Top 22 Rust Static Analysis Projects

Static Analysis

• Add a project

1. ruff

   1 138 44,521 10.0 Rust

   An extremely fast Python linter and code formatter, written in Rust.

   

   Project mention: Ty: An fast Python type checker and LSP | news.ycombinator.com | 2025-12-16

   There was a hang/performance bug [1, 2] that was reported just after the beta release, which we've since fixed [3]. You might try seeing if we get through your entire project now?

   (And as an aside, there _is_ a verbose mode: if you add `-vv` you'll get DEBUG-level log messages printing out the name of each file as we start to check it, and you can set TY_MAX_PARALLELISM=1 in your env to make it very clear which file is causing the hang. That's how we debug these kinds of issues when they're reported to us.)

   [1] https://github.com/astral-sh/ty/issues/1968

   [2] https://github.com/astral-sh/ty/issues/1993

   [3] https://github.com/astral-sh/ruff/pull/22030

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. static-analysis

   2 15 14,261 8.9 Rust

   ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

   

4. ast-grep

   3 49 11,708 9.8 Rust

   ⚡A CLI tool for code structural search, lint and rewriting. Written in Rust

   

   Project mention: AST-Grep | news.ycombinator.com | 2025-09-10

5. binsider

   4 1 3,738 3.7 Rust

   Analyze ELF binaries like a boss 😼🕵️‍♂️

   

6. zizmor

   5 7 3,479 9.8 Rust

   Static analysis for GitHub Actions

   

   Project mention: Show HN: Zizmor, static analysis for GitHub Actions | news.ycombinator.com | 2025-06-26

7. flowistry

   6 20 2,965 5.9 Rust

   Flowistry is an IDE plugin for Rust that helps you focus on relevant code.

   

   Project mention: Flowistry: An IDE plugin for Rust that focuses on relevant code | news.ycombinator.com | 2025-10-18

   Explained in README: https://github.com/willcrichton/flowistry#why-isnt-flowistry...

8. qlty

   7 6 2,885 9.8 Rust

   💎 Code quality CLI for universal linting, auto-formatting, security scanning, and maintainability

   

   Project mention: Show HN: Pyscn – Python code quality analyzer for vibe coders | news.ycombinator.com | 2025-10-05

   This looks great! Duplication and dead code are especially tricky to catch because they are not visible in diffs.

   Since you mentioned the implementation details, a couple questions come to mind:

   1. Are there any research papers you found helpful or influential when building this? For example, I need to read up on using tree edit distance for code duplication.

   2. How hard do you think this would be to generalize to support other programming languages?

   I see you are using tree-sitter which supports many languages, but I imagine a challenge might be CFGs and dependencies.

   I’ll add a Qlty plugin for this (https://github.com/qltysh/qlty) so it can be run with other code quality tools and reported back to GitHub as pass/fail commit statuses and comments. That way, the AI coding agents can take action based on the issues that pyscn finds directly in a cloud dev env.

9. Stream

   getstream.io featured

   Stream - Scalable APIs for Chat, Feeds, Moderation, & Video. Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.

   

10. pylyzer

    8 15 2,873 8.8 Rust

    A fast, feature-rich static code analyzer & language server for Python

    

11. mago

    9 4 2,107 9.9 Rust

    Mago is a toolchain for PHP that aims to provide a set of tools to help developers write better code.

    

    Project mention: Mago: A fast PHP toolchain written in Rust | news.ycombinator.com | 2025-09-13

12. crepe

    10 4 487 0.0 Rust

    Datalog compiler embedded in Rust as a procedural macro

    

13. debugoff

    11 1 329 0.0 Rust

    Linux anti-debugging and anti-analysis rust library

    

14. fta

    12 5 280 8.5 Rust

    Rust-based static analysis for TypeScript projects

    

    Project mention: Fast TypeScript (Code Complexity) Analyzer | news.ycombinator.com | 2025-10-24

15. phanalist

    13 8 145 3.8 Rust

    Performant static analyzer for PHP, which is extremely easy to use. It helps you catch common mistakes in your PHP code.

    

16. datadog-static-analyzer

    14 1 114 9.4 Rust

    Datadog Static Analyzer

    

17. l3x

    15 1 86 7.7 Rust

    AI-driven Static Analyzer. Supports Rust and Smart contracts: Solana based on Rust, Ethereum based on Solidity.

    

18. cpplumber

    16 1 86 10.0 Rust

    Static analysis tool based on clang, which detects source-to-binary information leaks in C and C++ projects

    

19. enderpy

    17 1 83 8.9 Rust

    Experimental Python Type Checker and LSP 🔎

    

20. treeedb

    18 1 79 5.9 Rust

    Generate Soufflé Datalog types, relations, and facts that represent ASTs from a variety of programming languages.

    

21. progge.rs

    19 4 38 0.0 Rust

    Program analysis playground for a simple, imperative language

    

22. depx

    20 1 14 5.9 Rust

    

    Project mention: AI as a Pair Programmer: How I Built depx in One Day | dev.to | 2025-12-13

    Yesterday I built depx, a CLI tool in Rust that analyzes JavaScript/TypeScript projects to understand what's really in your node_modules:

23. arch_test

    21 1 13 3.9 Rust

    Rule based architecture tests for rust

    

24. debtmap

    22 1 9 10.0 Rust

    Technical debt and risk analyzer that predicts bug hotspots by combining cognitive complexity, pattern recognition, coverage gaps, information theory, and git history.

    

    Project mention: Ask HN: What Are You Working On? (October 2025) | news.ycombinator.com | 2025-10-12

    I'm working on Debtmap - An open source Rust-based code complexity analyzer that tells you exactly which code to refactor and which code to test for maximum impact. Combines complexity metrics with test coverage data to identify the riskiest code in your codebase. Uses entropy analysis to reduce false positives by distinguishing genuinely complex code from repetitive patterns.

    https://github.com/iepathos/debtmap

25. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Rust Static Analysis related posts

• Fast TypeScript (Code Complexity) Analyzer

  1 project | news.ycombinator.com | 24 Oct 2025

• Developer Tooling #007

  4 projects | dev.to | 17 Oct 2025

• Show HN: Pyscn – Python code quality analyzer for vibe coders

  3 projects | news.ycombinator.com | 5 Oct 2025

• Software Needs an Independent Auditor

  1 project | news.ycombinator.com | 4 Aug 2025

• Claude Code now supports Hooks

  2 projects | news.ycombinator.com | 30 Jun 2025

• Show HN: Zizmor, static analysis for GitHub Actions

  1 project | news.ycombinator.com | 26 Jun 2025

• Zizmor: Static analysis tool for GitHub Actions

  1 project | news.ycombinator.com | 24 Mar 2025
• A note from our sponsor - InfluxDB
  www.influxdata.com | 23 Dec 2025

  InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com

Do not miss the trending Rust projects with our weekly report!