integrated in Maven and Gradle.
-  [SpotBugs](https://spotbugs.github.io/) - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
@@ -371,15 +371,15 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
JavaScript
--  [aether](http://aetherjs.com/) - Lint, analyze, normalize, transform, sandbox, run, step through, and visualize user JavaScript, in node or the browser.
+-  [aether](http://aetherjs.com/) :warning: - Lint, analyze, normalize, transform, sandbox, run, step through, and visualize user JavaScript, in node or the browser.
-  [Closure Compiler](https://developers.google.com/closure/compiler/) - A compiler tool to increase efficiency, reduce size, and provide code warnings in JavaScript files.
-  [ClosureLinter](https://github.com/google/closure-linter) :warning: - Ensures that all of your project's JavaScript code follows the guidelines in the Google JavaScript Style Guide. It can also automatically fix many common errors.
-  [complexity-report](https://github.com/jared-stilwell/complexity-report) :warning: - Software complexity analysis for JavaScript projects.
- [DeepScan](https://deepscan.io) :copyright: - An analyzer for JavaScript which targets runtime errors and quality issues rather than coding conventions.
-  [es6-plato](https://github.com/the-simian/es6-plato) - Visualize JavaScript (ES6) source complexity.
--  [escomplex](https://github.com/jared-stilwell/escomplex) - Software complexity analysis of JavaScript-family abstract syntax trees.
+-  [escomplex](https://github.com/jared-stilwell/escomplex) :warning: - Software complexity analysis of JavaScript-family abstract syntax trees.
-  [eslint](https://eslint.org/) - A fully pluggable tool for identifying and reporting on patterns in JavaScript.
--  [Esprima](https://esprima.org/) - ECMAScript parsing infrastructure for multipurpose analysis.
+-  [Esprima](https://esprima.org/) :warning: - ECMAScript parsing infrastructure for multipurpose analysis.
-  [flow](https://flow.org/) - A static type checker for JavaScript.
-  [hegel](https://hegel.js.org/) - A static type checker for JavaScript with a bias on type inference and strong type systems.
-  [jshint](https://jshint.com/about/) [:information_source:](https://github.com/analysis-tools-dev/static-analysis/issues/223) - Detect errors and potential problems in JavaScript code and enforce your team's coding conventions.
@@ -405,7 +405,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
Lua
--  [luacheck](https://github.com/mpeterv/luacheck) - A tool for linting and static analysis of Lua code.
+-  [luacheck](https://github.com/mpeterv/luacheck) :warning: - A tool for linting and static analysis of Lua code.
MATLAB
@@ -417,51 +417,51 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
-  [churn-php](https://github.com/bmitch/churn-php) :warning: - Helps discover good candidates for refactoring.
-  [dephpend](https://dephpend.com/) - Dependency analysis tool.
--  [deprecation-detector](https://github.com/sensiolabs-de/deprecation-detector) - Finds usages of deprecated (Symfony) code.
+-  [deprecation-detector](https://github.com/sensiolabs-de/deprecation-detector) :warning: - Finds usages of deprecated (Symfony) code.
-  [deptrac](https://github.com/sensiolabs-de/deptrac) - Enforce rules for dependencies between software layers.
--  [DesignPatternDetector](https://github.com/Halleck45/DesignPatternDetector) - Detection of design patterns in PHP code.
+-  [DesignPatternDetector](https://github.com/Halleck45/DesignPatternDetector) :warning: - Detection of design patterns in PHP code.
-  [EasyCodingStandard](https://www.tomasvotruba.com/blog/2017/05/03/combine-power-of-php-code-sniffer-and-php-cs-fixer-in-3-lines/) - Combine [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer) and [PHP-CS-Fixer](https://github.com/FriendsOfPHP/PHP-CS-Fixer).
-  [GrumPHP](https://github.com/phpro/grumphp) - Checks code on every commit.
--  [Mondrian](http://trismegiste.github.io/Mondrian/) - A set of static analysis and refactoring tools which use graph theory.
+-  [Mondrian](http://trismegiste.github.io/Mondrian/) :warning: - A set of static analysis and refactoring tools which use graph theory.
-  [parallel-lint](https://github.com/php-parallel-lint/PHP-Parallel-Lint) - This tool checks syntax of PHP files faster than serial check with a fancier output.
--  [Parse](https://github.com/psecio/parse) - A Static Security Scanner.
+-  [Parse](https://github.com/psecio/parse) :warning: - A Static Security Scanner.
-  [pdepend](https://pdepend.org/) - Calculates software metrics like cyclomatic complexity for PHP code.
-  [phan](https://github.com/phan/phan/wiki) - A modern static analyzer from etsy.
-  [PHP Architecture Tester](https://github.com/carlosas/phpat) - Easy to use architecture testing tool for PHP.
--  [PHP Assumptions](https://github.com/rskuipers/php-assumptions) - Checks for weak assumptions.
+-  [PHP Assumptions](https://github.com/rskuipers/php-assumptions) :warning: - Checks for weak assumptions.
-  [PHP Coding Standards Fixer](https://cs.symfony.com/) - Fixes your code according to standards like PSR-1, PSR-2, and the Symfony standard.
-  [PHP Insights](https://phpinsights.com/) - Instant PHP quality checks from your console. Analysis of code quality and coding style as well as overview of code architecture and its complexity.
-  [Php Inspections (EA Extended)](https://plugins.jetbrains.com/plugin/7622-php-inspections-ea-extended-) - A Static Code Analyzer for PHP.
