14 projects
CodeQL
CodeQL is a semantic code analysis engine that helps developers and security researchers discover vulnerabilities across codebases. It treats code as data, allowing users to write queries to analyze codebases and find security weaknesses, bugs, and quality issues.
Contributors
2,355
Organizations
535
Software value
$88M
PMD
PMD is a static code analyzer that scans source code in various programming languages to detect potential bugs, dead code, suboptimal code, overcomplicated expressions, and security vulnerabilities. It supports multiple languages including Java, JavaScript, Salesforce.com Apex, PLSQL, Apache Velocity, XML, and XSL.
Contributors
1,824
Organizations
347
Software value
$18M
Error Prone
Error Prone is a static analysis tool that catches common programming mistakes in Java code at compile time. It integrates with the Java compiler to identify and prevent bugs that would otherwise manifest at runtime, helping developers write more reliable code.
Contributors
1,457
Organizations
339
Software value
$12M
Cppcheck
Cppcheck is a static analysis tool for C/C++ code that detects bugs, undefined behavior, and dangerous coding patterns. It performs analysis without actually executing the code, focusing on detecting memory leaks, buffer overflows, uninitialized variables, and other common programming errors.
Contributors
1,116
Organizations
153
Software value
$13M
Checker Framework
The Checker Framework is a pluggable type-checking system for Java that helps developers prevent bugs by detecting and verifying type constraints at compile time. It extends Java's type system to enable more precise compile-time verification of properties like null pointer safety, regex validity, and concurrency correctness.
Contributors
642
Organizations
137
Software value
$11M
Joern
Joern is a platform for code analysis that combines source code querying with graph database capabilities. It enables security researchers and developers to analyze source code for vulnerabilities and patterns by converting code into code property graphs that can be queried using a specialized query language.
Contributors
502
Organizations
85
Software value
$38M
Dialyxir
Dialyxir is a mix task that provides a simplified way to run Dialyzer in Elixir projects. It handles the Persistent Lookup Table (PLT) management and provides clearer error messages, making static analysis more accessible for Elixir developers.
Contributors
480
Organizations
204
Software value
$161K
FlowDroid
FlowDroid is a static taint analysis tool for Android applications that performs precise data flow tracking through both Android's lifecycle and Java's callbacks. It analyzes how sensitive data can flow through an app from sources to sinks, helping identify potential security vulnerabilities and privacy leaks.
Contributors
406
Organizations
52
Software value
$5.6M
ESBMC
The efficient SMT-based context-bounded model checker (ESBMC)
Contributors
287
Organizations
34
Software value
$27M
Ultimate
The Ultimate program analysis framework.
Contributors
215
Organizations
16
Software value
$343M
CPAchecker
CPAchecker is an open-source software verification tool that analyzes C programs through configurable program analysis. It implements a framework for different verification approaches like predicate abstraction, bounded model checking, and k-induction, enabling automatic verification of safety properties in source code.
Contributors
173
Organizations
3
Software value
$54M
JSpecify
JSpecify is a project that aims to standardize and improve Java nullness annotations, providing a specification and tooling for null-safety analysis in Java code. It defines a common vocabulary and semantics for expressing nullness contracts in Java programs.
Contributors
132
Organizations
54
Software value
$374K
jQAssistant
jQAssistant is a quality assurance tool that performs static code analysis by scanning Java applications and creating a Neo4j graph database of their structure. It enables users to write custom rules and queries to validate architecture and design, detect anti-patterns, and ensure compliance with coding standards.
Contributors
123
Organizations
22
Software value
$2.4M
Escope
Escope is a JavaScript scope analyzer that provides detailed information about variable scoping and references within ECMAScript code. It performs static analysis to determine variable declarations, references, and their relationships within different scopes.
Contributors
102
Organizations
51
Software value
$314K