code-analysis.md

July 15, 2021 · View on GitHub

Refactoring is the controllable process of systematically improving your code without writing new functionality. The goal of refactoring is to pay off technical debt. The mantra of refactoring is clea...

tags: code-analysis, clean

SEI CERT Oracle Coding Standard for Java

^{https://wiki.sei.cmu.edu/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java}

The Java rules and recommendations in this wiki are a work in progress and reflect the current thinking of the secure coding community. Because this is a development website, many pages are incomplete...

tags: java, linter, code-analysis

apicompat

^{https://github.com/bradleyfalzon/apicompat}

Checks recent changes to a Go project for backwards incompatible changes.

tags: go, tools, code-analysis
:octocat: source code

dupl

^{https://github.com/mibk/dupl}

Tool for code clone detection.

tags: go, tools, code-analysis
:octocat: source code

errcheck

^{https://github.com/kisielk/errcheck}

Errcheck is a program for checking for unchecked errors in Go programs.

tags: go, tools, code-analysis
:octocat: source code

gcvis

^{https://github.com/davecheney/gcvis}

Visualise Go program GC trace data in real time.

tags: go, tools, code-analysis
:octocat: source code

go-checkstyle

^{https://github.com/qiniu/checkstyle}

checkstyle is a style check tool like java checkstyle. This tool inspired by java checkstyle, golint. The style refered to some points in Go Code Review Comments.

tags: go, tools, code-analysis
:octocat: source code

go-cleanarch

^{https://github.com/roblaszczak/go-cleanarch}

go-cleanarch was created to validate Clean Architecture rules, like a The Dependency Rule and interaction between packages in your Go projects.

tags: go, tools, code-analysis
:octocat: source code

go-critic

^{https://github.com/go-critic/go-critic}

source code linter that brings checks that are currently not implemented in other linters.

tags: go, tools, code-analysis
:octocat: source code

go-mod-outdated

^{https://github.com/psampaz/go-mod-outdated}

An easy way to find outdated dependencies of your Go projects.

tags: go, tools, code-analysis
:octocat: source code

go-outdated

^{https://github.com/firstrow/go-outdated}

Console application that displays outdated packages.

tags: go, tools, code-analysis
:octocat: source code

goast-viewer

^{https://github.com/yuroyoro/goast-viewer}

Web based Golang AST visualizer.

tags: go, tools, code-analysis
:octocat: source code

GoCover.io

^{http://gocover.io/}

GoCover.io offers the code coverage of any golang package as a service.

tags: go, tools, code-analysis

goimports

^{https://godoc.org/golang.org/x/tools/cmd/goimports}

Tool to fix (add, remove) your Go imports automatically.

tags: go, tools, code-analysis

GolangCI

^{https://golangci.com/}

GolangCI is an automated Golang code review service for GitHub pull requests. Service is open source and it's free for open source projects.

tags: go, tools, code-analysis

GoLint

^{https://github.com/golang/lint}

Golint is a linter for Go source code.

tags: go, tools, code-analysis
:octocat: source code

Golint online

^{http://go-lint.appspot.com/}

Lints online Go source files on GitHub, Bitbucket and Google Project Hosting using the golint package.

tags: go, tools, code-analysis

goreturns

^{https://sourcegraph.com/github.com/sqs/goreturns}

Adds zero-value return statements to match the func return types.

tags: go, tools, code-analysis
:octocat: source code

gosimple

^{https://github.com/dominikh/go-tools/tree/master/cmd/gosimple}

gosimple is a linter for Go source code that specialises on simplifying code.

tags: go, tools, code-analysis
:octocat: source code

gostatus

^{https://github.com/shurcooL/gostatus}

Command line tool, shows the status of repositories that contain Go packages.

tags: go, tools, code-analysis
:octocat: source code

lint

^{https://github.com/surullabs/lint}

Run linters as part of go test.

tags: go, tools, code-analysis
:octocat: source code

php-parser

^{https://github.com/z7zmey/php-parser}

A Parser for PHP written in Go.

