[Collection] Ruby/Python: Static analysis tools

Static program analysis is the analysis of computer software that is performed without actually executing programs (analysis performed on executing programs is known as dynamic analysis).^[1] In most cases the analysis is performed on some version of the source code, and in the other cases, some form of the object code.

The term is usually applied to the analysis performed by an automated tool, with human analysis being called program understanding, program comprehension, or code review. Software inspections and software walkthroughs are also used in the latter case. __Wiki

Ruby

brakeman A static analysis security vulnerability scanner for Ruby on Rails applications.

cane Code quality threshold checking as part of your build

dawnscanner a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

flay Flay analyzes code for structural similarities. Differences in literal values, variable, class, method names, whitespace, programming style, braces vs do/end, etc are all ignored. Making this totally rad.

flog Flog reports the most tortured code in an easy to read pain report. The higher the score, the more pain the code is in.

laser Static analysis and style linter for Ruby code.

Mondrian It is a set of CLI tools to help you to analyse and refactor highly coupled classes. As you know Law of Demeter and S.O.L.I.D guidances, you need your classes loosely coupled. And for this, there is one only rule : ABSTRACTION. This app provides some helpers to add abstraction into concrete classes with minimum pain.

pelusa Static analysis Lint-type tool to improve your OO Ruby code

quality a tool that runs quality checks on your code using community tools, and makes sure your numbers don’t get any worse over time. Just add ‘rake quality’ as part of your Continuous Integration.

reek Code smell detector for Ruby

rubocop A Ruby static code analyzer, based on the community Ruby style guide.

rubycritic A Ruby code quality reporter.

ruby-lint Static code analysis for Ruby

SandyMeter Static analysis tool for checking Ruby code for Sandi Metz’ rules.

Python

bandit Python AST-based static analyzer from OpenStack Security Group

jedi Awesome autocompletion and static analysis library for python.

mccabe McCabe complexity checker for Python

mypy Optional static typing for Python 2 and 3 (PEP484)

py-find-injection Look for SQL injection attacks in python source code

pycodestyle Simple Python style checker in one Python file

pyflakes docstring style checker

pylint A Python source code analyzer which looks for programming errors, helps enforcing a coding standard and sniffs for some code smells.

pyroma Rate your Python packages package friendliness

vulture Find dead Python code

xenon Monitoring tool based on radon