--  [PHP Refactoring Browser](http://qafoolabs.github.io/php-refactoring-browser/) - Refactoring helper.
+-  [PHP Refactoring Browser](http://qafoolabs.github.io/php-refactoring-browser/) :warning: - Refactoring helper.
-  [PHP Semantic Versioning Checker](https://github.com/tomzx/php-semver-checker) - Suggests a next version according to semantic versioning.
-  [PHP-Parser](https://github.com/nikic/PHP-Parser) - A PHP parser written in PHP.
-  [php-speller](https://github.com/mekras/php-speller) - PHP spell check library.
--  [PHP-Token-Reflection](https://github.com/Andrewsville/PHP-Token-Reflection) - Library emulating the PHP internal reflection.
+-  [PHP-Token-Reflection](https://github.com/Andrewsville/PHP-Token-Reflection) :warning: - Library emulating the PHP internal reflection.
-  [php7cc](https://github.com/sstalle/php7cc) :warning: - PHP 7 Compatibility Checker.
-  [php7mar](https://github.com/Alexia/php7mar) :warning: - Assist developers in porting their code quickly to PHP 7.
-  [PHP_CodeSniffer](https://pear.php.net/package/PHP_CodeSniffer) - Detects violations of a defined set of coding standards.
--  [phpca](https://github.com/wapmorgan/PhpCodeAnalyzer) - Finds usage of non-built-in extensions.
+-  [phpca](https://github.com/wapmorgan/PhpCodeAnalyzer) :warning: - Finds usage of non-built-in extensions.
-  [phpcf](http://wapmorgan.github.io/PhpCodeFixer/) - Finds usage of deprecated PHP features.
-  [phpcpd](https://github.com/sebastianbergmann/phpcpd) - Copy/Paste Detector for PHP code.
-  [phpdcd](https://github.com/sebastianbergmann/phpdcd) :warning: - Dead Code Detector (DCD) for PHP code.
--  [PhpDependencyAnalysis](https://mamuz.github.io/PhpDependencyAnalysis/) - Builds a dependency graph for a project.
--  [phpdoc-to-typehint](https://github.com/dunglas/phpdoc-to-typehint) - Add scalar type hints and return types to existing PHP projects using PHPDoc annotations.
+-  [PhpDependencyAnalysis](https://mamuz.github.io/PhpDependencyAnalysis/) :warning: - Builds a dependency graph for a project.
+-  [phpdoc-to-typehint](https://github.com/dunglas/phpdoc-to-typehint) :warning: - Add scalar type hints and return types to existing PHP projects using PHPDoc annotations.
-  [phpDocumentor](https://www.phpdoc.org/) - Analyzes PHP source code to generate documentation.
-  [phploc](https://github.com/sebastianbergmann/phploc) - A tool for quickly measuring the size and analyzing the structure of a PHP project.
-  [PHPMD](https://phpmd.org/) - Finds possible bugs in your code.
-  [PhpMetrics](http://www.phpmetrics.org/) - Calculates and visualizes various code quality metrics.
-  [phpmnd](https://github.com/povils/phpmnd) - Helps to detect magic numbers.
--  [PHPQA](https://edgedesigncz.github.io/phpqa/) - A tool for running QA tools (phploc, phpcpd, phpcs, pdepend, phpmd, phpmetrics).
+-  [PHPQA](https://edgedesigncz.github.io/phpqa/) :warning: - A tool for running QA tools (phploc, phpcpd, phpcs, pdepend, phpmd, phpmetrics).
-  [phpqa - jakzal](https://github.com/jakzal/phpqa) - Many tools for PHP static analysis in one container.
--  [phpqa - jmolivas](https://github.com/jmolivas/phpqa) - PHPQA all-in-one Analyzer CLI tool.
--  [phpsa](https://github.com/ovr/phpsa) - Static analysis tool for PHP.
+-  [phpqa - jmolivas](https://github.com/jmolivas/phpqa) :warning: - PHPQA all-in-one Analyzer CLI tool.
+-  [phpsa](https://github.com/ovr/phpsa) :warning: - Static analysis tool for PHP.
-  [PHPStan](https://phpstan.org/) - PHP Static Analysis Tool - discover bugs in your code without running it!
-  [Progpilot](https://github.com/designsecurity/progpilot) - A static analysis tool for security purposes.
-  [Psalm](https://psalm.dev/) - Static analysis tool for finding type errors in PHP applications.
--  [Qafoo Quality Analyzer](https://github.com/Qafoo/QualityAnalyzer) - Visualizes metrics and source code.
--  [Tuli](https://github.com/ircmaxell/Tuli) - A static analysis engine.
--  [twig-lint](https://github.com/asm89/twig-lint) - twig-lint is a lint tool for your twig files.
+-  [Qafoo Quality Analyzer](https://github.com/Qafoo/QualityAnalyzer) :warning: - Visualizes metrics and source code.
+-  [Tuli](https://github.com/ircmaxell/Tuli) :warning: - A static analysis engine.
+-  [twig-lint](https://github.com/asm89/twig-lint) :warning: - twig-lint is a lint tool for your twig files.
- [WAP](https://securityonline.info/owasp-wap-web-application-protection-project/) - Tool to detect and correct input validation vulnerabilities in PHP (4.0 or higher) web applications and predicts false positives by combining static analysis and data mining.
@@ -473,12 +473,12 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
Python
-  [bandit](https://bandit.readthedocs.io/en/latest/) - A tool to find common security issues in Python code.
