diff --git a/.lycheeignore b/.lycheeignore index 62924c48d..3cd3bc9de 100644 --- a/.lycheeignore +++ b/.lycheeignore @@ -1,11 +1,6 @@ -https://www.castsoftware.com/highlight -ptsecurity.com -https://rome.tools -https://marketplace.visualstudio.com/items?itemName=rome.rome -# DeepCode is now part of Snyk -deepcode.ai -# https://github.com/amperser/proselint/issues/1357 +# Proselint is down. See https://github.com/amperser/proselint/issues/1357 proselint.com -# unable to get local issuer certificate -# https://github.com/analysis-tools-dev/static-analysis/issues/1474 -https://checkerframework.org/ +# Seems to be a bot detection issue +https://www.mathworks.com/products/polyspace-bug-finder.html +# Forbidden +https://www.freepik.com/ \ No newline at end of file diff --git a/README.md b/README.md index 5ab0e58a3..fe8a7f384 100644 --- a/README.md +++ b/README.md @@ -845,8 +845,6 @@ A ktfmt IntelliJ plugin is available from the plugin repository. To install it, - [Mondrian](https://trismegiste.github.io/Mondrian) :warning: — A set of static analysis and refactoring tools which use graph theory. -- [Nitpick CI](https://nitpick-ci.com) :copyright: — Automated PHP code review. - - [parallel-lint](https://github.com/php-parallel-lint/PHP-Parallel-Lint) — This tool checks syntax of PHP files faster than serial check with a fancier output. - [Parse](https://github.com/psecio/parse) — A Static Security Scanner. @@ -861,7 +859,7 @@ A ktfmt IntelliJ plugin is available from the plugin repository. To install it, - [PHP Coding Standards Fixer](https://cs.symfony.com) — Fixes your code according to standards like PSR-1, PSR-2, and the Symfony standard. -- [PHP Insights](https://phpinsights.com) — Instant PHP quality checks from your console. Analysis of code quality and coding style as well as overview of code architecture and its complexity. +- [PHP Insights](https://github.com/nunomaduro/phpinsights) — Instant PHP quality checks from your console. Analysis of code quality and coding style as well as overview of code architecture and its complexity. - [Php Inspections (EA Extended)](https://plugins.jetbrains.com/plugin/7622-php-inspections-ea-extended-) — A Static Code Analyzer for PHP. @@ -1011,8 +1009,6 @@ It uses the pycodestyle utility to determine what parts of the code needs to be - [pyanalyze](https://pyanalyze.readthedocs.io/en/latest/) — A tool for programmatically detecting common mistakes in Python code, such as references to undefined variables and type errors. It can be extended to add additional rules and perform checks specific to particular functions. -- [PyCodeQual](https://pycodequ.al) :copyright: — PyCodeQual gives you insights into complexity and bug risks. It adds automatic reviews to your pull requests. - - [pycodestyle](https://pycodestyle.pycqa.org/en/latest) — (Formerly `pep8`) Check Python code against some of the style conventions in PEP 8. - [pydocstyle](http://www.pydocstyle.org) :warning: — Check compliance with Python docstring conventions. @@ -1067,7 +1063,7 @@ YAPF follows a distinctive methodology, originating from the 'clang-format' tool - [cyclocomp](https://github.com/MangoTheCat/cyclocomp) — Quantifies the cyclomatic complexity of R functions / expressions. -- [goodpractice](https://mangothecat.github.io/goodpractice) — Analyses the source code for R packages and provides best-practice recommendations. +- [goodpractice](https://docs.ropensci.org/goodpractice/) — Analyses the source code for R packages and provides best-practice recommendations. - [lintr](https://github.com/jimhester/lintr) — Static Code Analysis for R. @@ -1131,7 +1127,7 @@ YAPF follows a distinctive methodology, originating from the 'clang-format' tool - [Rubrowser](https://github.com/blazeeboy/rubrowser) — Ruby classes interactive dependency graph generator. -- [ruby-lint](http://code.yorickpeterse.com/ruby-lint/latest) :warning: — Static code analysis for Ruby. +- [ruby-lint](https://gitlab.com/yorickpeterse/ruby-lint) :warning: — Static code analysis for Ruby. - [rubycritic](https://github.com/whitesmith/rubycritic) — A Ruby code quality reporter. @@ -1399,7 +1395,7 @@ TSLint is an extensible static analysis tool that checks TypeScript code for rea - [Clayton](https://www.getclayton.com/) :copyright: — AI-powered code reviews for Salesforce. Secure your developments, enforce best practice and control your technical debt in real-time. -- [coala](https://coala.io) :warning: — Language independent framework for creating code analysis - supports [over 60 languages](https://coala.io/languages) by default. +- [coala](https://github.com/coala/coala) :warning: — Language independent framework for creating code analysis - supports [over 60 languages](https://coala.io/languages) by default. - [Cobra](https://spinroot.com/cobra) :copyright: — Structural source code analyzer by NASA's Jet Propulsion Laboratory. @@ -1421,8 +1417,6 @@ TSLint is an extensible static analysis tool that checks TypeScript code for rea - [Codemodder](https://codemodder.io/) — Codemodder is a pluggable framework for building expressive codemods. Use Codemodder when you need more than a linter or code formatting tool. Use it to fix non-trivial security issues and other code quality problems. -- [CodePatrol](https://cyber-security.claranet.fr/en/codepatrol) :copyright: — Automated SAST code reviews driven by security, supports 15+ languages and includes security training. - - [codeql](https://github.com/github/codeql) — Deep code analysis - semantic queries and dataflow for several languages with VSCode plugin support. - [CodeQue](https://codeque.co) — Ecosystem for structural matching JavaScript and TypeScript code. Offers search tool that understands code structure. Available as CLI tool and Visual Studio Code extension. It helps to search code faster and more accurately making you workflow more effective. Soon it will offer ESLint plugin to create your own rules in minutes to help with assuring codebase quality. @@ -1449,7 +1443,7 @@ TSLint is an extensible static analysis tool that checks TypeScript code for rea - [cqc](https://github.com/xcatliu/cqc) :warning: — Check your code quality for js, jsx, vue, css, less, scss, sass and styl files. -- [DeepCode](https://www.deepcode.ai) :warning: :copyright: — DeepCode was acquired by Snyk is now Snyk Code. +- [DeepCode](https://snyk.io/platform/deepcode-ai/) :warning: :copyright: — DeepCode was acquired by Snyk is now Snyk Code. - [DeepSource](https://deepsource.com) :copyright: — In-depth static analysis to find issues in verticals of bug risks, security, anti-patterns, performance, documentation and style. Native integrations with GitHub, GitLab and Bitbucket. Less than 5% false positives. @@ -1631,7 +1625,7 @@ TSLint is an extensible static analysis tool that checks TypeScript code for rea - [weggli](https://github.com/googleprojectzero/weggli) — A fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases. -- [WhiteHat Application Security Platform](https://www.whitehatsec.com/platform/static-application-security-testing) :copyright: — WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10. +- [WhiteHat Application Security Platform](https://source.whitehatsec.com/help/sentinel/sast-service-detail.html) :copyright: — WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10. - [Wotan](https://github.com/fimbullinter/wotan) :warning: — Pluggable TypeScript and JavaScript linter. @@ -1665,7 +1659,7 @@ TSLint is an extensible static analysis tool that checks TypeScript code for rea - [alquitran](https://github.com/ferivoz/alquitran) — Inspects tar archives and tries to spot portability issues in regard to POSIX 2017 pax specification and common tar implementations. This project is intended to be used by maintainers of projects who want to offer portable source code archives for as many systems as possible. Checking tar archives with alquitran before publishing them should help spotting issues before they reach distributors and users. -- [packj](https://packj.dev) — Packj (pronounced package) is a command line (CLI) tool to vet open-source software packages for "risky" attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports. +- [packj](https://github.com/ossillate-inc/packj) — Packj (pronounced package) is a command line (CLI) tool to vet open-source software packages for "risky" attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports. - [pure](https://github.com/ronomon/pure) :warning: — Pure is a static analysis file format checker