Open Source Mac Static Code Analysis Tools - Page 2
Sort By:
Static Code Analysis Tools for Mac
View 17 business solutions-
Simplify Purchasing For Your BusinessSimplify every aspect of buying for your business in Order.co. From sourcing products to scaling purchasing across locations to automating your AP and approvals workstreams, Order.co is the platform of choice for growing businesses.
-
Loan management software that makes it easy.Bryt Software is ideal for lending professionals who are looking for a feature rich loan management system that is intuitive and easy to use. We are 100% cloud-based, software as a service. We believe in providing our customers with fair and honest pricing. Our monthly fees are based on your number of users and we have a minimal implementation charge.
-
1
Kibit
There's a function for that
kibit is a static analysis tool for Clojure/ClojureScript that detects code patterns that can be rewritten more idiomatically. Based on core.logic, it suggests replacements—like using when instead of if for single-branch logic. It integrates via the command line or Leiningen plugin, enhancing code quality and readability. -
2
PHPStan Symfony Framework extensions
Symfony extension for PHPStan
Symfony extension for PHPStan. Sometimes, when you are dealing with optional dependencies, the ::has() methods can cause problems. For example, the following construct would complain that the condition is always either on or off, depending on whether you have the dependency for service installed. You can opt in for more advanced analysis of Symfony Console Commands by providing the console application from your own application. This will allow the correct argument and option types to be inferred when accessing $input-getArgument() or $input->getOption(). -
3
RuboCop
A Ruby static code analyzer and formatter, based on the community Ruby
RuboCop is a Ruby static code analyzer (a.k.a. linter) and code formatter. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide. RuboCop packs a lot of features on top of what you’d normally expect from a linter. Works with every major Ruby implementation. Autocorrection of many of the code offenses it detects. Robust code formatting capabilities. Multiple result for matters for both interactive use and for feeding data into other tools. Ability to have different configurations for different parts of your codebase. Ability to disable certain cops only for specific files or parts of files. Extremely flexible configuration that allows you to adapt RuboCop to pretty much every style and preference. It’s easy to extend RuboCop with custom cops and formatters. Many online services use RuboCop internally (e.g. HoundCI, Sider and CodeClimate). -
4
Zine
Fast, Scalable, Flexible Static Site Generator (SSG)
A Zine site is a collection of content files and layouts. Zine turns your content into HTML, styles it using your layouts, and finally copies the result (alongside other assets like images) into an output directory that you can then publish on static hosting services like GitHub Pages. Zine uses a structured approach to content authoring that helps keep sizeable content collections manageable. Similarly, the build process uses surgical dependency tracking to ensure minimal rebuilds, keeping the authoring experience excellent at all scales. SuperMD is an extension of Markdown that allows you to define embedded assets and semantic constructs that would be impossible to express in Markdown without using inline HTML. SuperHTML is an extension of HTML5 that focuses on expressing correct templating logic. With SuperHTML it's impossible to generate malformed HTML and most mistakes become build-time errors. -
Award-Winning Medical Office Software Designed for Your SpecialtyRXNT is an ambulatory healthcare technology pioneer that empowers medical practices and healthcare organizations to succeed and scale through innovative, data-backed, AI-powered software.