--  [bellybutton](https://github.com/hchasestevens/bellybutton) - A linting engine supporting custom project-specific rules.
--  [cohesion](https://github.com/mschwager/cohesion) - A tool for measuring Python class cohesion.
+-  [bellybutton](https://github.com/hchasestevens/bellybutton) :warning: - A linting engine supporting custom project-specific rules.
+-  [cohesion](https://github.com/mschwager/cohesion) :warning: - A tool for measuring Python class cohesion.
-  [Dlint](https://github.com/dlint-py/dlint) - A tool for ensuring Python code is secure.
--  [include-gardener](https://github.com/feddischson/include_gardener) - A multi-language static analyzer for C/C++/Obj-C/Python/Ruby to create a graph (in dot or graphml format) which shows all `#include` relations of a given set of files.
+-  [include-gardener](https://github.com/feddischson/include_gardener) :warning: - A multi-language static analyzer for C/C++/Obj-C/Python/Ruby to create a graph (in dot or graphml format) which shows all `#include` relations of a given set of files.
-  [jedi](https://jedi.readthedocs.io/en/latest/) - Autocompletion/static analysis library for Python.
--  [linty fresh](https://github.com/lyft/linty_fresh) - Parse lint errors and report them to Github as comments on a pull request.
+-  [linty fresh](https://github.com/lyft/linty_fresh) :warning: - Parse lint errors and report them to Github as comments on a pull request.
-  [mccabe](https://pypi.org/project/mccabe/) - Check McCabe complexity.
-  [mypy](http://www.mypy-lang.org/) - A static type checker that aims to combine the benefits of duck typing and static typing, frequently used with [MonkeyType](https://github.com/Instagram/MonkeyType).
-  [py-find-injection](https://github.com/uber/py-find-injection) :warning: - Find SQL injection vulnerabilities in Python code.
@@ -488,7 +488,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
-  [pylint](http://pylint.pycqa.org/en/latest/) - Looks for programming errors, helps enforcing a coding standard and sniffs for some code smells. It additionally includes `pyreverse` (an UML diagram generator) and `symilar` (a similarities checker).
-  [pyre-check](https://pyre-check.org/) - A fast, scalable type checker for large Python codebases.
-  [pyright](https://github.com/Microsoft/pyright) - Static type checker for Python, created to address gaps in existing tools like mypy.
--  [pyroma](https://github.com/regebro/pyroma) - Rate how well a Python project complies with the best practices of the Python packaging ecosystem, and list issues that could be improved.
+-  [pyroma](https://github.com/regebro/pyroma) :warning: - Rate how well a Python project complies with the best practices of the Python packaging ecosystem, and list issues that could be improved.
-  [Pysa](https://pyre-check.org/docs/pysa-basics.html) - A tool based on Facebook's pyre-check to identify potential security issues in Python code identified with taint analysis.
-  [PyT - Python Taint](https://github.com/python-security/pyt) :warning: - A static analysis tool for detecting security vulnerabilities in Python web applications.
-  [pytype](https://google.github.io/pytype/) - A static type analyzer for Python code.
@@ -501,8 +501,8 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
R
--  [cyclocomp](https://github.com/MangoTheCat/cyclocomp) - Quantifies the cyclomatic complexity of R functions / expressions.
--  [goodpractice](http://mangothecat.github.io/goodpractice/) - Analyses the source code for R packages and provides best-practice recommendations.
+-  [cyclocomp](https://github.com/MangoTheCat/cyclocomp) :warning: - Quantifies the cyclomatic complexity of R functions / expressions.
+-  [goodpractice](http://mangothecat.github.io/goodpractice/) :warning: - Analyses the source code for R packages and provides best-practice recommendations.
-  [lintr](https://github.com/jimhester/lintr) - Static Code Analysis for R.
@@ -514,14 +514,14 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
Ruby
-  [brakeman](https://brakemanscanner.org/) - A static analysis security vulnerability scanner for Ruby on Rails applications.
--  [cane](https://github.com/square/cane) - Code quality threshold checking as part of your build.
--  [flay](https://ruby.sadi.st/Flay.html) - Flay analyzes code for structural similarities.
--  [flog](https://ruby.sadi.st/Flog.html) - Flog reports the most tortured code in an easy to read pain report. The higher the score, the more pain the code is in.
--  [include-gardener](https://github.com/feddischson/include_gardener) - A multi-language static analyzer for C/C++/Obj-C/Python/Ruby to create a graph (in dot or graphml format) which shows all `#include` relations of a given set of files.
+-  [cane](https://github.com/square/cane) :warning: - Code quality threshold checking as part of your build.
+-  [flay](https://ruby.sadi.st/Flay.html) :warning: - Flay analyzes code for structural similarities.
+-  [flog](https://ruby.sadi.st/Flog.html) :warning: - Flog reports the most tortured code in an easy to read pain report. The higher the score, the more pain the code is in.
+-  [include-gardener](https://github.com/feddischson/include_gardener) :warning: - A multi-language static analyzer for C/C++/Obj-C/Python/Ruby to create a graph (in dot or graphml format) which shows all `#include` relations of a given set of files.
-  [laser](https://github.com/michaeledgar/laser) :warning: - Static analysis and style linter for Ruby code.
--  [pelusa](https://github.com/codegram/pelusa) - Static analysis Lint-type tool to improve your OO Ruby code.
+-  [pelusa](https://github.com/codegram/pelusa) :warning: - Static analysis Lint-type tool to improve your OO Ruby code.
