Static code analyzers

Source code with code analysis text

Introduction

Source code analysis tools are powerful to detect security flaws in programming code or compiled versions. These are the open source tools that are available.

Source code analysis tools help analyzing source code or compiled versions of this code. The primary goal is to detect security flaws. This category of tools is also referred to as SAST tools, short for Static Application Security Testing.

Implementing analysis tools into the build process can help with discovery unexpected behavior and security flaws. Detecting these security issues early in the development phase can reduce costs greatly. Besides reducing the time that otherwise would be spent on releasing new software, it can also avoid public embarrassment.

Most of the tools in this category are focused on a particular programming language. So select the tools based on the language that they support. Also, some of the tools can be perfectly combined to increase the coverage of the code inspection. Hopefully more secure code is released by using the tools listed in this category. Happy coding!

Usage

Static code analyzers are typically used for safe software development and software testing.

Users for these tools include developers, security professionals.

Tools

Static code analyzers
ToolTypeDescriptionLatest releaseRelease dateScore
angrBinary analysis frameworkAngr is a security tool written in Python to allow analyzing binaries. It provides a combination of static and dynamic analysis.UnknownUnknown74
BanditPython static code analyzerBandit is an AST-based static analyzer for analyzing Python code. It helps with finding code flaws that could lead to security vulnerabilities.1.4.0Jan. 6, 201760
grauditStatic code analysis toolGraudit is a security tool to perform static code analysis by using the grep tool. It is a lightweight solution to find common issues in code.2.1April 5, 201770
PyTStatic code analyzer for PythonPython Taint (or PyT) is a static code analyzer for Python scripts and applications. It tries to discover vulnerabilities or other possible weaknesses.0.34April 24, 201885
ShellhardenLinting tool for shell scriptsShellharden is a tool to improve shell scripts when it comes to using variables and applying quotes properly. The tool can suggest and make the required changes.3.2June 3, 201885
WPSploitScanner for WP themes and pluginsWPSploit helps developers and penetration testers to perform a code audit of WordPress themes and plugins. The tool runs a static code analysis on the systems itself for possible security flaws.UnknownUnknown56
yascaSource code analysisYasca is a tool to perform code analysis and linting. It can be used by developers and security professionals to evaluate the code quality.UnknownUnknown68

Other related categories: code security testing tools, dynamic code analyzers