Snyk

It is a developer-first software security app. It scans your source code & cloud to show you which vulnerabilities are actually important to solve. We speed up triaging by massively reducing false positives and making CVEs human-readable.

A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease.

Prettier is an opinionated code formatter. It enforces a consistent style by parsing your code and re-printing it with its own rules that take the maximum line length into account, wrapping code when necessary.

An extensible static analysis tool that checks TypeScript code for readability, maintainability, and functionality errors. It is widely supported across modern editors & build systems and can be customized with your own lint rules, configurations, and formatters.

SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving.

A mighty, modern CSS linter that helps you enforce consistent conventions and avoid errors in your stylesheets.

RuboCop is a Ruby static code analyzer. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide.

It is a community-driven tool to detect errors and potential problems in JavaScript code. It is open source and can easily adjust in the environment you expect your code to execute.

It is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.

It is a Python static code analysis tool which looks for programming errors, helps enforcing a coding standard, sniffs for code smells and offers simple refactoring suggestions.

After each Git push, Code Climate analyzes your code for complexity, duplication, and common smells to determine changes in quality and surface technical debt hotspots.

It detects possible bugs in Java programs. Potential errors are classified in four ranks: scariest, scary, troubling and of concern. This is a hint to the developer about their possible impact or severity.

It is an addictive Inversion of Control container for .NET Core, ASP.NET Core, .NET 4.5.1+, Universal Windows apps, and more. It provides activation events to let you know when components are being activated or released, allowing for a lot of customization with little code.

It focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line.

It is a Python utility / library to sort imports alphabetically, and automatically separated into sections. It provides a command line utility, Python library and plugins for various editors to quickly sort all your imports.

Codacy automates code reviews and monitors code quality on every commit and pull request on more than 40 programming languages reporting back the impact of every commit or PR, issues concerning code style, best practices and security.

It is a file format and collection of text editor plugins. It helps maintain consistent coding styles for multiple developers working on the same project across various editors and IDEs.

It is a free code coverage library for Java, which has been created based on the lessons learned from using and integration existing libraries for many years.

Phabricator is a collection of open source web applications that help software companies build better software.

It provides open-source C# and Visual Basic compilers with rich code analysis APIs. It enables building code analysis tools with the same APIs that are used by Visual Studio.

It is an IDE extension that helps you detect and fix quality issues as you write code. Like a spell checker, it squiggles flaws so that they can be fixed before committing code.

Free static analysis security tool for Ruby on Rails. Zero-setup security scans for Rails applications based on source code analysis.

It is a tool to enforce Swift style and conventions, loosely based on GitHub's Swift Style Guide.It hooks into Clang and SourceKit to use the AST representation of your source files for more accurate results.

It is a tool to help keep your SCSS files clean and readable by running it against a collection of configurable linter rules. You can run it manually from the command line, or integrate it into your SCM hooks.

It is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard.

Gerrit is a self-hosted pre-commit code review tool. It serves as a Git hosting server with option to comment incoming changes. It is highly configurable and extensible with default guarding policies, webhooks, project access control and more.

Dependabot helps you keep your dependencies up to date. Every day, it checks your dependency files for outdated requirements and opens individual PRs for any it finds. You review, merge, and get to work on the latest, most secure releases.

Manipulating the IL of an assembly as part of a build requires a significant amount of plumbing code. This plumbing code involves knowledge of both the MSBuild and Visual Studio APIs. It attempts to eliminate that plumbing code through an extensible add-in model.

Scrutinizer is a continuous inspection platform helping you to create better software.

It is a static code analysis tool used in software development for checking if JavaScript source code complies with coding rules. It is provided primarily as a browser-based web application accessible through their domain, but there are also command-line adaptations.

It is a Style guide, with linter & automatic code fixer. It is a way to enforce consistent style in your project. It automatically formats code.

It is a machine learning service for automated code reviews and application performance recommendations. It helps you find the most expensive lines of code that hurt application performance and keep you up all night troubleshooting, then gives you specific recommendations to fix or improve your code.

It seamlessly integrates application security into the software lifecycle, effectively eliminating vulnerabilities during the lowest-cost point in the development/deployment chain, and blocking threats while in production.

It is a Web-based application primarily aimed at enterprise, and certain features that enable peer review of a code base may be considered enterprise social software.

Coverity's implementation of static analysis can follow all the possible paths of execution through source code (including interprocedurally) and find defects and vulnerabilities caused by the conjunction of statements that are not errors independent of each other.

CodeFactor.io automatically and continuously tracks code quality with every GitHub or BitBucket commit and pull request, helping software developers save time in code reviews and efficiently tackle technical debt.

It is a solution that helps development teams manage risks that come with the use of open source. It gives you complete visibility into open source management, combining sophisticated, multi-factor open source detection capabilities with the Black Duck KnowledgeBase.

It is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It includes CPD, the copy-paste-detector.

It is a fast Go linters runner. It runs linters in parallel, uses caching, supports yaml config, has integrations with all major IDE and has dozens of linters included.

It tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards. It is an essential development tool that ensures your code remains clean and consistent.

Automated code review for GitHub pull requests. It comments on code quality and style issues, allowing you and your team to better review and maintain a clean codebase.

coala is a language independent analysis toolkit. It empowers developers to create rules which a project's code should conform to. coala takes care of showing these issues to users in a friendly manner, is versatile and can be used in any environment.

Real-time monitoring for npm dependencies. Let a bot send you informative and actionable issues so you can easily keep your software up to date and in working condition.

Prevent Kubernetes misconfigurations from reaching production with Datree’s automated policy checks for your pipeline. The open-source CLI tool empowers engineers to write more stable configurations, so they can actually sleep at night.

StyleCI automatically analyses all of your pull requests and will display a build status within GitHub before you merge.

Stop vulnerabilities, automate compliance, and mitigate third-party risk in your applications

credo can show you refactoring opportunities in your code, complex and duplicated code fragments, warn you about common mistakes, show inconsistencies in your naming scheme and - if needed - help you enforce a desired coding style.

It is a Node-only Sass linter for both sass and scss syntax. It can be run through a command line interface. Special comments can be used to disable and enable certain rules throughout your source files in a variety of scenarios.

The leading solution for agile open source security and license compliance management, WhiteSource integrates with the DevOps pipeline to detect vulnerable open source libraries in real-time.

It is an open source text linting utility written in JavaScript. It is hard to lint natural language texts, but we try to resolve this issue by pluggable approach.