-  [Querly](https://github.com/soutaro/querly) - Pattern Based Checking Tool for Ruby.
--  [Railroader](https://railroader.org/) - An open source static analysis security vulnerability scanner for Ruby on Rails applications.
+-  [Railroader](https://railroader.org/) :warning: - An open source static analysis security vulnerability scanner for Ruby on Rails applications.
-  [reek](https://github.com/troessner/reek) - Code smell detector for Ruby.
-  [RuboCop](https://docs.rubocop.org/rubocop/) - A Ruby static code analyzer, based on the community Ruby style guide.
-  [Rubrowser](http://www.emadelsaid.com/rubrowser/) - Ruby classes interactive dependency graph generator.
@@ -537,9 +537,9 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
-  [cargo-audit](https://rustsec.org/) - Audit Cargo.lock for crates with security vulnerabilities reported to the [RustSec Advisory Database](https://github.com/RustSec/advisory-db/).
-  [cargo-inspect](https://github.com/mre/cargo-inspect) - Inspect Rust code without syntactic sugar to see what the compiler does behind the curtains.
-  [clippy](https://rust-lang.github.io/rust-clippy/) - A code linter to catch common mistakes and improve your Rust code.
--  [electrolysis](http://kha.github.io/electrolysis/) - A tool for formally verifying Rust programs by transpiling them into definitions in the Lean theorem prover.
--  [herbie](https://github.com/mcarton/rust-herbie-lint) - Adds warnings or errors to your crate when using a numerically unstable floating point expression.
--  [linter-rust](https://github.com/AtomLinter/linter-rust) - Linting your Rust-files in Atom, using rustc and cargo.
+-  [electrolysis](http://kha.github.io/electrolysis/) :warning: - A tool for formally verifying Rust programs by transpiling them into definitions in the Lean theorem prover.
+-  [herbie](https://github.com/mcarton/rust-herbie-lint) :warning: - Adds warnings or errors to your crate when using a numerically unstable floating point expression.
+-  [linter-rust](https://github.com/AtomLinter/linter-rust) :warning: - Linting your Rust-files in Atom, using rustc and cargo.
-  [MIRAI](https://github.com/facebookexperimental/MIRAI) - And abstract interpreter operating on Rust's mid-level intermediate language, and providing warnings based on taint analysis.
-  [Rust Language Server](https://github.com/rust-lang-nursery/rls) - Supports functionality such as 'goto definition', symbol search, reformatting, and code completion, and enables renaming and refactorings.
-  [rust-analyzer](https://rust-analyzer.github.io/) - Supports functionality such as 'goto definition', type inference, symbol search, reformatting, and code completion, and enables renaming and refactorings.
@@ -549,15 +549,15 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
SQL
-  [sqlcheck](https://github.com/jarulraj/sqlcheck) - Automatically identify anti-patterns in SQL queries.
--  [sqlint](https://github.com/purcell/sqlint) - Simple SQL linter.
+-  [sqlint](https://github.com/purcell/sqlint) :warning: - Simple SQL linter.
-  [tsqllint](https://github.com/tsqllint/tsqllint) - T-SQL-specific linter.
--  [TSqlRules](https://github.com/ashleyglee/TSqlRules) - TSQL Static Code Analysis Rules for SQL Server.
+-  [TSqlRules](https://github.com/ashleyglee/TSqlRules) :warning: - TSQL Static Code Analysis Rules for SQL Server.
Scala
--  [linter](https://github.com/HairyFotr/linter) - Linter is a Scala static analysis compiler plugin which adds compile-time checks for various possible bugs, inefficiencies, and style problems.
--  [Scalastyle](http://www.scalastyle.org) - Scalastyle examines your Scala code and indicates potential problems with it.
+-  [linter](https://github.com/HairyFotr/linter) :warning: - Linter is a Scala static analysis compiler plugin which adds compile-time checks for various possible bugs, inefficiencies, and style problems.
+-  [Scalastyle](http://www.scalastyle.org) :warning: - Scalastyle examines your Scala code and indicates potential problems with it.
-  [scapegoat](https://github.com/sksamuel/scapegoat) - Scala compiler plugin for static code analysis.
-  [WartRemover](https://www.wartremover.org/) - A flexible Scala code linting tool.
@@ -572,7 +572,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
-  [slither](https://github.com/trailofbits/slither) - Static analysis framework that runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses.
-  [solhint](https://protofire.github.io/solhint/) - Solhint is an open source project created by https://protofire.io. Its goal is to provide a linting utility for Solidity code.
--  [solium](https://ethlint.readthedocs.io/en/latest/) - Solium is a linter to identify and fix style and security issues in Solidity smart contracts.
+-  [solium](https://ethlint.readthedocs.io/en/latest/) :warning: - Solium is a linter to identify and fix style and security issues in Solidity smart contracts.
Swift
@@ -592,8 +592,8 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
-  [Codelyzer](http://codelyzer.com/) - A set of tslint rules for static code analysis of Angular 2 TypeScript projects.
-  [ESLint](https://github.com/typescript-eslint/typescript-eslint) - An extensible linter for the TypeScript language.
--  [tslint-clean-code](https://www.npmjs.com/package/tslint-clean-code) - A set of TSLint rules inspired by the Clean Code handbook.
--  [tslint-microsoft-contrib](https://github.com/Microsoft/tslint-microsoft-contrib) - A set of tslint rules for static code analysis of TypeScript projects maintained by Microsoft.