tags: go, tools, code-analysis
:octocat: source code

staticcheck

^{https://github.com/dominikh/go-tools/tree/master/cmd/staticcheck}

staticcheck is go vet on steroids, applying a ton of static analysis checks you might be used to from tools like ReSharper for C.

tags: go, tools, code-analysis
:octocat: source code

tarp

^{https://github.com/verygoodsoftwarenotvirus/tarp}

tarp finds functions and methods without direct unit tests in Go source code.

tags: go, tools, code-analysis
:octocat: source code

unconvert

^{https://github.com/mdempsky/unconvert}

Remove unnecessary type conversions from Go source.

tags: go, tools, code-analysis
:octocat: source code

unused

^{https://github.com/dominikh/go-tools/tree/master/cmd/unused}

unused checks Go code for unused constants, variables, functions and types.

tags: go, tools, code-analysis
:octocat: source code

validate

^{https://github.com/mccoyst/validate}

Automatically validates struct fields with tags.

tags: go, tools, code-analysis
:octocat: source code

Barkeep

^{https://github.com/ooyala/barkeep}

Barkeep is a fast, fun way to review code. Engineering organizations can use it to keep the bar high.

tags: ruby, code-analysis, metrics
:octocat: source code

Brakeman

^{https://github.com/presidentbeef/brakeman}

A static analysis security vulnerability scanner for Ruby on Rails applications.

tags: ruby, code-analysis, metrics
:octocat: source code

Cane

^{https://github.com/square/cane}

Code quality threshold checking as part of your build.

tags: ruby, code-analysis, metrics
:octocat: source code

Coverband

^{https://github.com/danmayer/coverband}

Rack middleware to help measure production code coverage.

tags: ruby, code-analysis, metrics
:octocat: source code

Fasterer

^{https://github.com/DamirSvrtan/fasterer}

Make your Rubies go faster with this command line tool highly inspired by fast-ruby and Sferik's talk at Baruco Conf.

tags: ruby, code-analysis, metrics
:octocat: source code

Flay

^{https://github.com/seattlerb/flay}

Flay analyzes code for structural similarities. Differences in literal values, variable, class, method names, whitespace, programming style, braces vs do/end, etc are all ignored. Making this totally ...

tags: ruby, code-analysis, metrics
:octocat: source code

Flog

^{https://github.com/seattlerb/flog}

Flog reports the most tortured code in an easy to read pain report. The higher the score, the more pain the code is in.

tags: ruby, code-analysis, metrics
:octocat: source code

fukuzatsu

^{https://gitlab.com/coraline/fukuzatsu###fukuzatsu}

Complexity analysis tool with a rich web front-end.

tags: ruby, code-analysis, metrics

MetricFu

^{https://github.com/metricfu/metric_fu}

A fist full of code metrics.

tags: ruby, code-analysis, metrics
:octocat: source code

Pippi

^{https://github.com/tcopeland/pippi}

A utility for finding suboptimal Ruby class API usage, focused on runtime analysis.

tags: ruby, code-analysis, metrics
:octocat: source code

Pronto

^{https://github.com/mmozuras/pronto}

Quick automated code review of your changes.

tags: ruby, code-analysis, metrics
:octocat: source code

rails_best_practices

^{https://github.com/railsbp/rails_best_practices}

A code metric tool for rails projects.

tags: ruby, code-analysis, metrics
:octocat: source code

Reek

^{https://github.com/troessner/reek}

Code smell detector for Ruby.

tags: ruby, code-analysis, metrics
:octocat: source code

RuboCop

^{https://github.com/rubocop-hq/rubocop}

A static code analyzer, based on the community Ruby style guide.

tags: ruby, code-analysis, metrics
:octocat: source code

Rubycritic

^{https://github.com/whitesmith/rubycritic}

A Ruby code quality reporter.

tags: ruby, code-analysis, metrics
:octocat: source code

Scientist

^{https://github.com/github/scientist}

A Ruby library for carefully refactoring critical paths.

tags: ruby, code-analysis, metrics
:octocat: source code

SimpleCov

^{https://github.com/colszowka/simplecov}

Code coverage for Ruby 1.9+ with a powerful configuration library and automatic merging of coverage across test suites.

