Tags: Static Code Analysis

Open Source
Pricing Model

VCG is an automated code security review tool for C++, C#, VB, PHP, Java and PL/SQL which is intended to drastically speed up the code review process by identifying bad/insecure code. It has a few features that should make it useful. In addition to perfo ...

Modified
VisualCodeGrepper
David Wheeler
Open Source
Pricing Model

Flawfinder is a simple program that examines C/C++ source code and reports possible security weaknesses (“flaws”) sorted by risk level. It’s very useful for quickly finding and removing at least some potential security problems before a program is widely ...

Modified
Open Source
Pricing Model

Cppcheck is a static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to de ...

Modified
Cppcheck
Commercial
Pricing Model

PVS-Studio is a tool for bug detection in the source code of programs, written in C, C++, and C#. It works in Windows and Linux environment. PVS-Studio performs static code analysis and generates a report that helps a programmer find and fix bugs. PVS-St ...

Modified
PVS-Studio
Justin - presidentbeef
Open Source
Pricing Model

Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development.

Modified
Brakeman - Rails Security Scanner
Commercial
Pricing Model

AppScan delivers application security testing tools to ensure your business, and your customers, are not vulnerable to attacks. Detect application vulnerabilities before they become a problem, remediate them and ensure compliance with regulations. Four pr ...

Modified
HCL AppScan
Commercial
Pricing Model

Veracode Static Analysis provides automated feedback to developers in the IDE and CI/CD pipeline, conducts a full Policy Scan before deployment, and gives clear guidance on how to find, prioritise, and remediate issues. Veracode Static Analysis supports ...

Modified
Veracode Static Analysis
Commercial
Pricing Model

Veracode Discovery helps manage your web attack surface by discovering and inventorying all public-facing applications - inside and outside the IP range - providing a workflow to scan sites for vulnerabilities. Discovery can be used alone to simply di ...

Modified
Veracode Web Application Scanning
Synopsys, Inc.
Commercial
Pricing Model

Synopsys Static Analysis (Coverity) is a fast, accurate and scalable static analysis (SAST) solution that helps development and security teams address security and quality defects early in the software development lifecycle. Track and manage risks ac ...

Modified
Freeware
Pricing Model

OCLint is a static code analysis tool for improving quality and reducing defects by inspecting C, C++ and Objective-C code and looking for potential problems like: Possible bugs - empty if/else/try/catch/finally statements Unused code - unused local v ...

Modified

PMD

Freeware
Pricing Model

PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, XML, XSL. Additionally it includes CPD, the copy-paste-detector. CPD find ...

Modified
PMD
Freeware
Pricing Model

CodeNarc analyzes Groovy code for defects, bad practices, inconsistencies, style issues and more. A flexible framework for rules, rulesets and custom rules means it's easy to configure CodeNarc to fit into your project.

Modified
CodeNarc
Commercial
Pricing Model

Checkmarx SAST (CxSAST) is an enterprise-grade static analysis solution used to identify hundreds of security vulnerabilities in custom code. It is used by development, DevOps, and security teams to scan source code early in the SDLC, identify vulnerabili ...

Modified
CheckMarx Static Application Security Testing
GrammaTech Inc
Commercial
Pricing Model

CodeSonar is GrammaTech's flagship static analysis software, designed for zero-tolerance defect environments. CodeSonar analyzes source code and binaries, identifying programming bugs that can result in system crashes, memory corruption, leaks, data races ...

Modified
Commercial
Pricing Model

Snyk provides security products across the cloud native application stack, securing all the components of the modern cloud native application in a single platform.   Open Source Security Automatically find, prioritise and fix vulnerabilities in yo ...

Modified
Snyk
Facebook Open Source
Freeware
Pricing Model

Infer is a static analysis tool - if you give Infer some Java or C/C++/Objective-C code it produces a list of potential bugs. Anyone can use Infer to intercept critical bugs before they have shipped to users, and help prevent crashes or poor performance.

Modified
Infer
Freeware
Pricing Model

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

ModifiedNever
Freeware
Pricing Model

SpotBugs is a program which uses static analysis to look for bugs in Java code. SpotBugs is capable of checking for more than 400 bug patterns and can be used standalone or through many integrations including: Ant, Maven, Gradel, Eclipse. 

Modified
SpotBugs
Erlend Oftedal
Freeware
Pricing Model

There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay update on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecu ...

Modified
Retire.js
Commercial
Pricing Model

Klocwork static code analysis and SAST tool for C, C++, C#, and Java identifies software security, quality, and reliability issues helping to enforce compliance with standards. Built for enterprise DevOps and DevSecOps, Klocwork scales to projects of any ...

Modified

© Computer Network Defence Limited 2021