+-  [tslint-clean-code](https://www.npmjs.com/package/tslint-clean-code) :warning: - A set of TSLint rules inspired by the Clean Code handbook.
+-  [tslint-microsoft-contrib](https://github.com/Microsoft/tslint-microsoft-contrib) :warning: - A set of tslint rules for static code analysis of TypeScript projects maintained by Microsoft.
-  [TypeScript Call Graph](https://github.com/whyboris/TypeScript-Call-Graph) - CLI to generate an interactive graph of functions and calls from your TypeScript files
@@ -610,19 +610,19 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
- [AppScan Source](https://www.hcltechsw.com/wps/portal/products/appscan/home) :copyright: - Commercial Static Code Analysis.
- [APPscreener](https://solarappscreener.com/) :copyright: - Static code analysis for binary and source code - Java/Scala, PHP, Javascript, C#, PL/SQL, Python, T-SQL, C/C++, ObjectiveC/Swift, Visual Basic 6.0, Ruby, Delphi, ABAP, HTML5 and Solidity.
-  [ArchUnit](https://www.archunit.org/) - Unit test your Java or Kotlin architecture.
--  [Atom-Beautify](https://atom.io/packages/atom-beautify) - Beautify HTML, CSS, JavaScript, PHP, Python, Ruby, Java, C, C++, C#, Objective-C, CoffeeScript, TypeScript, Coldfusion, SQL, and more in Atom editor.
+-  [Atom-Beautify](https://atom.io/packages/atom-beautify) :warning: - Beautify HTML, CSS, JavaScript, PHP, Python, Ruby, Java, C, C++, C#, Objective-C, CoffeeScript, TypeScript, Coldfusion, SQL, and more in Atom editor.
- [Axivion Bauhaus Suite](https://www.axivion.com/en/products-services-9#products_bauhaussuite) :copyright: - Tracks down error-prone code locations, style violations, cloned or dead code, cyclic dependencies and more for C/C++, C#/.NET, Java and Ada 83/Ada 95.
- [Better Code Hub](https://bettercodehub.com) :copyright: - Better Code Hub checks your GitHub codebase against 10 engineering guidelines devised by the authority in software quality, Software Improvement Group.
-  [Black](https://black.readthedocs.io/en/stable/) - The uncompromising Python code formatter.
- [CAST Highlight](https://www.castsoftware.com/products/highlight) :copyright: - Commercial Static Code Analysis which runs locally, but uploads the results to its cloud for presentation.
--  [checkmake](https://github.com/mrtazz/checkmake) - Linter / Analyzer for Makefiles.
+-  [checkmake](https://github.com/mrtazz/checkmake) :warning: - Linter / Analyzer for Makefiles.
- [Checkmarx CxSAST](https://www.checkmarx.com/products/static-application-security-testing/) :copyright: - Commercial Static Code Analysis which doesn't require pre-compilation.
--  [ciocheck](https://github.com/ContinuumIO/ciocheck) - Linter, formatter and test suite helper. As a linter, it is a wrapper around `pep8`, `pydocstyle`, `flake8`, and `pylint`.
+-  [ciocheck](https://github.com/ContinuumIO/ciocheck) :warning: - Linter, formatter and test suite helper. As a linter, it is a wrapper around `pep8`, `pydocstyle`, `flake8`, and `pylint`.
-  [ClassGraph](https://github.com/classgraph/classgraph) - A classpath and module path scanner for querying or visualizing class metadata or class relatedness.
-  [coala](https://coala.io/) - Language independent framework for creating code analysis - supports [over 60 languages](https://coala.io/languages) by default.
- [Cobra](http://spinroot.com/cobra/) :copyright: - Structural source code analyzer by NASA's Jet Propulsion Laboratory.
- [Codeac](https://www.codeac.io?ref=awesome-static-analysis) :copyright: - Automated code review tool integrates with GitHub, Bitbucket and GitLab (even self-hosted). Available for JavaScript, TypeScript, Python, Ruby, Go, PHP, Java, Docker, and more. (open-source free)
--  [codeburner](http://groupon.github.io/codeburner/) - Provides a unified interface to sort and act on the issues it finds.
+-  [codeburner](http://groupon.github.io/codeburner/) :warning: - Provides a unified interface to sort and act on the issues it finds.
-  [codechecker](https://codechecker.readthedocs.io/en/latest/) - A defect database and viewer extension for the Clang Static Analyzer with web GUI.
- [CodeFactor](https://codefactor.io) :copyright: - Static Code Analysis for C#, C, C++, CoffeeScript, CSS, Groovy, GO, JAVA, JavaScript, Less, Python, Ruby, Scala, SCSS, TypeScript.
- [CodeIt.Right](https://submain.com/products/codeit.right.aspx) :copyright: - CodeIt.Right™ provides a fast, automated way to ensure that your source code adheres to (your) predefined design and style guidelines as well as best coding practices.
@@ -631,9 +631,9 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
- [CodeScene](https://empear.com/) :copyright: - CodeScene prioritizes technical debt, finds social patterns and identifies hidden risks in your code.
-  [Corrode](https://github.com/jameysharp/corrode) :warning: - Semi-automatic translation from C to Rust. Could reveal bugs in the original implementation by showing Rust compiler warnings and errors. Superseded by C2Rust.
- [Coverity](https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html) :copyright: - Synopsys Coverity supports 20 languages and over 70 frameworks including Ruby on rails, Scala, PHP, Python, JavaScript, TypeScript, Java, Fortran, C, C++, C#, VB.NET.
