Skip to main content

Tags: Static Code Analysis

Cppcheck is a static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to de ...

Cppcheck

PVS-Studio is a tool for bug detection in the source code of programs, written in C, C++, and C#. It works in Windows and Linux environment. PVS-Studio performs static code analysis and generates a report that helps a programmer find and fix bugs. PVS-St ...

PVS-Studio
Justin - presidentbeef

Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development.

Brakeman - Rails Security Scanner

AppScan delivers application security testing tools to ensure your business, and your customers, are not vulnerable to attacks. Detect application vulnerabilities before they become a problem, remediate them and ensure compliance with regulations. Four pr ...

HCL AppScan

Veracode Static Analysis provides automated feedback to developers in the IDE and CI/CD pipeline, conducts a full Policy Scan before deployment, and gives clear guidance on how to find, prioritise, and remediate issues. Veracode Static Analysis supports ...

Veracode Static Analysis

Veracode Discovery helps manage your web attack surface by discovering and inventorying all public-facing applications - inside and outside the IP range - providing a workflow to scan sites for vulnerabilities. Discovery can be used alone to simply di ...

Veracode Web Application Scanning
Synopsys, Inc.

Synopsys Static Analysis (Coverity) is a fast, accurate and scalable static analysis (SAST) solution that helps development and security teams address security and quality defects early in the software development lifecycle. Track and manage risks ac ...

VCG is an automated code security review tool for C++, C#, VB, PHP, Java and PL/SQL which is intended to drastically speed up the code review process by identifying bad/insecure code. It has a few features that should make it useful. In addition to perfo ...

VisualCodeGrepper

PMD

PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, XML, XSL. Additionally it includes CPD, the copy-paste-detector. CPD find ...

PMD

CodeNarc analyzes Groovy code for defects, bad practices, inconsistencies, style issues and more. A flexible framework for rules, rulesets and custom rules means it's easy to configure CodeNarc to fit into your project.

CodeNarc

Checkmarx SAST (CxSAST) is an enterprise-grade static analysis solution used to identify hundreds of security vulnerabilities in custom code. It is used by development, DevOps, and security teams to scan source code early in the SDLC, identify vulnerabili ...

CheckMarx Static Application Security Testing
GrammaTech Inc

CodeSonar is GrammaTech's flagship static analysis software, designed for zero-tolerance defect environments. CodeSonar analyzes source code and binaries, identifying programming bugs that can result in system crashes, memory corruption, leaks, data races ...

Snyk provides security products across the cloud native application stack, securing all the components of the modern cloud native application in a single platform.   Open Source Security Automatically find, prioritise and fix vulnerabilities in yo ...

Snyk
Facebook Open Source

Infer is a static analysis tool - if you give Infer some Java or C/C++/Objective-C code it produces a list of potential bugs. Anyone can use Infer to intercept critical bugs before they have shipped to users, and help prevent crashes or poor performance.

Infer

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.