Static Code AnalysisRSS

Static Code Analysis

Developing secure code is a difficult task.  The days of human, manual "Peer Review" as the only point in the development life cycle to identify code defects are over.  As the industry shifts to adopting tools that detect flaws, static code analysis (SCA) has become an important part of creating quality code.

Static code analysis quickly and automatically checks the code to discover security flaws and issues that might be missed by people.  It functions by reviewing the code without actually executing the code,  This can be done at a source code level (Source Code Analysis - SCA) or binary level (Binary Code Analysis, BCA).

Additonal Information
Open Source
Pricing Model

VCG is an automated code security review tool for C++, C#, VB, PHP, Java and PL/SQL which is intended to drastically speed up the code review process by identifying bad/insecure code. It has a few features that should make it useful. In addition to perfo ...

Modified
VisualCodeGrepper
David Wheeler
Open Source
Pricing Model

Flawfinder is a simple program that examines C/C++ source code and reports possible security weaknesses (“flaws”) sorted by risk level. It’s very useful for quickly finding and removing at least some potential security problems before a program is widely ...

Modified
Open Source
Pricing Model

Cppcheck is a static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to de ...

Modified
Cppcheck
Commercial
Pricing Model

PVS-Studio is a tool for bug detection in the source code of programs, written in C, C++, and C#. It works in Windows and Linux environment. PVS-Studio performs static code analysis and generates a report that helps a programmer find and fix bugs. PVS-St ...

Modified
PVS-Studio
Justin - presidentbeef
Open Source
Pricing Model

Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development.

Modified
Brakeman - Rails Security Scanner
Commercial
Pricing Model

AppScan delivers application security testing tools to ensure your business, and your customers, are not vulnerable to attacks. Detect application vulnerabilities before they become a problem, remediate them and ensure compliance with regulations. Four pr ...

Modified
HCL AppScan
Commercial
Pricing Model

Veracode Static Analysis provides automated feedback to developers in the IDE and CI/CD pipeline, conducts a full Policy Scan before deployment, and gives clear guidance on how to find, prioritise, and remediate issues. Veracode Static Analysis supports ...

Modified
Veracode Static Analysis
Commercial
Pricing Model

Veracode Discovery helps manage your web attack surface by discovering and inventorying all public-facing applications - inside and outside the IP range - providing a workflow to scan sites for vulnerabilities. Discovery can be used alone to simply di ...

Modified
Veracode Web Application Scanning
Synopsys, Inc.
Commercial
Pricing Model

Synopsys Static Analysis (Coverity) is a fast, accurate and scalable static analysis (SAST) solution that helps development and security teams address security and quality defects early in the software development lifecycle. Track and manage risks ac ...

Modified
Freeware
Pricing Model

OCLint is a static code analysis tool for improving quality and reducing defects by inspecting C, C++ and Objective-C code and looking for potential problems like: Possible bugs - empty if/else/try/catch/finally statements Unused code - unused local v ...

Modified

PMD

Freeware
Pricing Model

PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, XML, XSL. Additionally it includes CPD, the copy-paste-detector. CPD find ...

Modified
PMD
Freeware
Pricing Model

CodeNarc analyzes Groovy code for defects, bad practices, inconsistencies, style issues and more. A flexible framework for rules, rulesets and custom rules means it's easy to configure CodeNarc to fit into your project.

Modified
CodeNarc
Commercial
Pricing Model

Checkmarx SAST (CxSAST) is an enterprise-grade static analysis solution used to identify hundreds of security vulnerabilities in custom code. It is used by development, DevOps, and security teams to scan source code early in the SDLC, identify vulnerabili ...

Modified
CheckMarx Static Application Security Testing
GrammaTech Inc
Commercial
Pricing Model

CodeSonar is GrammaTech's flagship static analysis software, designed for zero-tolerance defect environments. CodeSonar analyzes source code and binaries, identifying programming bugs that can result in system crashes, memory corruption, leaks, data races ...

Modified
CodeSonar
Aditya Agrawall
Freeware
Pricing Model

Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick.This is a one stop answer for all the tools needed in Android Application Security Assessme ...

Modified
FrontEndART Ltd.
Commercial
Pricing Model

SourceMeter is an innovative tool built for the precise static source code analysis of C/C++, Java, C#, Python, and RPG projects. This tool makes it possible to find the weak spots of a system under development from the source code only, without the need ...

Modified
SourceMeter
Commercial
Pricing Model

Snyk continuously monitors your application's dependencies and lets you quickly respond when new vulnerabilities are disclosed. Find Javascript, Ruby, Python, Scala and Java vulnerabilities with Snyk CLI Check all your Javascript, Ruby, Python, Scala ...

ModifiedNever
Snyk
Facebook Open Source
Freeware
Pricing Model

Infer is a static analysis tool - if you give Infer some Java or C/C++/Objective-C code it produces a list of potential bugs. Anyone can use Infer to intercept critical bugs before they have shipped to users, and help prevent crashes or poor performance.

ModifiedNever
Freeware
Pricing Model

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

ModifiedNever
Freeware
Pricing Model

SpotBugs is a program which uses static analysis to look for bugs in Java code.

ModifiedNever

© Computer Network Defence Limited 2021