--  [cqc](https://github.com/xcatliu/cqc) - Check your code quality for js, jsx, vue, css, less, scss, sass and styl files.
--  [CSScomb](https://github.com/csscomb/csscomb.js) - A coding style formatter for CSS. Supports own configurations to make style sheets beautiful and consistent.
--  [dawnscanner](https://github.com/thesp0nge/dawnscanner) - A static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
+-  [cqc](https://github.com/xcatliu/cqc) :warning: - Check your code quality for js, jsx, vue, css, less, scss, sass and styl files.
+-  [CSScomb](https://github.com/csscomb/csscomb.js) :warning: - A coding style formatter for CSS. Supports own configurations to make style sheets beautiful and consistent.
+-  [dawnscanner](https://github.com/thesp0nge/dawnscanner) :warning: - A static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
- [DeepCode](https://www.deepcode.ai/) :copyright: - DeepCode finds bugs, security vulnerabilities, performance and API issues based on AI. DeepCode's speed of analysis allow us to analyse your code in real time and deliver results when you hit the save button in your IDE. Supported languages are Java, C/C++, JavaScript, Python, and TypeScript. Integrations with GitHub, BitBucket and Gitlab.
- [DeepSource](https://deepsource.io/) :copyright: - In-depth static analysis to find issues in verticals of bug risks, security, anti-patterns, performance, documentation and style. Native integrations with GitHub, GitLab and Bitbucket. Less than 5% false positives.
-  [Depends](https://github.com/multilang-depends/depends) - Analyses the comprehensive dependencies of code elements for Java, C/C++, Ruby.
@@ -645,11 +645,11 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
- [Fortify](https://software.microfocus.com/en-us/products/static-code-analysis-sast/overview) :copyright: - A commercial static analysis platform that supports the scanning of C/C++, C#, VB.NET, VB6, ABAP/BSP, ActionScript, Apex, ASP.NET, Classic ASP, VB Script, Cobol, ColdFusion, HTML, Java, JS, JSP, MXML/Flex, Objective-C, PHP, PL/SQL, T-SQL, Python (2.6, 2.7), Ruby (1.9.3), Swift, Scala, VB, and XML.
-  [Go Meta Linter](https://github.com/alecthomas/gometalinter) :warning: - Concurrently run Go lint tools and normalise their output. Use `golangci-lint` for new projects.
-  [Goodcheck](https://sider.github.io/goodcheck/) - Regexp based customizable linter.
--  [goreporter](https://github.com/360EntSecGroup-Skylar/goreporter) - Concurrently runs many linters and normalises their output to a report.
+-  [goreporter](https://github.com/360EntSecGroup-Skylar/goreporter) :warning: - Concurrently runs many linters and normalises their output to a report.
-  [graudit](http://www.justanotherhacker.com/) - Grep rough audit - source code auditing tool.
-  [Hopper](https://github.com/cuplv/hopper) :warning: - A static analysis tool written in scala for languages that run on JVM.
-  [Hound CI](https://houndci.com/) - Comments on style violations in GitHub pull requests. Supports Coffeescript, Go, HAML, JavaScript, Ruby, SCSS and Swift.
--  [imhotep](https://github.com/justinabrahms/imhotep) - Comment on commits coming into your repository and check for syntactic errors and general lint warnings.
+-  [imhotep](https://github.com/justinabrahms/imhotep) :warning: - Comment on commits coming into your repository and check for syntactic errors and general lint warnings.
-  [Infer](https://fbinfer.com/) - A static analyzer for Java, C and Objective-C
-  [InsiderSec](https://insidersec.io/) - A open source Static Application Security Testing tool (SAST) written in GoLang for Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C# and Javascript (Node.js).
- [Kiuwan](https://www.kiuwan.com/code-security-sast/) :copyright: - Identify and remediate cyber threats in a blazingly fast, collaborative environment, with seamless integration in your SDLC. Python, C\C++, Java, C#, PHP and more.
@@ -672,10 +672,10 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
- [PullRequest](https://www.pullrequest.com) :copyright: - Code review as a service with built-in static analysis.
-  [Puma Scan](https://pumasecurity.io/) - Puma Scan provides real time secure code analysis for common vulnerabilities (XSS, SQLi, CSRF, LDAPi, crypto, deserialization, etc.) as development teams write code in Visual Studio.
- [PVS-Studio](https://www.viva64.com/en/pvs-studio/) :copyright: - A ([conditionally free](https://www.viva64.com/en/b/0614/) for FOSS and individual developers) static analysis of C, C++, C# and Java code. For advertising purposes [you can propose a large FOSS project for analysis by PVS employees](https://github.com/viva64/pvs-studio-check-list). Supports CWE mapping, MISRA and CERT coding standards.
--  [quality](https://github.com/apiology/quality) - Runs quality checks on your code using community tools, and makes sure your numbers don't get any worse over time.
+-  [quality](https://github.com/apiology/quality) :warning: - Runs quality checks on your code using community tools, and makes sure your numbers don't get any worse over time.
- [Qualys Container Security](https://www.qualys.com/apps/container-security/) :copyright: - Container native application protection to provide visibility and control of containerized applications.
-  [QuantifiedCode](https://github.com/quantifiedcode/quantifiedcode) :warning: - Automated code review & repair.
--  [Refactoring Essentials](https://marketplace.visualstudio.com/items?itemName=SharpDevelopTeam.RefactoringEssentialsforVisualStudio) - The free Visual Studio 2015 extension for C# and VB.NET refactorings, including code best practice analyzers.
