diff --git a/README.md b/README.md
index e9f24accd..d65e8d118 100644
--- a/README.md
+++ b/README.md
@@ -167,7 +167,7 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
-- [STOKE](https://github.com/StanfordPL/stoke) :warning: — A programming-language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations.
+- [STOKE](https://github.com/StanfordPL/stoke) — A programming-language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations.
@@ -522,7 +522,7 @@ By default, govulncheck makes requests to the Go vulnerability database at https
- [revive](https://revive.run) — Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint.
-- [safesql](https://github.com/stripe/safesql) :warning: — Static analysis tool for Golang that protects against SQL injections.
+- [safesql](https://github.com/stripe/safesql) — Static analysis tool for Golang that protects against SQL injections.
- [shisho](https://docs.shisho.dev/) — A lightweight static code analyzer designed for developers and security teams. It allows you to analyze and transform source code with an intuitive DSL similar to sed, but for code.
@@ -665,13 +665,13 @@ Its technology helps developers automate testing, find bugs, and reduce manual l
- [retire.js](https://retirejs.github.io/retire.js) — Scanner detecting the use of JavaScript libraries with known vulnerabilities.
-- [RSLint](http://rslint.org/) :warning: — A (WIP) JavaScript linter written in Rust designed to be as fast as possible, customizable, and easy to use.
+- [RSLint](http://rslint.org/) — A (WIP) JavaScript linter written in Rust designed to be as fast as possible, customizable, and easy to use.
- [standard](http://standardjs.com) — An npm module that checks for Javascript Styleguide issues.
- [tern](https://ternjs.net) — A JavaScript code analyzer for deep, cross-editor language support.
-- [TypL](https://typl.dev) :warning: — With TypL, you just write completely standard JS, and the tool figures out your types via powerful inferencing.
+- [TypL](https://typl.dev) — With TypL, you just write completely standard JS, and the tool figures out your types via powerful inferencing.
- [xo](https://github.com/xojs/xo) — Opinionated but configurable ESLint wrapper with lots of goodies included. Enforces strict and readable code.
@@ -828,7 +828,7 @@ A ktfmt IntelliJ plugin is available from the plugin repository. To install it,
- [Psalm](https://psalm.dev) — Static analysis tool for finding type errors in PHP applications.
-- [Qafoo Quality Analyzer](https://github.com/Qafoo/QualityAnalyzer) :warning: — Visualizes metrics and source code.
+- [Qafoo Quality Analyzer](https://github.com/Qafoo/QualityAnalyzer) — Visualizes metrics and source code.
- [rector](https://getrector.org) — Instant Upgrades and Automated Refactoring of any PHP 5.3+ code. It upgrades your code for PHP 7.4, 8.0 and beyond. Rector promises a low false-positive rate because it looks for narrowly defined AST (abstract syntax tree) patterns. The main use-case are tackling technical debt in your legacy code and removing dead code. Rector provides a set of special rules for Symfony, Doctrine, PHPUnit, and many more.
@@ -1010,15 +1010,15 @@ YAPF follows a distinctive methodology, originating from the 'clang-format' tool
- [quality](https://github.com/apiology/quality) — Runs quality checks on your code using community tools, and makes sure your numbers don't get any worse over time.
-- [Querly](https://github.com/soutaro/querly) :warning: — Pattern Based Checking Tool for Ruby.
+- [Querly](https://github.com/soutaro/querly) — Pattern Based Checking Tool for Ruby.
-- [Railroader](https://railroader.org) :warning: — An open source static analysis security vulnerability scanner for Ruby on Rails applications.
+- [Railroader](https://railroader.org) — An open source static analysis security vulnerability scanner for Ruby on Rails applications.
- [rails_best_practices](https://rails-bestpractices.com) — A code metric tool for Rails projects
- [reek](https://github.com/troessner/reek) — Code smell detector for Ruby.
-- [Roodi](https://github.com/roodi/roodi) :warning: — Roodi stands for Ruby Object Oriented Design Inferometer. It parses your Ruby code and warns you about design issues you have based on the checks that it has configured.
+- [Roodi](https://github.com/roodi/roodi) — Roodi stands for Ruby Object Oriented Design Inferometer. It parses your Ruby code and warns you about design issues you have based on the checks that it has configured.
- [RuboCop](https://docs.rubocop.org/rubocop) — A Ruby static code analyzer, based on the community Ruby style guide.
@@ -1030,7 +1030,7 @@ YAPF follows a distinctive methodology, originating from the 'clang-format' tool
- [rufo](https://github.com/ruby-formatter/rufo) — An opinionated ruby formatter, intended to be used via the command line as a text-editor plugin, to autoformat files on save or on demand.
