fortran-src
fortran-src: Fortran static analysis infrastructure - Published in JOSS (2025)
OPEM
OPEM : Open Source PEM Cell Simulation Tool - Published in JOSS (2018)
ford
Automatically generates FORtran Documentation from comments within the code.
fr.inria.gforge.spoon:spoon-core
Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.
rascal
The implementation of the Rascal meta-programming language (including interpreter, type checker, parser generator, compiler and JVM based run-time system)
codechecker
CodeChecker is an analyzer tooling, defect database and viewer extension for static and dynamic analyzer tools.
https://github.com/cqfn/jpeek
Hosted and command-line calculator of cohesion metrics for Java code
https://github.com/coinfabrik/scout-audit
Scout is an extensible open-source tool intended to assist smart contract developers and auditors detect common security issues and deviations from best practices. Scout audit is the core development on which we extend scout for specific blockchains.
https://github.com/coinfabrik/scout-soroban
Scout is an extensible open-source tool intended to assist Stellar Soroban smart contract developers and auditors detect common security issues and deviations from best practices.
https://github.com/anchore/grype
A vulnerability scanner for container images and filesystems
https://github.com/cqfn/aibolit
A Static Analyzer for Java Powered by Machine Learning: Identifies Anti-Patterns Begging for Refactoring
https://github.com/cqfn/veniq
Veniq uses Machine Learning to analyze source code, find possible refactorings, and suggest those that seem optimal
pe-static-toolkit
PE Static Toolkit | Portable Executable (PE) Analysing Toolkit
https://github.com/crytic/amarna
Amarna is a static-analyzer and linter for the Cairo programming language.
https://github.com/bytedance/appshark
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
https://github.com/camfort/fortran-src-extras
Various utility functions and orphan instances which may be useful when using fortran-src.
qchecker
A library intended to identify semantically meaningful micro-antipatterns in student code
mastg
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.
creedengo-rules-specifications
Reduce the environmental footprint of your software programs with SonarQube
stadyna
StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications
https://github.com/crytic/contract-explorer
Visual Studio Code integration for Slither, a Solidity static analysis framework
atlas
Automated Amortised Complexity Analysis of Self-Adjusting Data Structures
securibench-micro.js
A Securibench Micro inspired program analysis benchmark for server-side JavaScript
firmwaredroid
FirmwareDroid is an analysis framework for Android firmware and Apps.
https://github.com/camfort/camfort
Light-weight verification and transformation tools for Fortran
gptlint
A linter with superpowers! 🔥 Use LLMs to enforce best practices across your codebase.
https://github.com/coinfabrik/scout-substrate
Scout is an extensible open-source tool intended to assist Substrate developers and auditors detect common security issues and deviations from best practices.
https://github.com/csvl/sema
SEMA is based on angr, a symbolic execution engine used to extract API calls. Especially, we extend ANGR with strategies to create representative signatures based on System Call Dependency graph (SCDG). Those SCDGs can be exploited in machine learning modules to do classification/detection.
