Static code analyzers
Source code analysis tools are powerful to detect security flaws in programming code or compiled versions. These are the open source tools that are available.
Source code analysis tools help analyzing source code or compiled versions of this code. The primary goal is to detect security flaws. This category of tools is also referred to as SAST tools, short for Static Application Security Testing.
Implementing analysis tools into the build process can help with discovery unexpected behavior and security flaws. Detecting these security issues early in the development phase can reduce costs greatly. Besides reducing the time that otherwise would be spent on releasing new software, it can also avoid public embarrassment.
Most of the tools in this category are focused on a particular programming language. So select the tools based on the language that they support. Also, some of the tools can be perfectly combined to increase the coverage of the code inspection. Hopefully more secure code is released by using the tools listed in this category. Happy coding!
Static code analyzers are typically used for safe software development and software testing.
Users for these tools include developers, security professionals.
|Tool||Type||Description||Latest release||Release date||Score|
|angr||Binary analysis framework||Angr is a security tool written in Python to allow analyzing binaries. It provides a combination of static and dynamic analysis.||Unknown||Unknown||74|
|Bandit||Python static code analyzer||Bandit is an AST-based static analyzer for analyzing Python code. It helps with finding code flaws that could lead to security vulnerabilities.||1.4.0||Jan. 6, 2017||60|
|graudit||Static code analysis tool||Graudit is a security tool to perform static code analysis by using the grep tool. It is a lightweight solution to find common issues in code.||2.1||April 5, 2017||70|
|PyT||Static code analyzer for Python||Python Taint (or PyT) is a static code analyzer for Python scripts and applications. It tries to discover vulnerabilities or other possible weaknesses.||0.34||April 24, 2018||85|
|Shellharden||Linting tool for shell scripts||Shellharden is a tool to improve shell scripts when it comes to using variables and applying quotes properly. The tool can suggest and make the required changes.||3.2||June 3, 2018||85|
|WPSploit||Scanner for WP themes and plugins||WPSploit helps developers and penetration testers to perform a code audit of WordPress themes and plugins. The tool runs a static code analysis on the systems itself for possible security flaws.||Unknown||Unknown||56|
|yasca||Source code analysis||Yasca is a tool to perform code analysis and linting. It can be used by developers and security professionals to evaluate the code quality.||Unknown||Unknown||68|