What does HackerNews think of static-analysis?

⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

Language: Rust

#17 in Awesome Lists
Checked C | Dec 2022
Expand Context ↕
Maintainer of the list here. Thanks for mentioning it. I have not heard of Microsoft's analyze. Could you paste a link here? I will add it to the list, then. Alternatively you could send a pull request to the repository. ;) https://github.com/analysis-tools-dev/static-analysis
ShellCheck: A static analysis tool for shell scripts | Mar 2021
Expand Context ↕
Same. Few years ago I started a little list of linters. Just kept adding tools and the list is huge now thanks to lots of contributors. https://github.com/analysis-tools-dev/static-analysis Still love adding new linters there when I cross their path. :)
NIST Samate – Source Code Security Analyzers | Sep 2020
Additional lists of static analysis, dynamic analysis, SAST, DAST, and other source code analysis tools:

OWAP > Source Code Analysis Tools: https://owasp.org/www-community/Source_Code_Analysis_Tools

https://analysis-tools.dev/ (supports upvotes and downvotes)

analysis-tools-dev/static-analysis: https://github.com/analysis-tools-dev/static-analysis

analysis-tools-dev/dynamic-analysis: https://github.com/analysis-tools-dev/dynamic-analysis

devsecops/awesome-devsecops: https://github.com/devsecops/awesome-devsecops , https://github.com/TaptuIT/awesome-devsecops

kai5263499/awesome-container-security: https://github.com/kai5263499/awesome-container-security

https://en.wikipedia.org/wiki/DevOps#DevSecOps,_Shifting_Sec... :

> DevSecOps is an augmentation of DevOps to allow for security practices to be integrated into the DevOps approach. The traditional centralised security team model must adopt a federated model allowing each delivery team the ability to factor in the correct security controls into their DevOps practices.

awesome-safety-critical: https://awesome-safety-critical.readthedocs.io/en/latest/

NIST Samate – Source Code Security Analyzers | Sep 2020
Some other lists of these sort of things:

https://github.com/analysis-tools-dev/static-analysis https://github.com/analysis-tools-dev/dynamic-analysis https://github.com/collab-qa/check-all-the-things/tree/maste... https://github.com/collab-qa/check-all-the-things/blob/maste...

Show HN: Compare Analysis Tools For Python, Ruby, C, PHP, Go | Aug 2020
You can already create a pull request and then we'll merge it as soon as the acceptance criteria is met. In the meantime you'll get some exposure through the PR on https://github.com/analysis-tools-dev/static-analysis as well, which is where we get some traffic as well (~500 unique visitors per week).
Show HN: A list of 470 static analysis tools | Aug 2020
Hey, this post got more attention than I thought. Happy to answer your questions and get some feedback on what to improve.

Maybe people are interested in some tech:

My colleague Jakub and me built this site with GatsbyJS and Cloudflare Edge Workers. The 99th percentile of response times from the workers is currently 9.7ms, which is impressive.

The code is fully open source on Github [1].

It is based on submissions by 190 individual contributors so far [2]

We went for an open model and completely depend on Github sponsors for the funding. We are not trying to rapidly grow here, rather build a steady business.

You can read more about the buisness model in our first blog post [3]. If your company might be interested in sponsoring, let us know or check the offerings here: https://github.com/sponsors/analysis-tools-dev/ <3

[1]: https://github.com/analysis-tools-dev/website/ [2]: https://github.com/analysis-tools-dev/static-analysis [3]: https://analysis-tools.dev/blog/static-analysis-is-broken-le...