-
5
codelyzer
Static analysis for Angular projects
A set of tslint rules for static code analysis of Angular TypeScript projects. (If you are using ESLint check out the new angular-eslint repository.). You can run the static code analyzer over web apps, NativeScript, Ionic, etc. Note that by default all components are aligned with the style guide so you won't see any errors in the console. Codelyzer supports any template and style language by custom hooks. If you're using Sass for instance, you can allow codelyzer to analyze your styles by creating a file .codelyzer.js in the root of your project (where the node_modules directory is). In the configuration file can implement custom pre-processing and template resolution logic. Lint rules encode logic for syntactic & semantic checks of TypeScript, HTML, CSS and Angular expressions source code. -
6
lintr
Static Code Analysis for R
lintr is a static code analysis tool for R that identifies syntax errors, style inconsistencies, and other potential issues in R scripts and packages. It supports customizable lint rules and integrates with many editors to provide realtime feedback and enforce coding standards (e.g., tidyverse style). -
7
AWS IoT Device Defender Library
Client library for using AWS IoT Defender service on embedded devices
The Device Defender library enables you to send device metrics to the AWS IoT Device Defender Service. This library also supports custom metrics, a feature that helps you monitor operational health metrics that are unique to your fleet or use case. For example, you can define a new metric to monitor the memory usage or CPU usage on your devices. This library has no dependencies on any additional libraries other than the standard C library, and therefore, can be used with any MQTT client library. This library is distributed under the MIT Open Source License. This library has gone through code quality checks including verification that no function has a GNU Complexity score over 8, and checks against deviations from mandatory rules in the MISRA coding standard. Deviations from the MISRA C:2012 guidelines are documented under MISRA Deviations. This library has also undergone static code analysis using Coverity static analysis. -
8
AWS IoT Jobs library
Client library for using AWS IoT Jobs service on embedded devices
The AWS IoT Jobs library helps you notify connected IoT devices of a pending Job. A Job can be used to manage your fleet of devices, update firmware and security certificates on your devices, or perform administrative tasks such as restarting devices and performing diagnostics. It interacts with the AWS IoT Jobs service using MQTT, a lightweight publish-subscribe protocol. This library provides a convenience API to compose and recognize the MQTT topic strings used by the Jobs service. The library is written in C compliant with ISO C90 and MISRA C:2012, and is distributed under the MIT Open Source License. This library has gone through code quality checks including verification that no function has a GNU Complexity score over 8, and checks against deviations from mandatory rules in the MISRA coding standard. Deviations from the MISRA C:2012 guidelines are documented under MISRA Deviations. This library has also undergone both static code analysis from Coverity. -
9
AWS SigV4 Library
AWS library to sign AWS HTTP requests with Signature Version 4
The AWS SigV4 Library is a standalone library for generating authorization headers and signatures according to the specifications of the Signature Version 4 signing process. Authorization headers are required for authentication when sending HTTP requests to AWS. This library can optionally be used by applications sending direct HTTP requests to AWS services requiring SigV4 authentication. This library has no dependencies on any additional libraries other than the standard C library. This library is distributed under the MIT Open Source License. This library has gone through code quality checks including verification that no function has a GNU Complexity score over 8, and checks against deviations from mandatory rules in the MISRA coding standard. Deviations from the MISRA C:2012 guidelines are documented under MISRA Deviations. This library has also undergone static code analysis using Coverity static analysis, and validation of memory safety through the CBMC automated reasoning tool. -
Premier Construction SoftwareRated #1 Construction Accounting Software by Forbes Advisor in 2022 & 2023. Our modern SAAS solution is designed to meet the needs of General Contractors, Developers/Owners, Homebuilders & Specialty Contractors.
-
10
Doctrine extensions for PHPStan
Doctrine extensions for PHPStan
DQL validation for parse errors, unknown entity classes and unknown persistent fields. QueryBuilder validation is also supported. Recognizes magic findBy*, findOneBy* and countBy* methods on EntityRepository. Validates entity fields in repository findBy, findBy, findOneBy, findOneBy, count and countBy method calls. Interprets EntityRepository MyEntity correctly in phpDocs for further type inference of methods called on the repository. Provides correct return for Doctrine\ORM\EntityManager::getRepository(). Provides correct return type for Doctrine\ORM\EntityManager::find, getReference and getPartialReference when Foo::class entity class name is provided as the first argument. Queries are analyzed statically and do not require a running database server. This makes use of the Doctrine DQL parser and entities metadata. -
11
Error Prone
Catch common Java mistakes as compile-time errors
Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time. It’s common for even the best programmers to make simple mistakes. And sometimes a refactoring that seems safe can leave behind code that will never do what’s intended. We’re used to getting help from the compiler, but it doesn’t do much beyond static type checking. Using Error Prone to augment the compiler’s type analysis, you can catch more mistakes before they cost you time, or end up as bugs in production. We use Error Prone in Google’s Java build system to eliminate classes of serious bugs from entering our code, and we’ve open-sourced it, so you can too. -
12
JSHint
A tool that helps to detect errors and in your JavaScript code
JSHint is a community-driven tool that detects errors and potential problems in JavaScript code. Since JSHint is so flexible, you can easily adjust it in the environment you expect your code to execute. JSHint is publicly available and will always stay this way. The project aims to help JavaScript developers write complex programs without worrying about typos and language gotchas. Any code base eventually becomes huge at some point, so simple mistakes, that would not show themselves when written, can become show stoppers and add extra hours of debugging. So, static code analysis tools come into play and help developers spot such problems. JSHint scans a program written in JavaScript and reports about commonly made mistakes and potential bugs. The potential problem could be a syntax error, a bug due to an implicit type conversion, a leaking variable, or something else entirely. -
13
PHPStan
Dscover bugs in your code without running it!