tags: ruby, code-analysis, metrics
:octocat: source code

Suture

^{https://github.com/testdouble/suture}

A Ruby gem that helps you refactor your legacy code.

tags: ruby, code-analysis, metrics
:octocat: source code

Traceroute

^{https://github.com/amatsuda/traceroute}

A Rake task gem that helps you find the dead routes and actions for your Rails 3+ app

tags: ruby, code-analysis, metrics
:octocat: source code

coala

^{https://github.com/coala/coala/}

Language independent and easily extendable code analysis application.

tags: python, code-analysis
:octocat: source code

code2flow

^{https://github.com/scottrogowski/code2flow}

Turn your Python and JavaScript code into DOT flowcharts.

tags: python, code-analysis
:octocat: source code

prospector

^{https://github.com/PyCQA/prospector}

A tool to analyse Python code.

tags: python, code-analysis
:octocat: source code

pycallgraph

^{https://github.com/gak/pycallgraph}

A library that visualises the flow (call graph) of your Python application.

tags: python, code-analysis
:octocat: source code

flake8

^{https://pypi.python.org/pypi/flake8}

A wrapper around pycodestyle, pyflakes and McCabe.

tags: python, code-analysis, linter

pylint

^{https://www.pylint.org/}

A fully customizable source code analyzer.

tags: python, code-analysis, linter

pylama

^{https://github.com/klen/pylama}

A code audit tool for Python and JavaScript.

tags: python, code-analysis, linter
:octocat: source code

black

^{https://github.com/ambv/black}

The uncompromising Python code formatter.

tags: python, code-analysis, code-formatting
:octocat: source code

yapf

^{https://github.com/google/yapf}

Yet another Python code formatter from Google.

tags: python, code-analysis, code-formatting
:octocat: source code

mypy

^{http://mypy-lang.org/}

Check variable types during compile time.

tags: python, code-analysis, static-typing

pyre-check

^{https://github.com/facebook/pyre-check}

Performant type checking.

tags: python, code-analysis, static-typing
:octocat: source code

MonkeyType

^{https://github.com/Instagram/MonkeyType}

A system for Python that generates static type annotations by collecting runtime types

tags: python, code-analysis, static-typing
:octocat: source code

Checkstyle

^{https://github.com/checkstyle/checkstyle}

Static analysis of coding conventions and standards.

tags: java, code-analysis
:octocat: source code

Error Prone

^{https://github.com/google/error-prone}

Catches common programming mistakes as compile-time errors.

tags: java, code-analysis
:octocat: source code

Infer

^{https://github.com/facebook/infer}

Modern static analysis tool for verifying the correctness of code.

tags: java, code-analysis
:octocat: source code

jQAssistant

^{https://jqassistant.org}

Static code analysis with Neo4J-based query language.

tags: java, code-analysis

NullAway

^{https://github.com/uber/NullAway}

Eliminates NullPointerExceptions with low build-time overhead.

tags: java, code-analysis
:octocat: source code

PMD

^{https://github.com/pmd/pmd}

Source code analysis for finding bad coding practices.

tags: java, code-analysis
:octocat: source code

SonarJava

^{https://github.com/SonarSource/sonar-java}

Static analyzer for SonarQube & SonarLint.

tags: java, code-analysis
:octocat: source code

[Sourcetrail

^{https://www.sourcetrail.com}

Visual source code navigator.

tags: java, code-analysis

Spoon

^{https://github.com/INRIA/spoon}

Library for analyzing and transforming Java source code.

tags: java, code-analysis
:octocat: source code

Spotbugs

^{https://github.com/spotbugs/spotbugs}

Static analysis of bytecode to find potential bugs.

tags: java, code-analysis
:octocat: source code

Java Dependency Analysis Tool - JDK 8 - OpenJDK Wiki

^{https://wiki.openjdk.java.net/display/JDK8/Java+Dependency+Analysis+Tool}

jdeps is a new command-line tool added since JDK 8 for developers to use to understand the static dependencies of their applications and libraries. jdeps is a static analysis tool on the given ...

tags: java, code-analysis