Knowledge Tree
Home Research Docs About
concept

static analysis

Also known as: static analysis tools

Facts (14)

Sources
bureado/awesome-software-supply-chain-security - GitHub github.com GitHub 6 facts
referencesecurego/gosec is a static analysis tool for the Go programming language that detects security problems by scanning the Go Abstract Syntax Tree (AST) and enforcing secure coding practices.
referenceeliasgranderubio/dagda is a tool that performs static analysis of Docker images and containers to detect vulnerabilities, trojans, viruses, malware, and other malicious threats, while also monitoring the Docker daemon and running containers for anomalous activities.
referenceMandiant capa is a reverse engineering tool that recognizes behaviors in binaries using expert-crafted rules for API calls, constants, and strings, supporting both static and dynamic analysis via IDA Pro, Binary Ninja, and Ghidra.
referencebanyanops/collector is a framework designed for the static analysis of Docker container images.
referenceSemgrep is a static analysis tool used to detect dependency acquisition in software supply chains.
referencegraudit is a static analysis tool used to detect dependency acquisition.
A Mixed-Methods Study of Open-Source Software Maintainers On ... arxiv.org arXiv Feb 3, 2025 6 facts
claimOpen-source software maintainers use external tools, such as Coverity for static analysis, to manage vulnerabilities.
referenceBrittany Johnson and colleagues conducted a study on why software developers do not use static analysis tools to find bugs, presented at the 2013 35th International Conference on Software Engineering.
referenceAutomated dependency analysis tools provide alerts for library upgrades, while code scanning tools identify vulnerabilities like secrets through static analysis.
referenceSynopsys provides the Coverity Scan static analysis tool, which has been active since 2006.
referenceFadi Wedyan, Dalal Alrmuny, and James M. Bieman evaluated the effectiveness of automated static analysis tools for fault detection and refactoring prediction in a 2009 paper presented at the International Conference on Software Testing Verification and Validation.
claimThe majority of noise reported by open-source software maintainers regarding platform security features stems from dependency false positives, while other noise originates from static analysis tooling, such as code scanning, and general notification annoyance.
EdinburghNLP/awesome-hallucination-detection - GitHub github.com GitHub 1 fact
procedureThe ETF framework is a hallucination detection framework tailored for code summarization that detects intrinsic and extrinsic hallucinations by tracing code entities (variables, methods, classes) from source code to generated summaries using static analysis principles.
Best practices for version control to enhance development workflows harness.io Harness Mar 17, 2025 1 fact
procedureAutomated code quality tools, including linting, static analysis, and vulnerability scanning, can be configured to run automatically upon commit or pull request creation.