Static analysis tools and practices for specific programming languages.
10 articlesA practical guide to static code analysis for C and C++ — covering Clang-Tidy, Cppcheck, Coverity, and the vulnerability classes that static analysis prevents in memory-unsafe languages.
A practical guide to static code analysis for C# — Roslyn analyzers, SonarQube, Security Code Scan, and how to build a complete .NET analysis pipeline.
A practical guide to static code analysis for Go — covering the built-in toolchain, key additional tools, and how to run comprehensive analysis in Go projects.
A practical guide to static code analysis for Java — the leading tools, common vulnerability patterns detected, and how to build analysis into your Maven or Gradle build.
A practical guide to static code analysis for JavaScript — covering ESLint, key plugins, common issues detected, and how to run analysis effectively in modern JS projects.
A practical guide to static code analysis for PHP — PHPStan, Psalm, PHP_CodeSniffer, and how to identify common web vulnerabilities in PHP applications.
A practical guide to static code analysis for Python — covering key tools, common issues detected, and how to integrate analysis into your Python development workflow.
A practical guide to static code analysis for Ruby — RuboCop, Brakeman, and how to detect security vulnerabilities in Ruby on Rails applications.
A practical guide to static code analysis for Rust — the compiler's built-in guarantees, Clippy, cargo-audit, and building a complete Rust analysis pipeline.
A practical guide to static code analysis for TypeScript — how the type system provides built-in analysis, what additional tools add, and how to build a complete TypeScript quality pipeline.