Top 23 Python Static Analysis Projects

• owasp-mastg

  22 11,321 8.3 Python

  The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

  

Project mention: More ways to identify independently security tested apps on Google Play | news.ycombinator.com | 2023-11-03

• checkov

  55 6,569 9.9 Python

  Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

  

Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

1. Checkov: https://github.com/bridgecrewio/checkov Checkov is a static code analysis tool that helps developers prevent cloud misconfigurations during the development phase by scanning Terraform, CloudFormation, Kubernetes, and more.

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• jedi

  7 5,684 7.0 Python

  Awesome autocompletion, static analysis and refactoring library for python

• Pylint

  29 5,134 9.6 Python

  It's not just a linter that annoys you!

  

Project mention: W1203: logging-fstring-interpolation (Solved) | dev.to | 2024-01-21

A little introduction about pylint. Pylint is a static code analyzer, it analyses your code without actually running it. Pylint looks for potential errors, gives suggestions on coding standards that your code is not adhering to, potential places where refactoring might help, and also warnings about smelly code.

• slither

  36 5,054 9.6 Python

  Static Analyzer for Solidity and Vyper

  

• apkleaks

  9 4,635 3.4 Python

  Scanning APK file for URIs, endpoints & secrets.

• pytype

  21 4,626 9.8 Python

  A static type analyzer for Python code

  

Project mention: Google lays off its Python team | news.ycombinator.com | 2024-04-27

it's open source! check out https://github.com/google/pytype and https://github.com/google/pytype/blob/main/docs/developers/t... for more on the multi-file runner

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• Flake8

  34 3,283 7.3 Python

  flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.

  

Project mention: Dagger.io : La nouvelle ère du CI/CD dans le monde DevOps | dev.to | 2024-05-14

• pyt

  2 2,161 0.0 Python

  A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

  

• codechecker

  6 2,110 9.2 Python

  CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy

  

• dagda

  4 1,117 0.0 Python

  a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

Project mention: General Docker Troubleshooting, Best Practices & Where to Go From Here | dev.to | 2024-01-19

Dagda. A tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in Docker images/containers.

• ipyflow

  20 1,082 9.5 Python

  A reactive Python kernel for Jupyter notebooks.

  

Project mention: Show HN: Marimo – an open-source reactive notebook for Python | news.ycombinator.com | 2024-01-12

You're probably referring to nbgather (https://github.com/microsoft/gather), which shipped with VSCode for a while.

nbgather used static slicing to get all the code necessary to reconstruct some cell. I actually worked with Andrew Head (original nbgather author) and Shreya Shankar to implement something similar in ipyflow (but with dynamic slicing and a not-as-nice interface): https://github.com/ipyflow/ipyflow?tab=readme-ov-file#state-...

I have no doubt something like this will make its way into marimo's roadmap at some point :)

• CrossHair

  8 953 9.2 Python

  An analysis tool for Python that blurs the line between testing and type systems.

• betterscan-ce

  34 699 7.3 Python

  Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

• packj

  38 616 7.2 Python

  Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

  

Project mention: Rust Without Crates.io | news.ycombinator.com | 2023-11-14

Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.

1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.

• prometeo

  11 610 0.0 Python

  An experimental Python-to-C transpiler and domain specific language for embedded high-performance computing

Project mention: Borgo is a statically typed language that compiles to Go | news.ycombinator.com | 2024-04-30

Not impossible but I guess you might end up with an extra runtime layer and some more dynamic operations will not be very fast. Or you restrict it to a subset of Python like this project does: https://github.com/zanellia/prometeo

You could of course write a bytecode VM in Golang but I guess that defeats the purpose.

• PEP 8 Speaks

  0 605 9.9 Python

  A GitHub :octocat: app to automatically review Python code style over Pull Requests

  

• mobsfscan

  1 538 6.7 Python

  mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

  

• astroid

  2 511 9.1 Python

  A common base representation of python source code for pylint and other projects (by pylint-dev)

  

• aura

  3 485 4.3 Python

  Python source code auditing and static analysis on a large scale (by SourceCode-AI)

  

• tryceratops

  4 421 6.7 Python

  A linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).

• ford

  1 393 9.3 Python

  Automatically generates FORtran Documentation from comments within the code.

  

• slitherin

  7 333 8.8 Python

  Slither Detectors by Pessimistic.io

  

Project mention: Slitherin v0.3.0 | /r/ethdev | 2023-09-16

Release note: https://github.com/pessimistic-io/slitherin/releases/tag/v0.3.0

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Python Static Analysis related posts

• Pylyzer – A fast static code analyzer and language server for Python

  6 projects | news.ycombinator.com | 11 Apr 2024

• W1203: logging-fstring-interpolation (Solved)

  1 project | dev.to | 21 Jan 2024

• Mypy 1.6 Released

  5 projects | news.ycombinator.com | 17 Oct 2023

• Oils 0.17.0 – YSH Is Becoming Real

  6 projects | news.ycombinator.com | 11 Aug 2023

• Enhancing Python Code Quality: A Comprehensive Guide to Linting with Ruff

  5 projects | dev.to | 12 Jul 2023

• GitHub - ipyflow/ipyflow: A reactive Python kernel for Jupyter notebooks

  1 project | /r/Python | 22 May 2023

• Options for configuration of python libraries - Stack Overflow

  2 projects | /r/learnpython | 14 May 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 17 May 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!