Outils d'utilisateurs

Outils du Site


code_scanners

Ceci est une ancienne révision du document !


🛠 sonarqube https://www.sonarqube.org/

🛠 VisualCodeGrepper (VCG) - https://sourceforge.net/projects/visualcodegrepp/

🛠 Checkmarx https://www.checkmarx.com/

### Bugs finders

Tools to report issues in code that are or lead to bugs.

* [AppChecker](https://npo-echelon.ru/en/solutions/appchecker.php) - static analysis tool for finding bugs, weaknesses and vulnerabilities in source code * [Code insight](https://github.com/console-helpers/code-insight) - A tool for analysing other project code bases. * [Churn-PHP](https://github.com/bmitch/churn-php.git) - Discover files in need of refactoring. * [Eir](https://github.com/Lixody/Eir) - A static vulnerability analysis tool written in C#. * [Exakat](http://www.exakat.io/) - Smart static analysis. * [jscpd](https://github.com/kucherenko/jscpd) - Copy/paste detector for programming source code. * [Mondrian](https://github.com/Trismegiste/Mondrian) - A code analysis tool using Graph Theory. * [noverify](https://github.com/VKCOM/noverify) - Pretty fast linter (code static analysis utility) for PHP. * [Pfff](https://github.com/facebook/pfff) - Tools for code analysis, visualizations, or style-preserving source transformation. * [PHP Analysis](https://github.com/cwi-swat/php-analysis) - A library for analysing and modifying PHP Source Code in Rascal (PHP AiR). * [PHParch](https://github.com/j6s/phparch.git) - PHPArch is a work in progress architectural testing library for PHP projects. * [PHP Assumption](https://github.com/rskuipers/php-assumptions.git) - Finds <a href=“http://rskuipers.com/entry/from-assumptions-to-assertions”>weak assumptions</a> in the code, suggest to turn them into stronger validations. * [PhpCodeAnalyzer](https://github.com/wapmorgan/PhpCodeAnalyzer.git) - Finds usage of non-built-in extensions. * [PHPCodeFixer](https://github.com/wapmorgan/PhpCodeFixer) - Finds usage of deprecated functions, variables and ini directives. * [php7mar](https://github.com/Alexia/php7mar) - PHP 7 Migration Assistant Report. * [phpcallgraph](http://phpcallgraph.sourceforge.net/) - Generate static call graphs. Such a graph visualizes the call dependencies among methods or functions of an application.. * [PHPCPD](https://github.com/sebastianbergmann/phpcpd) - Spots copy/pasted code, and help enforcing DRY rule. * [Phan](https://github.com/etsy/phan) - The static analyzer by Rasmus, PHP Creator. * [Phinder](https://github.com/sider/phinder.git) - PHP code piece finder * [Phortress](https://github.com/lowjoel/phortress) - A PHP static code analyser for potential vulnerabilities. * [PHP Code Static Analysis](https://github.com/joaaoleite/code-static-analysis) - PHP Code static analysis program made in nodeJS. * [PHP Inspection](https://plugins.jetbrains.com/plugin/7622?pr=idea) - Static analysis plugin for PHPStorm. * [PHP Integrator](https://github.com/php-integrator) - Indexes PHP code and performs static analysis for Atom editor. * [Phlint](https://gitlab.com/phlint/phlint) - Phlint is a tool with an aim to help maintain quality of php code by analyzing code and pointing out potential code issues. * [PHP lint](http://php.net/manual/en/features.commandline.options.php) - PHP itself, able to detect syntax error from command line. * [PHPlint](http://www.icosaedro.it/phplint/) - A validator and documentator for PHP 5 programs. * [PHP-Parallel-Lint](https://github.com/JakubOnderka/PHP-Parallel-Lint) - A parallel php linting tool for PHP 5.3.3 or newer * [PHP Magic Number Detector](https://github.com/povils/phpmnd) - PHP Magic Number Detector * [PHP-malware-finder](https://github.com/nbs-system/php-malware-finder) - Detect potentially malicious PHP files * [PHP Mess Detector](http://phpmd.org/) - Look for several potential problems within source code. * [PHP Reaper](https://github.com/emanuil/php-reaper.git) - Scan ADOdb code for SQL Injections. * [PHP SA](https://github.com/ovr/phpsa) - A development tool aimed at bringing complex analysis for PHP applications and libraries. * [PHP Stan](https://github.com/phpstan/phpstan) - Focuses on finding errors in code without actually running it. * [PHP Unlocker](http://emanuilslavov.com/php-unlocker/) - Detect potential, unintended DB table locks for PHP applications using ADOdb. Uses static analysis methods. * [PHP testability](https://github.com/edsonmedina/php_testability) - Analyses and produces a report with testability issues of a php codebase. * [PHP vuln hunter](https://github.com/OneSourceCat/phpvulhunter) - Scan PHP vulnerabilities automatically using static analysis methods. * [Progpilot](https://github.com/designsecurity/progpilot) - A static analysis tool for security purposes. * [Psalm](https://getpsalm.org/) - A static analysis tool for finding errors in PHP applications. * [psecio:parse](https://github.com/psecio/parse.git) - Parse : A PHP Security Scanner. * [SonarQube](http://www.sonarqube.org/) - An open platform to manage code quality. It covers PHP code. * [Side Channel Analyzer](https://github.com/olivo/side-channel-analyzer) - Search for side-channel vulnerable code. * [TaintPHP](https://github.com/olivo/TaintPHP.git) - Static Taint Analyzer. * [Taint'em All](http://taint.spro.ink/) - A taint analysis tool for the PHP language, it makes use of Static Taint Analysis + Symbolic Execution. * [Tuli](https://github.com/ircmaxell/Tuli) - A static analysis engine. * [Unused-scanner](https://github.com/Insolita/unused-scanner.git) - Detect unused composer dependencies * [WAP](https://www.owasp.org/index.php/OWASP_WAP-Web_Application_Protection) - Tool to detect and correct input validation vulnerabilities in PHP (4.0 or higher) web applications and predicts false positives. * [PHP VarDump Check](https://github.com/JakubOnderka/PHP-Var-Dump-Check) - PHP console application for finding forgotten variable dump. * [17eyes](https://github.com/17eyes/17eyes) - PHP static analyzer written in Haskell.

code_scanners.1570741750.txt.gz · Dernière modification: 2019/10/10 23:09 par M0N5T3R