Complete List of Open Source Static Analysis & Linting Tools

In the era of rapidly building applications it is expected and pretty common that developers often make mistakes in the code and forget about implementation of basic security mechanism in place. This is where the proper use of linting tools come in picture. To new folks who are new to this below describes about what is "Linting" ?

What's Linting ?

It is a tool which automatically looks patterns for programatic and stylistic errors in your source code. This is basically done by using a tool called "Linter".

Here's how linting tools are used in development process:

Below are the list of linting tools which can be used for finding security bugs in source code of your applications:

1] Bandit:

Reference: https://github.com/PyCQA/bandit

Languages Supported: Python

2] Breakman:

Reference: https://github.com/presidentbeef/brakeman

Languages Supported: Ruby/Rails

3] Bundler-Audit:

Reference: https://github.com/rubysec/bundler-audit

Languages Supported: Ruby

4] Node Security Platform (NSP):

Reference: https://github.com/nodesecurity/nsp

Languages Supported: Node/JavaScript

5] RuboCop:

Reference: https://github.com/rubocop/rubocop

Languages Supported: Ruby

6] SonarJAVA:

Reference: https://github.com/SonarSource/sonar-java

Languages Supported: JAVA

7] SonarPHP:

Reference: https://www.sonarsource.com/php/

Languages Supported: PHP

8] SonarPython:

Reference: https://www.sonarsource.com/python/

Languages Supported: Python

9] Graudit:

Reference: https://github.com/wireghoul/graudit

Languages Supported: All Stacks

10] Semgrep:

Reference: https://github.com/returntocorp/semgrep

Languages Supported: All Stacks

11] BugHound:

Reference: https://github.com/mhaskar/Bughound

Languages Supported: PHP, JAVA

Hope you like it. Please DM me in twitter if you feel I have miss any of the tools in this post.

Show Comments