that checks ZIP files for dangerous compression ratios, spec deviations, malicious archive signatures, mismatching local and central directory headers, ambiguous UTF-8 filenames, directory and symlink traversals, invalid MS-DOS dates, overlapping headers, overflow, underflow, sparseness, accidental buffer bleeds etc. @@ -1875,8 +1869,6 @@ Its technology helps developers automate testing, find bugs, and reduce manual l - [Goblint](https://goblint.in.tum.de) — A static analyzer for the analysis of multi-threaded C programs. Its primary focus is the detection of data races, but it also reports other runtime errors, such as buffer overflows and null-pointer dereferences. -- [Nitpick CI](https://nitpick-ci.com) :copyright: — Automated PHP code review. - - [PullRequest](https://www.pullrequest.com) :copyright: — Code review as a service with built-in static analysis. Increase velocity and reduce technical debt through quality code review by expert engineers backed by best-in-class automation. - [quality](https://github.com/apiology/quality) :warning: — Runs quality checks on your code using community tools, and makes sure your numbers don't get any worse over time. @@ -2068,7 +2060,7 @@ but with the following improvements:

Mobile

-- [Android Lint](http://tools.android.com/tips/lint) — Run static analysis on Android projects. +- [Android Lint](https://developer.android.com/studio/write/lint) — Run static analysis on Android projects. - [android-lint-summary](https://passy.github.io/android-lint-summary) :warning: — Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once. @@ -2206,7 +2198,7 @@ Kani verifies: - [lockfile-lint](https://github.com/lirantal/lockfile-lint) — Lint an npm or yarn lockfile to analyze and detect security issues -- [LunaSec](https://www.lunasec.io) — Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. +- [LunaSec](https://github.com/marketplace/lunatrace-by-lunasec/) — Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. - [njsscan](https://opensecurity.in) — A static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep. diff --git a/data/api/tools.json b/data/api/tools.json index 6956ab794..1ccb84cca 100644 --- a/data/api/tools.json +++ b/data/api/tools.json @@ -319,7 +319,7 @@ "types": [ "cli" ], - "homepage": "http://tools.android.com/tips/lint", + "homepage": "https://developer.android.com/studio/write/lint", "source": "https://android.googlesource.com", "pricing": null, "plans": null, @@ -2881,7 +2881,7 @@ "types": [ "cli" ], - "homepage": "https://coala.io", + "homepage": "https://github.com/coala/coala", "source": "https://github.com/coala/coala", "pricing": null, "plans": null, @@ -3457,39 +3457,6 @@ "demos": null, "wrapper": null }, - "codepatrol": { - "name": "CodePatrol", - "categories": [ - "linter" - ], - "languages": [ - "csharp", - "java", - "javascript", - "php" - ], - "other": [ - "ci", - "security" - ], - "licenses": [ - "proprietary" - ], - "types": [ - "service" - ], - "homepage": "https://cyber-security.claranet.fr/en/codepatrol", - "source": null, - "pricing": null, - "plans": null, - "description": "Automated SAST code reviews driven by security, supports 15+ languages and includes security training.", - "discussion": null, - "deprecated": null, - "resources": null, - "reviews": null, - "demos": null, - "wrapper": null - }, "codepeer": { "name": "Codepeer", "categories": [ @@ -5059,7 +5026,7 @@ "types": [ "service" ], - "homepage": "https://www.deepcode.ai", + "homepage": "https://snyk.io/platform/deepcode-ai/", "source": null, "pricing": null, "plans": null, @@ -8340,7 +8307,7 @@ "types": [ "cli" ], - "homepage": "https://mangothecat.github.io/goodpractice", + "homepage": "https://docs.ropensci.org/goodpractice/", "source": "https://github.com/mangothecat/goodpractice", "pricing": null, "plans": null, @@ -11126,7 +11093,7 @@ "types": [ "service" ], - "homepage": "https://www.lunasec.io", + "homepage": "https://github.com/marketplace/lunatrace-by-lunasec/", "source": "https://github.com/lunasec-io/lunasec", "pricing": null, "plans": null, @@ -12151,38 +12118,6 @@ "demos": null, "wrapper": null }, - "nitpick-ci": { - "name": "Nitpick CI", - "categories": [ - "linter" - ], - "languages": [ - "php" - ], - "other": [ - "ci" - ], - "licenses": [ - "proprietary" - ], - "types": [ - "service" - ], - "homepage": "https://nitpick-ci.com", - "source": null, - "pricing": "https://nitpick-ci.com/#pricing", - "plans": { - "free": false, - "oss": true - }, - "description": "Automated PHP code review.", - "discussion": null, - "deprecated": null, - "resources": null, - "reviews": null, - "demos": null, - "wrapper": null - }, "njsscan": { "name": "njsscan", "categories": [ @@ -12598,7 +12533,7 @@ "types": [ "cli" ], - "homepage": "https://packj.dev", + "homepage": "https://github.com/ossillate-inc/packj", "source": "https://github.com/ossillate-inc/packj", "pricing": null, "plans": null, @@ -13211,7 +13146,7 @@ "types": [ "cli" ], - "homepage": "https://phpinsights.com", + "homepage": "https://github.com/nunomaduro/phpinsights", "source": "https://github.com/nunomaduro/phpinsights", "pricing": null, "plans": null, @@ -14957,36 +14892,6 @@ "demos": null, "wrapper": null }, - "pycodequal": { - "name": "PyCodeQual", - "categories": [ - "linter" - ], - "languages": [ - "python" - ], - "other": [], - "licenses": [ - "proprietary" - ], - "types": [ - "service" - ], - "homepage": "https://pycodequ.al", - "source": null, - "pricing": "https://pycodequ.al/pricing", - "plans": { - "free": true, - "oss": false - }, - "description": "PyCodeQual gives you insights into complexity and bug risks. It adds automatic reviews to your pull requests.", - "discussion": null, - "deprecated": null, - "resources": null, - "reviews": null, - "demos": null, - "wrapper": null - }, "pycodestyle": { "name": "pycodestyle", "categories": [ @@ -16429,7 +16334,7 @@ "types": [ "cli" ], - "homepage": "http://code.yorickpeterse.com/ruby-lint/latest", + "homepage": "https://gitlab.com/yorickpeterse/ruby-lint", "source": "https://gitlab.com/yorickpeterse/ruby-lint", "pricing": null, "plans": null, @@ -21169,7 +21074,7 @@ "types": [ "cli" ], - "homepage": "https://www.whitehatsec.com/platform/static-application-security-testing", + "homepage": "https://source.whitehatsec.com/help/sentinel/sast-service-detail.html", "source": null, "pricing": null, "plans": null, diff --git a/data/tools/android-lint.yml b/data/tools/android-lint.yml index 7cb89e3a7..3f4fd3c3a 100644 --- a/data/tools/android-lint.yml +++ b/data/tools/android-lint.yml @@ -6,6 +6,6 @@ tags: license: Android Software Development Kit License Agreement types: - cli -source: 'https://android.googlesource.com' -homepage: 'http://tools.android.com/tips/lint' +source: "https://android.googlesource.com" +homepage: "https://developer.android.com/studio/write/lint" description: Run static analysis on Android projects. diff --git a/data/tools/coala.yml b/data/tools/coala.yml index c45f20d98..9a07161cd 100644 --- a/data/tools/coala.yml +++ b/data/tools/coala.yml @@ -8,10 +8,11 @@ tags: - java - javascript license: AGPL-3.0-only +deprecated: true types: - cli -source: 'https://github.com/coala/coala' -homepage: 'https://coala.io' +source: "https://github.com/coala/coala" +homepage: "https://github.com/coala/coala" description: >- Language independent framework for creating code analysis - supports [over 60 languages](https://coala.io/languages) by default. diff --git a/data/tools/codepatrol.yml b/data/tools/codepatrol.yml deleted file mode 100644 index 9e4e9ee2f..000000000 --- a/data/tools/codepatrol.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: CodePatrol -categories: - - linter -tags: - - ci - - csharp - - java - - javascript - - php - - security -license: proprietary -types: - - service -homepage: 'https://cyber-security.claranet.fr/en/codepatrol' -description: >- - Automated SAST code reviews driven by security, supports 15+ languages and - includes security training. diff --git a/data/tools/deepcode.yml b/data/tools/deepcode.yml index a9b3c048c..b6540e69f 100644 --- a/data/tools/deepcode.yml +++ b/data/tools/deepcode.yml @@ -11,7 +11,7 @@ tags: license: proprietary types: - service -homepage: https://www.deepcode.ai +homepage: https://snyk.io/platform/deepcode-ai/ deprecated: true description: >- DeepCode was acquired by Snyk is now Snyk Code. diff --git a/data/tools/goodpractice.yml b/data/tools/goodpractice.yml index 7e52badf6..f622f2b27 100644 --- a/data/tools/goodpractice.yml +++ b/data/tools/goodpractice.yml @@ -6,8 +6,8 @@ tags: license: Other types: - cli -source: 'https://github.com/mangothecat/goodpractice' -homepage: 'https://mangothecat.github.io/goodpractice' +source: "https://github.com/mangothecat/goodpractice" +homepage: "https://docs.ropensci.org/goodpractice/" description: >- Analyses the source code for R packages and provides best-practice recommendations. diff --git a/data/tools/lunasec.yml b/data/tools/lunasec.yml index 5859f1c68..b7bfdba12 100644 --- a/data/tools/lunasec.yml +++ b/data/tools/lunasec.yml @@ -6,8 +6,8 @@ tags: license: Apache License Version 2.0 types: - service -homepage: 'https://www.lunasec.io' -source: 'https://github.com/lunasec-io/lunasec' +homepage: "https://github.com/marketplace/lunatrace-by-lunasec/" +source: "https://github.com/lunasec-io/lunasec" description: >- Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. diff --git a/data/tools/nitpick-ci.yml b/data/tools/nitpick-ci.yml deleted file mode 100644 index 731aafa85..000000000 --- a/data/tools/nitpick-ci.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: Nitpick CI -categories: - - linter -tags: - - ci - - php -license: proprietary -types: - - service -homepage: https://nitpick-ci.com -description: Automated PHP code review. -pricing: https://nitpick-ci.com/#pricing -plans: - free: false - oss: true diff --git a/data/tools/packj.yml b/data/tools/packj.yml index a7141bc2d..83a2278a7 100644 --- a/data/tools/packj.yml +++ b/data/tools/packj.yml @@ -3,11 +3,11 @@ categories: - linter tags: - archive -license: AGPL-3.0 +license: AGPL-3.0 types: - - cli -source: 'https://github.com/ossillate-inc/packj' -homepage: 'https://packj.dev' + - cli +source: "https://github.com/ossillate-inc/packj" +homepage: "https://github.com/ossillate-inc/packj" description: >- Packj (pronounced package) is a command line (CLI) tool to vet open-source software packages for "risky" attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis diff --git a/data/tools/php-insights.yml b/data/tools/php-insights.yml index 7cef8c785..8056bb889 100644 --- a/data/tools/php-insights.yml +++ b/data/tools/php-insights.yml @@ -6,8 +6,8 @@ tags: license: MIT License types: - cli -source: 'https://github.com/nunomaduro/phpinsights' -homepage: 'https://phpinsights.com' +source: "https://github.com/nunomaduro/phpinsights" +homepage: "https://github.com/nunomaduro/phpinsights" description: >- Instant PHP quality checks from your console. Analysis of code quality and coding style as well as overview of code architecture and its complexity. diff --git a/data/tools/pycodequal.yml b/data/tools/pycodequal.yml deleted file mode 100644 index 1593100e3..000000000 --- a/data/tools/pycodequal.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: PyCodeQual -categories: - - linter -tags: - - python -license: proprietary -types: - - service -homepage: https://pycodequ.al -description: >- - PyCodeQual gives you insights into complexity and bug risks. It adds automatic reviews - to your pull requests. -pricing: https://pycodequ.al/pricing -plans: - free: true - oss: false diff --git a/data/tools/ruby-lint.yml b/data/tools/ruby-lint.yml index 00cee24bf..a82935f88 100644 --- a/data/tools/ruby-lint.yml +++ b/data/tools/ruby-lint.yml @@ -4,9 +4,9 @@ categories: tags: - ruby deprecated: true -license: 'Mozilla Public License, version 2.0' +license: "Mozilla Public License, version 2.0" types: - cli -source: 'https://gitlab.com/yorickpeterse/ruby-lint' -homepage: 'http://code.yorickpeterse.com/ruby-lint/latest' +source: "https://gitlab.com/yorickpeterse/ruby-lint" +homepage: "https://gitlab.com/yorickpeterse/ruby-lint" description: Static code analysis for Ruby. diff --git a/data/tools/whitehat-application-security-platform.yml b/data/tools/whitehat-application-security-platform.yml index 7df4508df..4365cd58d 100644 --- a/data/tools/whitehat-application-security-platform.yml +++ b/data/tools/whitehat-application-security-platform.yml @@ -15,7 +15,7 @@ tags: license: proprietary types: - cli -homepage: 'https://www.whitehatsec.com/platform/static-application-security-testing' +homepage: "https://source.whitehatsec.com/help/sentinel/sast-service-detail.html" description: >- WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10.