From 9137bc2fa67947e2da5baa876db58287843800a2 Mon Sep 17 00:00:00 2001 From: Analysis Tools Bot Date: Mon, 30 Oct 2023 13:50:42 +0000 Subject: [PATCH] Commit list --- README.md | 42 +++++++++++++++++++++--------------------- data/api/tools.json | 42 +++++++++++++++++++++--------------------- 2 files changed, 42 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index 0c96fbc097..379a70f5db 100644 --- a/README.md +++ b/README.md @@ -168,7 +168,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com

Assembly

-- [STOKE](https://github.com/StanfordPL/stoke) :warning: — A programming-language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations. +- [STOKE](https://github.com/StanfordPL/stoke) — A programming-language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations.

Awk

@@ -523,7 +523,7 @@ By default, govulncheck makes requests to the Go vulnerability database at https - [revive](https://revive.run) — Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint. -- [safesql](https://github.com/stripe/safesql) :warning: — Static analysis tool for Golang that protects against SQL injections. +- [safesql](https://github.com/stripe/safesql) — Static analysis tool for Golang that protects against SQL injections. - [shisho](https://docs.shisho.dev/) — A lightweight static code analyzer designed for developers and security teams. It allows you to analyze and transform source code with an intuitive DSL similar to sed, but for code. @@ -573,7 +573,7 @@ By default, govulncheck makes requests to the Go vulnerability database at https

