static-analysis

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

rest static-analysis apk owasp dynamic-analysis web-security malware-analysis mobsf android-security mobile-security windows-mobile-security ios-security api-testing cwe devsecops runtime-security mstg masvs mastg

UpdatedDec 2, 2025
JavaScript

realm /SwiftLint

Star19.3k

A tool to enforce Swift style and conventions.

swift linting linter static-analysis code-quality hacktoberfest

UpdatedDec 1, 2025
Swift

nikic /PHP-Parser

Star17.4k

A PHP parser written in PHP

php parser static-analysis ast

UpdatedDec 1, 2025
PHP

facebook /infer

Star15.4k

A static analyzer for Java, C, C++, and Objective-C

c java objective-c cpp static-code-analysis static-analysis code-quality

UpdatedDec 2, 2025
OCaml

Konloch /bytecode-viewer

Star15.3k

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

android java bytecode compiler jsp static-analysis java-decompiler decompiler apk war smali hacktoberfest bytecode-viewer dex2jar fernflower cfr baksmali procyon recompiler krakatau

UpdatedOct 6, 2025
Java

analysis-tools-dev /static-analysis

Sponsor

Star14.2k

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

analysis static-code-analysis linter static-analysis awesome-list code-quality static-analyzers hacktoberfest sast

UpdatedOct 17, 2025
Rust

phpstan /phpstan

Sponsor

Star13.7k

PHP Static Analysis Tool - discover bugs in your code without running it!

testing php php7 static-code-analysis static-analysis static-analyzer phpstan

UpdatedDec 2, 2025
PHP

semgrep /semgrep

Star13.5k

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

javascript ruby python c java go typescript static-code-analysis static-analysis sast r2c semgrep

UpdatedDec 2, 2025
OCaml

PHP-CS-Fixer /PHP-CS-Fixer

Star13.4k

A tool to automatically fix PHP Coding Standards issues

php static-analysis code-style code-standards

UpdatedDec 2, 2025
PHP

rshipp /awesome-malware-analysis

Sponsor

Star13.2k

Defund the Police.

list awesome static-analysis chinese dynamic-analysis awesome-list malware-analysis chinese-translation malware-research threat-sharing threatintel malware-samples analysis-framework automated-analysis network-traffic threat-intelligence domain-analysis malware-collection drop-ice

UpdatedJun 7, 2024

ttroy50 /cmake-examples

Star13k

Useful CMake Examples

unit-testing cmake tutorial cpp catch boost static-analysis clang cpack cppcheck clang-format google-test ctest

UpdatedFeb 28, 2024
CMake

OWASP /mastg

Sponsor

Star12.6k

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.