explaingit

analysis-tools-dev/static-analysis

Analysis updated 2026-06-24 · repo last pushed 2026-05-18

14,542RustAudience · developerComplexity · 1/5MaintainedSetup · easy

TLDR

A curated list of static analysis tools and linters for every major programming language, build tool, and config file format. The source data behind analysis-tools.dev.

Mindmap

mindmap
  root((static-analysis))
    Inputs
      data tools.yml
      Pull requests
      Community votes
    Outputs
      README list
      Website rankings
      Tool reviews
    Use Cases
      Find a linter
      Compare SAST tools
      Suggest new tool
    Tech Stack
      YAML
      Markdown
      GitHub Actions
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Pick a linter or SAST tool for a specific language by browsing the table of contents.

USE CASE 2

Compare proprietary vs open-source static analyzers using the copyright icon labels.

USE CASE 3

Submit a new tool by editing data/tools.yml and opening a pull request.

USE CASE 4

Find recommended tools for niche formats like Terraform, Dockerfile, or smart contracts.

What is it built with?

YAMLMarkdownRustGitHub Actions

How does it compare?

analysis-tools-dev/static-analysislgug2z/komorebirust-embedded/rust-raspberrypi-os-tutorials
Stars14,54214,55314,654
LanguageRustRustRust
Last pushed2026-05-18
MaintenanceMaintained
Setup difficultyeasymoderatehard
Complexity1/54/55/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

This is a curated list, not a tool. Edits must go into data/tools.yml, not the generated README.

License is not stated in the available content.

In plain English

This repository is a curated list of static analysis tools, also called SAST tools or linters. Static analysis means looking at source code without running it, to spot bugs, security holes, style problems, or code that is hard to maintain. The list is meant to cover every major programming language, plus build tools, configuration files, and other kinds of files developers work with day to day. The README says the focus is on tools that improve code quality, such as linters and formatters. The repository is the source data behind the website at analysis-tools.dev. The website adds extra material on top of the bare list, including community rankings, user comments, and videos for each tool. The README itself is generated and warns contributors not to edit it directly. Instead, edits go into a YAML file called data/tools.yml, which means anyone can suggest a new tool with a regular pull request. The table of contents is organised into three groups. The first group is programming languages, with sections for everything from ABAP and Ada through to TypeScript, Verilog, and Vim Script. The second group is "multiple languages", for tools that cover more than one. The third group is "other" and covers things like Ansible, Dockerfile, Kubernetes, Terraform, YAML, Markdown, Makefiles, smart contracts, and even writing in plain English. Inside each section, every tool gets a one-line description and a link to its homepage. The list uses small icons to label entries. A copyright symbol marks proprietary software, so anything without that icon is open source. An information icon means the community no longer recommends the tool for new projects, with a link to the discussion. A warning sign means the tool has not been updated in over a year or its repository has been archived. The project is run with sponsors including Pixee, CodeRabbit, Semgrep, and Offensive360, accepts pull requests, and points to a sister project called awesome-dynamic-analysis for tools that work on running programs instead of source code. The full README is longer than what was shown.

Copy-paste prompts

Prompt 1
Show me the top 3 open-source linters for Python from analysis-tools-dev/static-analysis and how to install each one.
Prompt 2
I have a TypeScript monorepo. Pick 2 SAST tools from this awesome list and write the GitHub Actions config to run them on every PR.
Prompt 3
Walk me through adding a new linter to data/tools.yml in this repo, including the exact YAML format and the PR checklist.
Prompt 4
Compare cppcheck, clang-tidy, and CBMC for a C codebase using descriptions from this list, then recommend one for a 50k-line project.
Prompt 5
Build a small bash script that reads data/tools.yml from this repo and prints all linters tagged for Rust.

Frequently asked questions

What is static-analysis?

A curated list of static analysis tools and linters for every major programming language, build tool, and config file format. The source data behind analysis-tools.dev.

What language is static-analysis written in?

Mainly Rust. The stack also includes YAML, Markdown, Rust.

Is static-analysis actively maintained?

Maintained — commit in last 6 months (last push 2026-05-18).

What license does static-analysis use?

License is not stated in the available content.

How hard is static-analysis to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is static-analysis for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.