-- [Saikuro](https://metricfu.github.io/Saikuro) :warning: — A Ruby cyclomatic complexity analyzer.
+- [Saikuro](https://metricfu.github.io/Saikuro) — A Ruby cyclomatic complexity analyzer.
- [SandiMeter](https://rubygems.org/gems/sandi_meter) :warning: — Static analysis tool for checking Ruby code for Sandi Metz' rules.
@@ -1089,9 +1089,9 @@ It removes a feature of a dependency and then compiles the project to see if it
- [Prusti](https://www.pm.inf.ethz.ch/research/prusti.html) — A static verifier for Rust, based on the Viper verification infrastructure. By default Prusti verifies absence of panics by proving that statements such as unreachable!() and panic!() are unreachable.
-- [Rudra](https://github.com/sslab-gatech/Rudra) :warning: — Rust Memory Safety & Undefined Behavior Detection. It is capable of analyzing single Rust packages as well as all the packages on crates.io.
+- [Rudra](https://github.com/sslab-gatech/Rudra) — Rust Memory Safety & Undefined Behavior Detection. It is capable of analyzing single Rust packages as well as all the packages on crates.io.
-- [Rust Language Server](https://github.com/rust-lang-nursery/rls) :warning: — Supports functionality such as 'goto definition', symbol search, reformatting, and code completion, and enables renaming and refactorings.
+- [Rust Language Server](https://github.com/rust-lang-nursery/rls) — Supports functionality such as 'goto definition', symbol search, reformatting, and code completion, and enables renaming and refactorings.
- [rust-analyzer](https://rust-analyzer.github.io) — Supports functionality such as 'goto definition', type inference, symbol search, reformatting, and code completion, and enables renaming and refactorings.
@@ -1103,7 +1103,7 @@ It removes a feature of a dependency and then compiles the project to see if it
- [RustViz](https://github.com/rustviz/rustviz) — RustViz is a tool that generates visualizations from simple Rust programs to assist users in better understanding the Rust Lifetime and Borrowing mechanism. It generates SVG files with graphical indicators that integrate with mdbook to render visualizations of data-flow in Rust programs.
-- [warnalyzer](https://github.com/est31/warnalyzer) :warning: — Show unused code from multi-crate Rust projects
+- [warnalyzer](https://github.com/est31/warnalyzer) — Show unused code from multi-crate Rust projects
@@ -1115,7 +1115,7 @@ It removes a feature of a dependency and then compiles the project to see if it
- [sleek](https://github.com/nrempel/sleek) — Sleek is a CLI tool for formatting SQL. It helps you maintain a consistent style across your SQL code, enhancing readability and productivity. The heavy lifting is done by the sqlformat crate.
-- [sqlcheck](https://github.com/jarulraj/sqlcheck) :warning: — Automatically identify anti-patterns in SQL queries.
+- [sqlcheck](https://github.com/jarulraj/sqlcheck) — Automatically identify anti-patterns in SQL queries.
- [SQLFluff](https://www.sqlfluff.com/) — Multiple dialect SQL linter and formatter.
@@ -1125,7 +1125,7 @@ It removes a feature of a dependency and then compiles the project to see if it
- [tsqllint](https://github.com/tsqllint/tsqllint) — T-SQL-specific linter.
-- [TSqlRules](https://github.com/ashleyglee/TSqlRules) :warning: — TSQL Static Code Analysis Rules for SQL Server.
+- [TSqlRules](https://github.com/ashleyglee/TSqlRules) — TSQL Static Code Analysis Rules for SQL Server.
- [Visual Expert](https://www.visual-expert.com) :copyright: — Code analysis for PowerBuilder, Oracle, and SQL Server Explores, analyzes, and documents Code
@@ -1248,6 +1248,8 @@ TSLint is an extensible static analysis tool that checks TypeScript code for rea
- [biome](https://biomejs.dev) — A toolchain for web projects, aimed to provide functionalities to maintain them. Biome formats and lints code in a fraction of a second. It is the successor to Rome. It is designed to eventually replace Biome is designed to eventually replace Babel, ESLint, webpack, Prettier, Jest, and others.
+- [BugProve](https://www.bugprove.com) :copyright: — BugProve is a firmware analysis platform featuring both static and dynamic analysis techniques to discover memory corruptions, command injections and other classes or common weaknesses in binary code. It also detects vulnerable dependencies, weak cryptographic parameters, misconfigurations, and more.
