SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Python Static Analysis Projects
-
owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
-
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
Flake8
flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.
-
codechecker
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy
-
dagda
a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
-
betterscan-ce
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
-
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
-
prometeo
An experimental Python-to-C transpiler and domain specific language for embedded high-performance computing
-
mobsfscan
mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.
-
astroid
A common base representation of python source code for pylint and other projects (by pylint-dev)
-
tryceratops
A linter to prevent exception handling antipatterns in Python (limited only for those who like dinosaurs).
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: More ways to identify independently security tested apps on Google Play | news.ycombinator.com | 2023-11-03
1. Checkov: https://github.com/bridgecrewio/checkov Checkov is a static code analysis tool that helps developers prevent cloud misconfigurations during the development phase by scanning Terraform, CloudFormation, Kubernetes, and more.
A little introduction about pylint. Pylint is a static code analyzer, it analyses your code without actually running it. Pylint looks for potential errors, gives suggestions on coding standards that your code is not adhering to, potential places where refactoring might help, and also warnings about smelly code.
it's open source! check out https://github.com/google/pytype and https://github.com/google/pytype/blob/main/docs/developers/t... for more on the multi-file runner
Project mention: General Docker Troubleshooting, Best Practices & Where to Go From Here | dev.to | 2024-01-19Dagda. A tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in Docker images/containers.
Project mention: Show HN: Marimo – an open-source reactive notebook for Python | news.ycombinator.com | 2024-01-12You're probably referring to nbgather (https://github.com/microsoft/gather), which shipped with VSCode for a while.
nbgather used static slicing to get all the code necessary to reconstruct some cell. I actually worked with Andrew Head (original nbgather author) and Shreya Shankar to implement something similar in ipyflow (but with dynamic slicing and a not-as-nice interface): https://github.com/ipyflow/ipyflow?tab=readme-ov-file#state-...
I have no doubt something like this will make its way into marimo's roadmap at some point :)
Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.
1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.
Project mention: Borgo is a statically typed language that compiles to Go | news.ycombinator.com | 2024-04-30Not impossible but I guess you might end up with an extra runtime layer and some more dynamic operations will not be very fast. Or you restrict it to a subset of Python like this project does: https://github.com/zanellia/prometeo
You could of course write a bytecode VM in Golang but I guess that defeats the purpose.
Release note: https://github.com/pessimistic-io/slitherin/releases/tag/v0.3.0
Python Static Analysis related posts
-
Pylyzer – A fast static code analyzer and language server for Python
-
W1203: logging-fstring-interpolation (Solved)
-
Mypy 1.6 Released
-
Oils 0.17.0 – YSH Is Becoming Real
-
Enhancing Python Code Quality: A Comprehensive Guide to Linting with Ruff
-
GitHub - ipyflow/ipyflow: A reactive Python kernel for Jupyter notebooks
-
Options for configuration of python libraries - Stack Overflow
-
A note from our sponsor - SaaSHub
www.saashub.com | 17 May 2024
Index
What are some of the best open-source Static Analysis projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | owasp-mastg | 11,321 |
2 | checkov | 6,569 |
3 | jedi | 5,684 |
4 | Pylint | 5,134 |
5 | slither | 5,054 |
6 | apkleaks | 4,635 |
7 | pytype | 4,626 |
8 | Flake8 | 3,283 |
9 | pyt | 2,161 |
10 | codechecker | 2,110 |
11 | dagda | 1,117 |
12 | ipyflow | 1,082 |
13 | CrossHair | 953 |
14 | betterscan-ce | 699 |
15 | packj | 616 |
16 | prometeo | 610 |
17 | PEP 8 Speaks | 605 |
18 | mobsfscan | 538 |
19 | astroid | 511 |
20 | aura | 485 |
21 | tryceratops | 421 |
22 | ford | 393 |
23 | slitherin | 333 |
Sponsored