+-  [Refactoring Essentials](https://marketplace.visualstudio.com/items?itemName=SharpDevelopTeam.RefactoringEssentialsforVisualStudio) :warning: - The free Visual Studio 2015 extension for C# and VB.NET refactorings, including code best practice analyzers.
-  [relint](https://github.com/codingjoe/relint) - A static file linter that allows you to write custom rules using regular expressions (RegEx).
- [ReSharper](https://www.jetbrains.com/resharper/) :copyright: - Extends Visual Studio with on-the-fly code inspections for C#, VB.NET, ASP.NET, JavaScript, TypeScript and other technologies.
-  [Reviewdog](https://github.com/haya14busa/reviewdog) - A tool for posting review comments from any linter in any code hosting service.
@@ -701,8 +701,8 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
-  [SwiftFormat](https://github.com/nicklockwood/SwiftFormat) - A library and command-line formatting tool for reformatting Swift code.
- [Synopsys](https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html) :copyright: - A commercial static analysis platform that allows for scanning of multiple languages (C/C++, Android, C#, Java, JS, PHP, Python, Node.JS, Ruby, Fortran, and Swift).
- [Teamscale](http://www.teamscale.com/) :copyright: - Static and dynamic analysis tool supporting more than 25 languages and direct IDE integration. Free hosting for Open Source projects available on request. Free academic licenses available.
--  [TscanCode](https://github.com/Tencent/TscanCode) - A fast and accurate static analysis solution for C/C++, C#, Lua codes provided by Tencent. Using GPLv3 license.
--  [Undebt](https://github.com/Yelp/undebt) - Language-independent tool for massive, automatic, programmable refactoring based on simple pattern definitions.
+-  [TscanCode](https://github.com/Tencent/TscanCode) :warning: - A fast and accurate static analysis solution for C/C++, C#, Lua codes provided by Tencent. Using GPLv3 license.
+-  [Undebt](https://github.com/Yelp/undebt) :warning: - Language-independent tool for massive, automatic, programmable refactoring based on simple pattern definitions.
-  [Unibeautify](https://unibeautify.com/) - Universal code beautifier with a GitHub app. Supports HTML, CSS, JavaScript, TypeScript, JSX, Vue, C++, Go, Objective-C, Java, Python, PHP, GraphQL, Markdown, and more.
- [Upsource](https://www.jetbrains.com/upsource/) :copyright: - Code review tool with static code analysis and code-aware navigation for Java, PHP, JavaScript and Kotlin.
- [Veracode](http://www.veracode.com/products/static-analysis-sast/static-code-analysis) :copyright: - Find flaws in binaries and bytecode without requiring source. Support all major programming languages: Java, .NET, JavaScript, Swift, Objective-C, C, C++ and more.
@@ -726,29 +726,29 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
-  [cwe_checker](https://github.com/fkie-cad/cwe_checker) - cwe_checker finds vulnerable patterns in binary executables.
-  [Ghidra](https://ghidra-sre.org) - A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission
- [IDA Free](https://www.hex-rays.com/products/ida/support/download_freeware/) :copyright: - Binary code analysis tool.
--  [Jakstab](https://github.com/jkinder/jakstab) - Jakstab is an Abstract Interpretation-based, integrated disassembly and static analysis framework for designing analyses on executables and recovering reliable control flow graphs.
+-  [Jakstab](https://github.com/jkinder/jakstab) :warning: - Jakstab is an Abstract Interpretation-based, integrated disassembly and static analysis framework for designing analyses on executables and recovering reliable control flow graphs.
-  [Manalyze](https://github.com/JusticeRage/Manalyze) - A static analyzer, which checks portable executables for malicious content.
-  [Twiggy](https://rustwasm.github.io/twiggy/) - Analyzes a binary's call graph to profile code size. The goal is to slim down binaries.
CSS/SASS/SCSS
--  [CSS Stats](https://cssstats.com/) - Potentially interesting stats on stylesheets.
--  [CSSLint](http://csslint.net/) - Does basic syntax checking and finds problematic patterns or signs of inefficiency.
--  [GraphMyCSS.com](https://graphmycss.com) - CSS Specificity Graph Generator.
--  [Parker](https://github.com/katiefenn/parker) - Stylesheet analysis tool.
+-  [CSS Stats](https://cssstats.com/) :warning: - Potentially interesting stats on stylesheets.
+-  [CSSLint](http://csslint.net/) :warning: - Does basic syntax checking and finds problematic patterns or signs of inefficiency.
+-  [GraphMyCSS.com](https://graphmycss.com) :warning: - CSS Specificity Graph Generator.
+-  [Parker](https://github.com/katiefenn/parker) :warning: - Stylesheet analysis tool.
-  [PostCSS](https://postcss.org/) - A tool for transforming styles with JS plugins. These plugins can lint your CSS, support variables and mixins, transpile future CSS syntax, inline images, and more.
-  [Project Wallace CSS Analyzer](https://www.projectwallace.com/) - Analytics for CSS, part of [Project Wallace](https://www.projectwallace.com).
-  [sass-lint](https://github.com/sasstools/sass-lint) :warning: - A Node-only Sass linter for both sass and scss syntax.
-  [scsslint](https://github.com/brigade/scss-lint) :warning: - Linter for SCSS files.
--  [Specificity Graph](https://jonassebastianohlsson.com/specificity-graph/) - CSS Specificity Graph Generator.