- [callGraph](https://github.com/koknat/callGraph) — Statically generates a call graph image and displays it on screen.
- [CAST Highlight](https://www.castsoftware.com/products/highlight) :copyright: — Commercial Static Code Analysis which runs locally, but uploads the results to its cloud for presentation.
@@ -1388,7 +1390,7 @@ TSLint is an extensible static analysis tool that checks TypeScript code for rea
- [Qwiet AI](https://qwiet.ai/) :copyright: — Identify vulnerabilities that are unique to your code base before they reach production. Leverages the Code Property Graph (CPG) to run its analyses concurrently in a single graph of graphs. Automatically finds business logic flaws in dev like hardcoded secrets and logic bombs
-- [Refactoring Essentials](https://marketplace.visualstudio.com/items?itemName=SharpDevelopTeam.RefactoringEssentialsforVisualStudio) :warning: — The free Visual Studio 2015 extension for C# and VB.NET refactorings, including code best practice analyzers.
+- [Refactoring Essentials](https://marketplace.visualstudio.com/items?itemName=SharpDevelopTeam.RefactoringEssentialsforVisualStudio) — The free Visual Studio 2015 extension for C# and VB.NET refactorings, including code best practice analyzers.
- [relint](https://github.com/codingjoe/relint) — A static file linter that allows you to write custom rules using regular expressions (RegEx).
@@ -1396,7 +1398,7 @@ TSLint is an extensible static analysis tool that checks TypeScript code for rea
- [RIPS](https://www.ripstech.com) :copyright: — A static source code analyser for vulnerabilities in PHP scripts.
-- [Rome](https://rome.tools/) — Rome was a linter, compiler, bundler, and [more](https://rome.tools/#development-status) for JavaScript, TypeScript, JSON, HTML, Markdown, and CSS. It has since been succeeded by [biome](https://biomejs.dev/).
+- [Rome](https://rome.tools/) :warning: — Rome was a linter, compiler, bundler, and [more](https://rome.tools/#development-status) for JavaScript, TypeScript, JSON, HTML, Markdown, and CSS. It has since been succeeded by [biome](https://biomejs.dev/).
- [Rome Formatter](https://rome.tools/blog/2022/04/05/rome-formatter-release) :warning: — A performant and fault-tolerant code formatter for JS/TS written in Rust. Superceded by [biome](https://biomejs.dev/).
@@ -1481,7 +1483,7 @@ TSLint is an extensible static analysis tool that checks TypeScript code for rea
- [WhiteHat Application Security Platform](https://www.whitehatsec.com/platform/static-application-security-testing) :copyright: — WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10.
-- [Wotan](https://github.com/fimbullinter/wotan) :warning: — Pluggable TypeScript and JavaScript linter.
+- [Wotan](https://github.com/fimbullinter/wotan) — Pluggable TypeScript and JavaScript linter.
- [XCode](https://developer.apple.com/xcode) :copyright: — XCode provides a pretty decent UI for [Clang's](https://clang-analyzer.llvm.org/xcode.html) static code analyzer (C/C++, Obj-C).
@@ -1589,7 +1591,7 @@ Loading address: binbloom can parse a raw binary firmware and determine its load
- [sass-lint](https://github.com/sasstools/sass-lint) :warning: — A Node-only Sass linter for both sass and scss syntax.
-- [scsslint](https://github.com/brigade/scss-lint) — Linter for SCSS files.
+- [scsslint](https://github.com/brigade/scss-lint) :warning: — Linter for SCSS files.
- [Specificity Graph](https://jonassebastianohlsson.com/specificity-graph) — CSS Specificity Graph Generator.
@@ -1876,7 +1878,7 @@ It is inspired by, contains code from and is designed to stay close to [Kubeval]
- [paprika](https://github.com/GeoffreyHecht/paprika) :warning: — A toolkit to detect some code smells in analyzed Android applications.
-- [qark](https://github.com/linkedin/qark) :warning: — Tool to look for several security related Android application vulnerabilities.
+- [qark](https://github.com/linkedin/qark) — Tool to look for several security related Android application vulnerabilities.