Java

-- [Checker Framework](https://checkerframework.org) — Pluggable type-checking for Java. +- [Checker Framework](https://checkerframework.org) — Pluggable type-checking for Java. This is not just a bug-finder, but a verification tool that gives a guarantee of correctness. It comes with 27 pre-built type systems, and it enables users to define their own type system; the manual lists over 30 user-contributed type systems. - [checkstyle](https://checkstyle.org) — Checking Java source code for adherence to a Code Standard or set of validation rules (best practices). @@ -590,7 +590,7 @@ Its technology helps developers automate testing, find bugs, and reduce manual l - [Doop](https://bitbucket.org/yanniss/doop) — Doop is a declarative framework for static analysis of Java/Android programs, centered on pointer analysis algorithms. Doop provides a large variety of analyses and also the surrounding scaffolding to run an analysis end-to-end (fact generation, processing, statistics, etc.). -- [Error-prone](https://errorprone.info) — Catch common Java mistakes as compile-time errors. +- [Error Prone](https://errorprone.info) — Catch common Java mistakes as compile-time errors. - [fb-contrib](http://fb-contrib.sourceforge.net) — A plugin for FindBugs with additional bug detectors. @@ -666,13 +666,13 @@ Its technology helps developers automate testing, find bugs, and reduce manual l - [retire.js](https://retirejs.github.io/retire.js) — Scanner detecting the use of JavaScript libraries with known vulnerabilities. -- [RSLint](http://rslint.org/) :warning: — A (WIP) JavaScript linter written in Rust designed to be as fast as possible, customizable, and easy to use. +- [RSLint](http://rslint.org/) — A (WIP) JavaScript linter written in Rust designed to be as fast as possible, customizable, and easy to use. - [standard](http://standardjs.com) — An npm module that checks for Javascript Styleguide issues. - [tern](https://ternjs.net) — A JavaScript code analyzer for deep, cross-editor language support. -- [TypL](https://typl.dev) :warning: — With TypL, you just write completely standard JS, and the tool figures out your types via powerful inferencing. +- [TypL](https://typl.dev) — With TypL, you just write completely standard JS, and the tool figures out your types via powerful inferencing. - [xo](https://github.com/xojs/xo) — Opinionated but configurable ESLint wrapper with lots of goodies included. Enforces strict and readable code. @@ -829,7 +829,7 @@ A ktfmt IntelliJ plugin is available from the plugin repository. To install it, - [Psalm](https://psalm.dev) — Static analysis tool for finding type errors in PHP applications. -- [Qafoo Quality Analyzer](https://github.com/Qafoo/QualityAnalyzer) :warning: — Visualizes metrics and source code. +- [Qafoo Quality Analyzer](https://github.com/Qafoo/QualityAnalyzer) — Visualizes metrics and source code. - [rector](https://getrector.org) — Instant Upgrades and Automated Refactoring of any PHP 5.3+ code. It upgrades your code for PHP 7.4, 8.0 and beyond. Rector promises a low false-positive rate because it looks for narrowly defined AST (abstract syntax tree) patterns. The main use-case are tackling technical debt in your legacy code and removing dead code. Rector provides a set of special rules for Symfony, Doctrine, PHPUnit, and many more. @@ -1011,15 +1011,15 @@ YAPF follows a distinctive methodology, originating from the 'clang-format' tool - [quality](https://github.com/apiology/quality) — Runs quality checks on your code using community tools, and makes sure your numbers don't get any worse over time. -- [Querly](https://github.com/soutaro/querly) :warning: — Pattern Based Checking Tool for Ruby. +- [Querly](https://github.com/soutaro/querly) — Pattern Based Checking Tool for Ruby. -- [Railroader](https://railroader.org) :warning: — An open source static analysis security vulnerability scanner for Ruby on Rails applications. +- [Railroader](https://railroader.org) — An open source static analysis security vulnerability scanner for Ruby on Rails applications. - [rails_best_practices](https://rails-bestpractices.com) — A code metric tool for Rails projects - [reek](https://github.com/troessner/reek) — Code smell detector for Ruby. -- [Roodi](https://github.com/roodi/roodi) :warning: — Roodi stands for Ruby Object Oriented Design Inferometer. It parses your Ruby code and warns you about design issues you have based on the checks that it has configured. +- [Roodi](https://github.com/roodi/roodi) — Roodi stands for Ruby Object Oriented Design Inferometer. It parses your Ruby code and warns you about design issues you have based on the checks that it has configured. - [RuboCop](https://docs.rubocop.org/rubocop) — A Ruby static code analyzer, based on the community Ruby style guide. @@ -1031,7 +1031,7 @@ YAPF follows a distinctive methodology, originating from the 'clang-format' tool - [rufo](https://github.com/ruby-formatter/rufo) — An opinionated ruby formatter, intended to be used via the command line as a text-editor plugin, to autoformat files on save or on demand. -- [Saikuro](https://metricfu.github.io/Saikuro) :warning: — A Ruby cyclomatic complexity analyzer. +- [Saikuro](https://metricfu.github.io/Saikuro) — A Ruby cyclomatic complexity analyzer. - [SandiMeter](https://rubygems.org/gems/sandi_meter) :warning: — Static analysis tool for checking Ruby code for Sandi Metz' rules. @@ -1090,9 +1090,9 @@ It removes a feature of a dependency and then compiles the project to see if it - [Prusti](https://www.pm.inf.ethz.ch/research/prusti.html) — A static verifier for Rust, based on the Viper verification infrastructure. By default Prusti verifies absence of panics by proving that statements such as unreachable!() and panic!() are unreachable. -- [Rudra](https://github.com/sslab-gatech/Rudra) :warning: — Rust Memory Safety & Undefined Behavior Detection. It is capable of analyzing single Rust packages as well as all the packages on crates.io. +- [Rudra](https://github.com/sslab-gatech/Rudra) — Rust Memory Safety & Undefined Behavior Detection. It is capable of analyzing single Rust packages as well as all the packages on crates.io. -- [Rust Language Server](https://github.com/rust-lang-nursery/rls) :warning: — Supports functionality such as 'goto definition', symbol search, reformatting, and code completion, and enables renaming and refactorings. +- [Rust Language Server](https://github.com/rust-lang-nursery/rls) — Supports functionality such as 'goto definition', symbol search, reformatting, and code completion, and enables renaming and refactorings. - [rust-analyzer](https://rust-analyzer.github.io) — Supports functionality such as 'goto definition', type inference, symbol search, reformatting, and code completion, and enables renaming and refactorings. @@ -1116,7 +1116,7 @@ It removes a feature of a dependency and then compiles the project to see if it - [sleek](https://github.com/nrempel/sleek) — Sleek is a CLI tool for formatting SQL. It helps you maintain a consistent style across your SQL code, enhancing readability and productivity. The heavy lifting is done by the sqlformat crate. -- [sqlcheck](https://github.com/jarulraj/sqlcheck) :warning: — Automatically identify anti-patterns in SQL queries. +- [sqlcheck](https://github.com/jarulraj/sqlcheck) — Automatically identify anti-patterns in SQL queries. - [SQLFluff](https://www.sqlfluff.com/) — Multiple dialect SQL linter and formatter. @@ -1126,7 +1126,7 @@ It removes a feature of a dependency and then compiles the project to see if it - [tsqllint](https://github.com/tsqllint/tsqllint) — T-SQL-specific linter. -- [TSqlRules](https://github.com/ashleyglee/TSqlRules) :warning: — TSQL Static Code Analysis Rules for SQL Server. +- [TSqlRules](https://github.com/ashleyglee/TSqlRules) — TSQL Static Code Analysis Rules for SQL Server. - [Visual Expert](https://www.visual-expert.com) :copyright: — Code analysis for PowerBuilder, Oracle, and SQL Server Explores, analyzes, and documents Code @@ -1221,7 +1221,7 @@ TSLint is an extensible static analysis tool that checks TypeScript code for rea