PHPStan finds bugs in your code without writing tests. It's open-source and free. PHPStan scans your whole codebase and looks for both obvious & tricky bugs. Even in those rarely executed if statements that certainly aren't covered by tests. You can run it on your machine and in CI to prevent those bugs ever reaching your customers in production. Thanks to rule levels you don't get overwhelmed with thousands of errors on the first run. You can increase PHPStan's capabilities on your code at your own pace. It makes work feel like a game. It doesn't matter how old your code is, PHPStan is here to help you improve it. Thanks to the baseline, you can start writing better code today. PHPStan offers extensions for popular frameworks like Symfony, Laravel or Doctrine. Even code taking advantage of magic methods and properties is understood well. -
14
ngrev
Tool for reverse engineering of Angular applications
Graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship between the different modules, providers, and directives. The tool performs static code analysis which means that you don't have to run your application in order to use it. ngrev is not maintained by the Angular team. It's a side project developed by the open-source community. The application is not signed, so you may have to explicitly allow your mac to run it in System Preferences. You can add your own theme by creating a [theme-name].theme.json file in Electron [userData]/themes. For a sample theme see Dark. Your application needs to be compatible with Angular Ivy compiler. ngrev is not tested with versions older than v11. To stay up to date check the update guide on angular.io. -
15
AWS IoT Over-the-air Update Library
Manage the notification of a newly available update
The OTA library enables you to manage the notification of a newly available update, download the update, and perform cryptographic verification of the firmware update. Using the library, you can logically separate firmware updates from the application running on your devices. The OTA library can share a network connection with the application, saving memory in resource-constrained devices. In addition, the OTA library lets you define application-specific logic for testing, committing, or rolling back a firmware update. The library supports different application protocols like Message Queuing Telemetry Transport (MQTT) and Hypertext Transfer Protocol (HTTP), and provides various configuration options you can fine-tune depending on network type and conditions. This library is distributed under the MIT Open Source License. This library has gone through code quality checks including verification that no function has a GNU Complexity score over 8. -
16
Anduin
A scripting language for industrial software
Anduin aims to replace perl, python, tcl, and others as the workhorse language in industrial programming projects. It places emphasis on enabling the interpreter to perform compile-time static code analysis as a means of closing the development loop faster and letting fewer bugs get to the user. -
17
AutoReplacerPlus
Automatic correction of software bugs and grammar mistakes
Automatic correction of software bugs announced in compilers (clang, gcc) / Static Code Analysis tools (cppcheck, FindBugs) and grammar/style errors like in LanguageTool. Usage: use tool (e.g. cppcheck) and store results in a text file. Afterwards call: autoreplacerplus mytextfile -
18
GoKart
A static analysis tool for securing Go code
GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For instance, a SQL query that is concatenated with a variable might traditionally be flagged as SQL injection; however, GoKart can figure out if the variable is actually a constant or constant equivalent, in which case there is no vulnerability. GoKart also helps to power Chariot, Praetorian's security platform that helps you find, manage, and fix vulnerabilities in your source code and cloud environments. Chariot makes it simple to run automated, continuous GoKart scans on your source code. If you want to try GoKart, you can set up a free Chariot account in minutes. -
19
PHPMD
PHPMD is a spin-off project of PHP Depend
PHPMD is a code analysis tool that helps developers identify potential issues in their PHP code by detecting messy, suboptimal, or overly complex code structures. It acts as a companion to PHP_CodeSniffer, focusing on design and logic problems rather than just formatting. PHPMD supports a wide range of rulesets and can be customized to enforce specific coding standards, making it useful for maintaining clean, efficient, and maintainable codebases. -