+-  [Specificity Graph](https://jonassebastianohlsson.com/specificity-graph/) :warning: - CSS Specificity Graph Generator.
-  [Stylelint](http://stylelint.io/) - Linter for SCSS/CSS files.
Config Files
-  [dotenv-linter](https://dotenv-linter.readthedocs.io/en/latest/) - Linting dotenv files like a charm.
--  [gixy](https://github.com/yandex/gixy) - A tool to analyze Nginx configuration. The main goal is to prevent misconfiguration and automate flaw detection.
+-  [gixy](https://github.com/yandex/gixy) :warning: - A tool to analyze Nginx configuration. The main goal is to prevent misconfiguration and automate flaw detection.
Configuration Management
@@ -759,7 +759,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
-  [checkov](https://www.checkov.io/) - Static analysis tool for Terraform files (tf>=v0.12), preventing cloud misconfigs at build time.
-  [cookstyle](https://docs.chef.io/cookstyle.html) - Cookstyle is a linting tool based on the RuboCop Ruby linting tool for Chef cookbooks.
-  [foodcritic](http://www.foodcritic.io/) - A lint tool that checks Chef cookbooks for common problems.
--  [Puppet Lint](https://github.com/rodjek/puppet-lint) - Check that your Puppet manifests conform to the style guide.
+-  [Puppet Lint](https://github.com/rodjek/puppet-lint) :warning: - Check that your Puppet manifests conform to the style guide.
-  [terraform-compliance](https://terraform-compliance.com) - A lightweight, compliance- and security focused, BDD test framework against Terraform.
-  [terrascan](https://github.com/cesar-rodriguez/terrascan) - Collection of security and best practice tests for static code analysis of Terraform templates.
-  [tflint](https://github.com/wata727/tflint) - A Terraform linter for detecting errors that can not be detected by `terraform plan`.
@@ -769,9 +769,9 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
-  [anchore](https://anchore.io/) - Discover, analyze, and certify container images.
-  [clair](https://github.com/coreos/clair) - Vulnerability Static Analysis for Containers.
--  [collector](https://github.com/banyanops/collector) - Run arbitrary scripts inside containers, and gather useful information.
--  [dagda](https://github.com/eliasgranderubio/dagda) - Perform static analysis of known vulnerabilities in docker images/containers.
--  [Docker Label Inspector](https://github.com/garethr/docker-label-inspector) - Lint and validate Dockerfile labels.
+-  [collector](https://github.com/banyanops/collector) :warning: - Run arbitrary scripts inside containers, and gather useful information.
+-  [dagda](https://github.com/eliasgranderubio/dagda) :warning: - Perform static analysis of known vulnerabilities in docker images/containers.
+-  [Docker Label Inspector](https://github.com/garethr/docker-label-inspector) :warning: - Lint and validate Dockerfile labels.
-  [Haskell Dockerfile Linter](https://github.com/lukasmartinelli/hadolint) - A smarter Dockerfile linter that helpsyou build best practice Docker images.
-  [kube-score](https://kube-score.com/) - Static code analysis of your Kubernetes object definitions.
-  [kubeval](https://kubeval.instrumenta.dev/) - Validates your Kubernetes configuration files and supports multiple Kubernetes versions.
@@ -793,7 +793,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
-  [grunt-bootlint](https://github.com/twbs/grunt-bootlint) - A Grunt wrapper for [Bootlint](https://github.com/twbs/bootlint), the HTML linter for Bootstrap projects.
-  [gulp-bootlint](https://github.com/tschortsch/gulp-bootlint) - A gulp wrapper for [Bootlint](https://github.com/twbs/bootlint), the HTML linter for Bootstrap projects.
-  [HTML Inspector](https://github.com/philipwalton/html-inspector) :warning: - HTML Inspector is a code quality tool to help you and your team write better markup.
--  [HTML Tidy](http://www.html-tidy.org/) - Corrects and cleans up HTML and XML documents by fixing markup errors and upgrading legacy code to modern standards.
+-  [HTML Tidy](http://www.html-tidy.org/) :warning: - Corrects and cleans up HTML and XML documents by fixing markup errors and upgrading legacy code to modern standards.
-  [HTMLHint](https://htmlhint.com/) - A Static Code Analysis Tool for HTML.
@@ -824,15 +824,15 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
Mobile
- [Android Lint](http://tools.android.com/tips/lint) - Run static analysis on Android projects.
--  [android-lint-summary](https://passy.github.io/android-lint-summary/) - Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once.
+-  [android-lint-summary](https://passy.github.io/android-lint-summary/) :warning: - Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once.
-  [FlowDroid](https://github.com/secure-software-engineering/FlowDroid) - Static taint analysis tool for Android applications.
--  [paprika](https://github.com/GeoffreyHecht/paprika) - A toolkit to detect some code smells in analyzed Android applications.
--  [qark](https://github.com/linkedin/qark) - Tool to look for several security related Android application vulnerabilities.
+-  [paprika](https://github.com/GeoffreyHecht/paprika) :warning: - A toolkit to detect some code smells in analyzed Android applications.
+-  [qark](https://github.com/linkedin/qark) :warning: - Tool to look for several security related Android application vulnerabilities.
Packages
--  [lintian](https://lintian.debian.org/) - Static analysis tool for Debian packages.
+-  [lintian](https://lintian.debian.org/) :warning: - Static analysis tool for Debian packages.
-  [rpmlint](https://github.com/rpm-software-management/rpmlint) - Tool for checking common errors in rpm packages.