Vim Script

-- [vint](https://github.com/Kuniwak/vint) :warning: — Fast and Highly Extensible Vim script Language Lint implemented by Python. +- [vint](https://github.com/Kuniwak/vint) — Fast and Highly Extensible Vim script Language Lint implemented by Python. ## Multiple languages @@ -1393,7 +1393,7 @@ TSLint is an extensible static analysis tool that checks TypeScript code for rea - [Qwiet AI](https://qwiet.ai/) :copyright: — Identify vulnerabilities that are unique to your code base before they reach production. Leverages the Code Property Graph (CPG) to run its analyses concurrently in a single graph of graphs. Automatically finds business logic flaws in dev like hardcoded secrets and logic bombs -- [Refactoring Essentials](https://marketplace.visualstudio.com/items?itemName=SharpDevelopTeam.RefactoringEssentialsforVisualStudio) :warning: — The free Visual Studio 2015 extension for C# and VB.NET refactorings, including code best practice analyzers. +- [Refactoring Essentials](https://marketplace.visualstudio.com/items?itemName=SharpDevelopTeam.RefactoringEssentialsforVisualStudio) — The free Visual Studio 2015 extension for C# and VB.NET refactorings, including code best practice analyzers. - [relint](https://github.com/codingjoe/relint) — A static file linter that allows you to write custom rules using regular expressions (RegEx). @@ -1401,7 +1401,7 @@ TSLint is an extensible static analysis tool that checks TypeScript code for rea - [RIPS](https://www.ripstech.com) :copyright: — A static source code analyser for vulnerabilities in PHP scripts. -- [Rome](https://rome.tools/) — Rome was a linter, compiler, bundler, and [more](https://rome.tools/#development-status) for JavaScript, TypeScript, JSON, HTML, Markdown, and CSS. It has since been succeeded by [biome](https://biomejs.dev/). +- [Rome](https://rome.tools/) :warning: — Rome was a linter, compiler, bundler, and [more](https://rome.tools/#development-status) for JavaScript, TypeScript, JSON, HTML, Markdown, and CSS. It has since been succeeded by [biome](https://biomejs.dev/). - [Rome Formatter](https://rome.tools/blog/2022/04/05/rome-formatter-release) :warning: — A performant and fault-tolerant code formatter for JS/TS written in Rust. Superceded by [biome](https://biomejs.dev/). @@ -1486,7 +1486,7 @@ TSLint is an extensible static analysis tool that checks TypeScript code for rea - [WhiteHat Application Security Platform](https://www.whitehatsec.com/platform/static-application-security-testing) :copyright: — WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10. -- [Wotan](https://github.com/fimbullinter/wotan) :warning: — Pluggable TypeScript and JavaScript linter. +- [Wotan](https://github.com/fimbullinter/wotan) — Pluggable TypeScript and JavaScript linter. - [XCode](https://developer.apple.com/xcode) :copyright: — XCode provides a pretty decent UI for [Clang's](https://clang-analyzer.llvm.org/xcode.html) static code analyzer (C/C++, Obj-C). @@ -1600,7 +1600,7 @@ Loading address: binbloom can parse a raw binary firmware and determine its load - [sass-lint](https://github.com/sasstools/sass-lint) :warning: — A Node-only Sass linter for both sass and scss syntax. -- [scsslint](https://github.com/brigade/scss-lint) — Linter for SCSS files. +- [scsslint](https://github.com/brigade/scss-lint) :warning: — Linter for SCSS files. - [Specificity Graph](https://jonassebastianohlsson.com/specificity-graph) — CSS Specificity Graph Generator. @@ -1891,7 +1891,7 @@ It is inspired by, contains code from and is designed to stay close to [Kubeval] - [paprika](https://github.com/GeoffreyHecht/paprika) :warning: — A toolkit to detect some code smells in analyzed Android applications. -- [qark](https://github.com/linkedin/qark) :warning: — Tool to look for several security related Android application vulnerabilities. +- [qark](https://github.com/linkedin/qark) — Tool to look for several security related Android application vulnerabilities. - [redex](https://fbredex.com) — Redex provides a framework for reading, writing, and analyzing .dex files, and a set of optimization passes that use this framework to improve the bytecode. An APK optimized by Redex should be smaller and faster. diff --git a/data/api/tools.json b/data/api/tools.json index b86fd2cef8..e933c76c8a 100644 --- a/data/api/tools.json +++ b/data/api/tools.json @@ -2134,7 +2134,7 @@ "source": "https://github.com/typetools/checker-framework", "pricing": null, "plans": null, - "description": "Pluggable type-checking for Java.", + "description": "Pluggable type-checking for Java. This is not just a bug-finder, but a verification tool that gives a guarantee of correctness. It comes with 27 pre-built type systems, and it enables users to define their own type system; the manual lists over 30 user-contributed type systems.", "discussion": null, "deprecated": null, "resources": null, @@ -14419,7 +14419,7 @@ "plans": null, "description": "Visualizes metrics and source code.