20
PhpDependencyAnalysis
Static code analysis to find violations in a dependency graph
PhpDependencyAnalysis is an extendable static code analysis for object-oriented PHP-Projects to generate dependency graphs from abstract datatypes (Classes, Interfaces and Traits) based on namespaces. Dependencies can be aggregated to build graphs for several levels, like Package-Level or Layer-Level. Each dependency can be verified to a defined architecture. -
21
React Boilerplate
A highly scalable, offline-first foundation with the best DX
React Boilerplate is a highly scalable, offline-first foundation for React.js applications. It offers the best developer experience with a focus on performance and best practices. React Boilerplate offers predictable state management so you can take control of your app’s state and keep state mutations manageable. It also features next generation JavaScript, so you can stop worrying about browser support or use features like arrow functions, JSX syntax and more. There’s also support for next generation CSS, and being offline first, it allows availability without network connection from the moment your users load the app. React Boilerplate also provides instant feedback, so you can have nothing but the best developer experience! -
22
RuboCop Performance
An extension of RuboCop focused on code performance checks
Performance optimization analysis for your projects, as an extension to RuboCop. You need to tell RuboCop to load the Performance extension. Now you can run rubocop and it will automatically load the RuboCop Performance cops together with the standard cops. You need to tell RuboCop to load the Performance extension. Now you can run rubocop and it will automatically load the RuboCop Performance cops together with the standard cops. -
23
RuboCop Rails
A RuboCop extension focused on enforcing Rails best practices
A RuboCop extension focused on enforcing Rails best practices and coding conventions. It’s based on the community-driven Rails style guide. You need to tell RuboCop to load the Rails extension. Now you can run rubocop and it will automatically load the RuboCop Rails cops together with the standard cops. If you are using Rails 6.1 or newer, add the following config.generators.after_generate setting to your config/application.rb to apply RuboCop autocorrection to code generated by bin/rails g. It uses rubocop -A to apply Style/FrozenStringLiteralComment and other unsafe autocorretion cops. rubocop -A is unsafe autocorrection, but code generated by default is simple and less likely to be incompatible with rubocop -A. If you have problems you can replace it with rubocop -a instead. -
24
Security Code Scan
Vulnerability Patterns Detector for C# and VB.NET
Detects various security vulnerability patterns. SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML eXternal Entity Injection (XXE), etc. Inter-procedural taint analysis for input data. Continuous Integration (CI) support for GitHub and GitLab pipelines. Stand-alone runner or through MSBuild for custom integrations. Analyzes .NET and .NET Core projects in the background (IntelliSense) or during a build. Works with Visual Studio 2019 or higher. Visual Studio Community, Professional and Enterprise editions are supported. Other editors that support Roslyn-based analyzers like Rider or OmniSharp should work too. Security Code Scan (SCS) is not a Linter. It is a real static analysis tool that does extensive computations. Thus installing it as a Visual Studio extension or NuGet package will slow down your Visual Studio IDE. -
25
Soufflé
Datalog variant for tool designers crafting analyses in Horn clauses
Rapid prototyping for your analysis problems with logic; enabling deep design-space explorations; designed for large-scale static analysis; e.g., points-to analysis for Java, taint-analysis, and security checks. Futamura projections/partial evaluation for effective translation to parallel C++; optimized staged compilation; specialized data-structures for logical relations. Efficient translation to parallel C++ of Datalog programs (CAV'16, CC'16) Efficient interpretation using de-specialization techniques (PLDI'21) Specialized data structure for relations (PACT'19, PPoPP'19, PMAM'19) with optimal index selection (VLDB'18) Extended semantics of Datalog, e.g., permitting unbounded recursions with numbers and terms. Simple component model for Datalog specifications. Recursively defined record types/ADTs (aka. constructors) for tuples. User-defined functors. Strongly-typed types for safety. Subsumption, aggregation, Choice Construct (APLAS'21).