- [redex](https://fbredex.com) — Redex provides a framework for reading, writing, and analyzing .dex files, and a set of optimization passes that use this framework to improve the bytecode. An APK optimized by Redex should be smaller and faster.
diff --git a/data/api/tools.json b/data/api/tools.json
index 1c9b6a5b5..bc7905f19 100644
--- a/data/api/tools.json
+++ b/data/api/tools.json
@@ -1457,6 +1457,47 @@
"demos": null,
"wrapper": null
+ "bugprove": {
+ "name": "BugProve",
+ "categories": [
+ "linter"
+ ],
+ "languages": [
+ "asm",
+ "c",
+ "cpp"
+ ],
+ "other": [
+ "binary",
+ "security"
+ ],
+ "licenses": [
+ "proprietary"
+ ],
+ "types": [
+ "cli"
+ ],
+ "homepage": "https://www.bugprove.com",
+ "source": null,
+ "pricing": null,
+ "plans": {
+ "free": true
+ },
+ "description": "BugProve is a firmware analysis platform featuring both static and dynamic analysis techniques to discover memory corruptions, command injections and other classes or common weaknesses in binary code. It also detects vulnerable dependencies, weak cryptographic parameters, misconfigurations, and more.",
+ "discussion": null,
+ "deprecated": null,
+ "resources": [
+ {
+ "title": "BugProve Product Intro by John Hammond",
+ "url": "https://www.youtube.com/watch?v=orTvsOlFS5k"
+ }
+ ],
+ "reviews": [
+ "https://www.g2.com/products/bugprove/reviews"
+ ],
+ "demos": null,
+ "wrapper": null
+ },
"bundler-audit": {
"name": "bundler-audit",
"categories": [
@@ -14278,7 +14319,7 @@
"plans": null,
"description": "Visualizes metrics and source code.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,
@@ -14305,7 +14346,7 @@
"plans": null,
"description": "Tool to look for several security related Android application vulnerabilities.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,
@@ -14419,7 +14460,7 @@
"plans": null,
"description": "Pattern Based Checking Tool for Ruby.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,
@@ -14545,7 +14586,7 @@
"plans": null,
"description": "An open source static analysis security vulnerability scanner for Ruby on Rails applications.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,
@@ -14731,7 +14772,7 @@
"plans": null,
"description": "The free Visual Studio 2015 extension for C# and VB.NET refactorings, including code best practice analyzers.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,
@@ -15126,7 +15167,7 @@
"plans": null,
"description": "Rome was a linter, compiler, bundler, and [more](https://rome.tools/#development-status) for JavaScript, TypeScript, JSON, HTML, Markdown, and CSS. It has since been succeeded by [biome](https://biomejs.dev/).",
"discussion": null,
- "deprecated": null,
+ "deprecated": true,
"resources": null,
"reviews": null,
"demos": null,
@@ -15187,7 +15228,7 @@
"plans": null,
"description": "Roodi stands for Ruby Object Oriented Design Inferometer. It parses your Ruby code and warns you about design issues you have based on the checks that it has configured.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,
@@ -15324,7 +15365,7 @@
"plans": null,
"description": "A (WIP) JavaScript linter written in Rust designed to be as fast as possible, customizable, and easy to use.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,
@@ -15466,7 +15507,7 @@
"plans": null,
"description": "Rust Memory Safety & Undefined Behavior Detection. It is capable of analyzing single Rust packages as well as all the packages on crates.io.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,
@@ -15608,7 +15649,7 @@
"plans": null,
"description": "Supports functionality such as 'goto definition', symbol search, reformatting, and code completion, and enables renaming and refactorings.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,
@@ -15745,7 +15786,7 @@
"plans": null,
"description": "Static analysis tool for Golang that protects against SQL injections.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,
@@ -15772,7 +15813,7 @@
"plans": null,
"description": "A Ruby cyclomatic complexity analyzer.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,
@@ -16069,7 +16110,7 @@
"plans": null,
"description": "Linter for SCSS files.",
"discussion": null,
- "deprecated": null,
+ "deprecated": true,
"resources": null,
"reviews": null,
"demos": null,
@@ -17249,7 +17290,7 @@
"plans": null,
"description": "Automatically identify anti-patterns in SQL queries.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": [
"title": "SQLCheck: Automated Detection and Diagnosis of SQL Anti-Patterns",
@@ -17752,7 +17793,7 @@
"plans": null,
"description": "A programming-language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,
@@ -18957,7 +18998,7 @@
"plans": null,
"description": "TSQL Static Code Analysis Rules for SQL Server.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,
@@ -19157,7 +19198,7 @@
"plans": null,
"description": "With TypL, you just write completely standard JS, and the tool figures out your types via powerful inferencing.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,
@@ -19954,7 +19995,7 @@
"plans": null,
"description": "Show unused code from multi-crate Rust projects",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,
@@ -20184,7 +20225,7 @@
"plans": null,
"description": "Pluggable TypeScript and JavaScript linter.",
"discussion": null,
- "deprecated": true,
+ "deprecated": null,
"resources": null,
"reviews": null,
"demos": null,