[Collection] Elixir/Docker container/Go/Groovy/Java: Static analysis tools

by do son · August 10, 2017

Static program analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as dynamic analysis).^[1] In most cases the analysis is performed on some version of the source code, and in the other cases, some form of the object code.

The term is usually applied to the analysis performed by an automated tool, with human analysis being called program understanding, program comprehension, or code review. Software inspections and software walkthroughs are also used in the latter case. __Wiki

Docker container

clair Vulnerability Static Analysis for Containers

collector A framework for Static Analysis of Docker container images

Hadolint Dockerfile linter written in Haskell

Elixir

credo A static code analysis tool for the Elixir language with a focus on code consistency and teaching.

Go

dingo-hunter Static analyser for finding Deadlocks in Go

flen Flen provides stats on functions/methods lengths in a Golang package.

go/ast Package ast declares the types used to represent syntax trees for Go packages.

gocyclo Calculate cyclomatic complexities of functions in Go source code.

Go Meta Linter Concurrently run Go lint tools and normalise their output

go vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string. Vet uses heuristics that do not guarantee all reports are genuine problems, but it can find errors not caught by the compilers.

ineffassign Detect ineffectual assignments in Go code.

safesql Static analysis tool for Golang that protects against SQL injections

Groovy

CodeNarc a static analysis tool for Groovy source code, enabling monitoring and enforcement of many coding standards and best practices. CodeNarc applies a set of Rules (predefined and/or custom) that are applied to each Groovy file, and generates an HTML or XML report of the results, including a list of rules violated for each source file, and a count of the number of violations per package and for the whole project.

Java

checkstyle a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

ckjm The program ckjm calculates Chidamber and Kemerer object-oriented metrics by processing the bytecode of compiled Java files. The program calculates for each class the following six metrics proposed by Chidamber and Kemerer.

Error-prone Catch common Java mistakes as compile-time errors.

fb-contrib a FindBugs plugin for doing static code analysis for java code bases.

Findbugs The new home of the FindBugs project.

find-sec-bugs The FindBugs plugin for security audits of Java web applications.

HuntBugs Java bytecode static analyzer

PMD An extensible cross-language static code analyzer.