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -14446,7 +14446,7 @@ "plans": null, "description": "Tool to look for several security related Android application vulnerabilities.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -14560,7 +14560,7 @@ "plans": null, "description": "Pattern Based Checking Tool for Ruby.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -14686,7 +14686,7 @@ "plans": null, "description": "An open source static analysis security vulnerability scanner for Ruby on Rails applications.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -14872,7 +14872,7 @@ "plans": null, "description": "The free Visual Studio 2015 extension for C# and VB.NET refactorings, including code best practice analyzers.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -15267,7 +15267,7 @@ "plans": null, "description": "Rome was a linter, compiler, bundler, and [more](https://rome.tools/#development-status) for JavaScript, TypeScript, JSON, HTML, Markdown, and CSS. It has since been succeeded by [biome](https://biomejs.dev/).", "discussion": null, - "deprecated": null, + "deprecated": true, "resources": null, "reviews": null, "demos": null, @@ -15328,7 +15328,7 @@ "plans": null, "description": "Roodi stands for Ruby Object Oriented Design Inferometer. It parses your Ruby code and warns you about design issues you have based on the checks that it has configured.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -15465,7 +15465,7 @@ "plans": null, "description": "A (WIP) JavaScript linter written in Rust designed to be as fast as possible, customizable, and easy to use.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -15607,7 +15607,7 @@ "plans": null, "description": "Rust Memory Safety & Undefined Behavior Detection. It is capable of analyzing single Rust packages as well as all the packages on crates.io.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -15749,7 +15749,7 @@ "plans": null, "description": "Supports functionality such as 'goto definition', symbol search, reformatting, and code completion, and enables renaming and refactorings.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -15886,7 +15886,7 @@ "plans": null, "description": "Static analysis tool for Golang that protects against SQL injections.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -15913,7 +15913,7 @@ "plans": null, "description": "A Ruby cyclomatic complexity analyzer.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -16210,7 +16210,7 @@ "plans": null, "description": "Linter for SCSS files.", "discussion": null, - "deprecated": null, + "deprecated": true, "resources": null, "reviews": null, "demos": null, @@ -17390,7 +17390,7 @@ "plans": null, "description": "Automatically identify anti-patterns in SQL queries.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": [ { "title": "SQLCheck: Automated Detection and Diagnosis of SQL Anti-Patterns", @@ -17893,7 +17893,7 @@ "plans": null, "description": "A programming-language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -19098,7 +19098,7 @@ "plans": null, "description": "TSQL Static Code Analysis Rules for SQL Server.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -19298,7 +19298,7 @@ "plans": null, "description": "With TypL, you just write completely standard JS, and the tool figures out your types via powerful inferencing.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -19816,7 +19816,7 @@ "plans": null, "description": "Fast and Highly Extensible Vim script Language Lint implemented by Python.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -20325,7 +20325,7 @@ "plans": null, "description": "Pluggable TypeScript and JavaScript linter.", "discussion": null, - "deprecated": true, + "deprecated": null, "resources": null, "reviews": null, "demos": null, @@ -20658,4 +20658,4 @@ "demos": null, "wrapper": null } -} +} \ No newline at end of file