This repository is a curated list of static analysis tools, also called SAST tools or linters. Static analysis means looking at source code without running it, to spot bugs, security holes, style problems, or code that is hard to maintain. The list is meant to cover every major programming language, plus build tools, configuration files, and other kinds of files developers work with day to day. The README says the focus is on tools that improve code quality, such as linters and formatters. The repository is the source data behind the website at analysis-tools.dev. The website adds extra material on top of the bare list, including community rankings, user comments, and videos for each tool. The README itself is generated and warns contributors not to edit it directly. Instead, edits go into a YAML file called data/tools.yml, which means anyone can suggest a new tool with a regular pull request. The table of contents is organised into three groups. The first group is programming languages, with sections for everything from ABAP and Ada through to TypeScript, Verilog, and Vim Script. The second group is "multiple languages", for tools that cover more than one. The third group is "other" and covers things like Ansible, Dockerfile, Kubernetes, Terraform, YAML, Markdown, Makefiles, smart contracts, and even writing in plain English. Inside each section, every tool gets a one-line description and a link to its homepage. The list uses small icons to label entries. A copyright symbol marks proprietary software, so anything without that icon is open source. An information icon means the community no longer recommends the tool for new projects, with a link to the discussion. A warning sign means the tool has not been updated in over a year or its repository has been archived. The project is run with sponsors including Pixee, CodeRabbit, Semgrep, and Offensive360, accepts pull requests, and points to a sister project called awesome-dynamic-analysis for tools that work on running programs instead of source code.
Generated 2026-05-21 · Model: sonnet-4-6 · Verify against the repo before relying on details.