| CARVIEW |
Because Code Quality Matters
We list the best static analysis tools and linters that can help you improve code quality. All tools are peer-reviewed by fellow engineers. Avoid bugs in production, outages, and angry customers.
Latest from our Blog
Sat May 25 2024
As developers, maintaining secure, high-quality code is challenging. Security vulnerabilities, performance issues, and code quality concerns can accumulate. Enter Pixeebot, a tool by Pixee that automates security and code improvements, letting developers focus on essential tasks.
Sun Nov 19 2023
I have never been a huge fan of IoT devices. Granted, they make our life easier, but they also open the door to a lot of security issues. Most IoT devices are black boxes. I don't know what's inside and I don't know what they connect to.
Thu Apr 06 2023
As a developer, I have faced my fair share of security mishaps. I recall times when I accidentally exposed sensitive data in logs or sent a network request over a non-encrypted HTTP channel when HTTPS was available. I'm sure many of you can relate to these situations. We may not be security experts, but that doesn't mean we shouldn't take measures to protect our applications. This is where Bearer, a new security tool for Ruby and JavaScript apps (Java coming soon), comes into play.
Wed Mar 29 2023
We are happy to announce that we completely rebuilt analysis-tools.dev from scratch with more features and a new design!This is a major milestone for us, as it marks the first time we sat down to reinvision what the project should become in the next few years.
Tue Jan 26 2021
This project started as a way to scratch my own itch:Years later, many people still seem to have the same problem. There are more than 500 static analysis (SAST) tools out there; how can you possibly find the "best" one?
Wed Aug 19 2020
Static analysis is great! It helps improve code quality by inspecting source code without even running it. There are hundreds of great tools to choose from — many are free or open-source. Unfortunately, many projects still don’t make use of static analysis tools for various reasons.
Thu Jul 16 2020
We found that static code analysis is a topic that is attracting a lot of engineers, which care about code-quality and solid engineering standards. Our goal is to create an open community for developers that want to take their code and skill set to the next level.
Thu Jul 16 2020
Today we welcome DeepCode as our first sponsor.It makes us incredibly happy to see the backing of our community project from such a forward-thinking company. Just like us, DeepCode thinks that the space of analysis tools could be vastly improved to increase code quality and foster best practices within organizations of any size.
Stay Informed
Sign up to our newsletter and always stay up to date with the latest tools and trends in development
Popular Static/Dynamic Analysis Tools by Language
typescript static analysis tools
Most popular typescript Formatters
Help make this list better
Suggest Tools
Most Viewed Tools
Black
cli - MIT License - 199 votes
Mega-Linter
cli - MIT License - 135 votes
mypy
cli - Other - 95 votes
Semgrep
cli - GNU Lesser General Public License v2.1 - 90 votes
ESLint
cli - MIT License - 73 votes
Sonatype
service - proprietary - 37 votes
rust-analyzer
ide-plugin - Other - 36 votes
CodeScene
service - proprietary - 22 votes
Sigrid
cli - proprietary - 21 votes
Coverity
cli - proprietary - 16 votes
callGraph
cli - GNU General Public License - 10 votes
Better Code Hub
service - proprietary - 9 votes
codeql
service - MIT - 5 votes
trivy
cli - Apache-2.0 License - 5 votes
vera++
cli - BSL-1.0 (original text) - 3 votes
lizard
cli - MIT License - 1 votes
SearchDiggity
cli - proprietary - 1 votes
sqlcheck
cli - Apache License 2.0 - 0 votes
TencentCodeAnalysis
cli - MIT License - 0 votes
kubeval
cli - Other - 0 votes
TypL
cli - MIT License - 0 votes
C2Rust
cli - Other - -1 votes
HCL AppScan Source
service - proprietary - -4 votes
Fortify
ide-plugin - proprietary - -4 votes
Frequently Asked Questions
Why Is Static Code Analysis Useful?
Static code analysis is a process where the code of a software program is analyzed without running it. By using static analyzers organizations will have assurance that their product works as expected, have less bugs that need to be fixed after release ( which could cause embarrassment ) and ultimately make more money due to satisfied customers.
What Are The Limits Of Static Code Analysis?
One limitation of static code analysis is that it cannot identify all errors in a program. In particular, it cannot detect runtime errors, which occur when the software is actually running. Furthermore it can only analyze the code as written; it cannot take into account changes that may be made later in development or in production.
What Are Some Alternatives To Static Analysis?
1) Fuzzing tools: These tools use random input data to test the robustness of software applications. They can help identify coding issues and security vulnerabilities.
2) Dynamic analysis tools: these check a program's behavior at runtime, thus finding concurrency issues, invalid subprocess calls, or incorrect handling of (user) input.
3) Automated testing tools: Automated testing tools help automate the testing process, making it faster and easier to run tests on software applications. This can help speed up the development process while still ensuring that applications are tested thoroughly before being released into production.
Our Sponsors
This website is completely open source. To fund our work, we fully rely on sponsors. Thanks to them, we can keep the site free for everybody. Please check out their offers below.
