Show HN: Compare Analysis Tools For Python, Ruby, C, PHP, Go

Hey, this post got more attention than I thought. Happy to answer your questions and get some feedback on what to improve.<p>Maybe people are interested in some tech:<p>My colleague Jakub and me built this site with GatsbyJS and Cloudflare Edge Workers. The 99th percentile of response times from the workers is currently 9.7ms, which is impressive.<p>The code is fully open source on Github [1].<p>It is based on submissions by 190 individual contributors so far [2]<p>We went for an open model and completely depend on Github sponsors for the funding. We are not trying to rapidly grow here, rather build a steady business.<p>You can read more about the buisness model in our first blog post [3]. If your company might be interested in sponsoring, let us know or check the offerings here: <a href="https:&#x2F;&#x2F;github.com&#x2F;sponsors&#x2F;analysis-tools-dev&#x2F;" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;sponsors&#x2F;analysis-tools-dev&#x2F;</a> &lt;3<p>[1]: <a href="https:&#x2F;&#x2F;github.com&#x2F;analysis-tools-dev&#x2F;website&#x2F;" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;analysis-tools-dev&#x2F;website&#x2F;</a> [2]: <a href="https:&#x2F;&#x2F;github.com&#x2F;analysis-tools-dev&#x2F;static-analysis" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;analysis-tools-dev&#x2F;static-analysis</a> [3]: <a href="https:&#x2F;&#x2F;analysis-tools.dev&#x2F;blog&#x2F;static-analysis-is-broken-lets-fix-it" rel="nofollow">https:&#x2F;&#x2F;analysis-tools.dev&#x2F;blog&#x2F;static-analysis-is-broken-le...</a>

It looks like those tools are sorted by votes, but some of them can analyze different languages, and votes are shared between their languages.<p>For example, CodeScene, which supports 12 languages, is the currently most voted tool for PHP, and I&#x27;ve never heard of it. Not saying it&#x27;s bad or anything, but I highly doubt it&#x27;s popular in the PHP community, compared to other products.

Shameless self-promotion time: <i>TypeScript Call Graph</i><p>A CLI to generate an interactive graph of functions and calls from your TypeScript files.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;whyboris&#x2F;TypeScript-Call-Graph" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;whyboris&#x2F;TypeScript-Call-Graph</a>

It would be useful to list which tools support the SARIF standardized format (<a href="https:&#x2F;&#x2F;sarifweb.azurewebsites.net&#x2F;" rel="nofollow">https:&#x2F;&#x2F;sarifweb.azurewebsites.net&#x2F;</a>).

Now we need a meta static analysis tool that reports from all static analysis tools

Doesn&#x27;t look like my project meets the eligibility requirements yet, too new. So I&#x27;ll just share here for anyone interested.<p>Luanalysis - An IDE for statically typed Lua development. <a href="https:&#x2F;&#x2F;github.com&#x2F;Benjamin-Dobell&#x2F;IntelliJ-Luanalysis" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;Benjamin-Dobell&#x2F;IntelliJ-Luanalysis</a>

Sadly, many commercial source auditing tools like Coverity expressly forbid you from publishing any comparison or benchmark of their products, which is why you won&#x27;t find great information out there.

That is really comprehensive and useful, thank you.

This site could <i></i>really<i></i> use a filter option for cost of the product being mentioned.

Never heard of Teamscale before, yet it has a lot of votes in all its categories.<p>Also one of those expensive ones.

Great work! I think it would be helpful to tag static analyzer tools that are dedicated to security with a security tag (SAST tools like, Brakeman, Fortify SCA, Checkmarx CxSAST, Coverity, etc.) OWASP lists a bunch here: <a href="https:&#x2F;&#x2F;owasp.org&#x2F;www-community&#x2F;Source_Code_Analysis_Tools" rel="nofollow">https:&#x2F;&#x2F;owasp.org&#x2F;www-community&#x2F;Source_Code_Analysis_Tools</a>

How can I easily integrate all of them in my CI?

I&#x27;m not sure voting works?