Analysis updated 2026-06-24 · repo last pushed 2026-05-18
Pick a linter or SAST tool for a specific language by browsing the table of contents.
Compare proprietary vs open-source static analyzers using the copyright icon labels.
Submit a new tool by editing data/tools.yml and opening a pull request.
Find recommended tools for niche formats like Terraform, Dockerfile, or smart contracts.
| analysis-tools-dev/static-analysis | lgug2z/komorebi | rust-embedded/rust-raspberrypi-os-tutorials | |
|---|---|---|---|
| Stars | 14,542 | 14,553 | 14,654 |
| Language | Rust | Rust | Rust |
| Last pushed | 2026-05-18 | — | — |
| Maintenance | Maintained | — | — |
| Setup difficulty | easy | moderate | hard |
| Complexity | 1/5 | 4/5 | 5/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
This is a curated list, not a tool. Edits must go into data/tools.yml, not the generated README.
This repository is a curated list of static analysis tools, also called SAST tools or linters. Static analysis means looking at source code without running it, to spot bugs, security holes, style problems, or code that is hard to maintain. The list is meant to cover every major programming language, plus build tools, configuration files, and other kinds of files developers work with day to day. The README says the focus is on tools that improve code quality, such as linters and formatters. The repository is the source data behind the website at analysis-tools.dev. The website adds extra material on top of the bare list, including community rankings, user comments, and videos for each tool. The README itself is generated and warns contributors not to edit it directly. Instead, edits go into a YAML file called data/tools.yml, which means anyone can suggest a new tool with a regular pull request. The table of contents is organised into three groups. The first group is programming languages, with sections for everything from ABAP and Ada through to TypeScript, Verilog, and Vim Script. The second group is "multiple languages", for tools that cover more than one. The third group is "other" and covers things like Ansible, Dockerfile, Kubernetes, Terraform, YAML, Markdown, Makefiles, smart contracts, and even writing in plain English. Inside each section, every tool gets a one-line description and a link to its homepage. The list uses small icons to label entries. A copyright symbol marks proprietary software, so anything without that icon is open source. An information icon means the community no longer recommends the tool for new projects, with a link to the discussion. A warning sign means the tool has not been updated in over a year or its repository has been archived. The project is run with sponsors including Pixee, CodeRabbit, Semgrep, and Offensive360, accepts pull requests, and points to a sister project called awesome-dynamic-analysis for tools that work on running programs instead of source code. The full README is longer than what was shown.
A curated list of static analysis tools and linters for every major programming language, build tool, and config file format. The source data behind analysis-tools.dev.
Mainly Rust. The stack also includes YAML, Markdown, Rust.
Maintained — commit in last 6 months (last push 2026-05-18).
License is not stated in the available content.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.