Skip to main content

Tags: static code analysis

Pylint is a source code, bug and quality checker for the Python programming language. It follows the style recommended by PEP 8, the Python style guide.

Erlend Oftedal

There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay update on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecu ...

Retire.js

Klocwork static code analysis and SAST tool for C, C++, C#, and Java identifies software security, quality, and reliability issues helping to enforce compliance with standards. Built for enterprise DevOps and DevSecOps, Klocwork scales to projects of any ...

Axivion GmbH

The Axivion Suite gives you the full range of Axivion analysis tools in one box. The Axivion Suite includes static code analysis, architecture analysis and effective tools for the detection of code smells. The Axivion Suite runs on Windows, Linux and Mac ...

Axivion Suite
Code Dx Inc.

Code Dx helps enterprises rapidly release more secure software, mitgates the risk of a breach, while helping you be faster and more agile.  Orchestrate tools Centralize and harmonize application security testing across all development pipelines in ...

Code Dx Enterprise

Astrée is a static code analyzer that proves the absence of run­time errors and invalid con­current behavior in safety-critical software written or gen­er­ated in C. Astrée primarily targets embedded applications as found in aero­nautics, earth trans­por ...

ECLAIR is a general platform for software verification. Applications range from coding rule validation, to automatic generation of testcases, to the proof of absence of run-time errors or generation of counterexamples, and to the specification of code mat ...

ECLAIR
Gimpel Software LLC

PC-Lint Plus is a comprehensive static analysis solution for C and C++.  Comply with Safety Standards Enforce compliance with industry coding standards including MISRA, AUTOSTAR, and CERT C, customise detection of individual guidelines and easily s ...

PC-lint Plus
OpenStack Security Group

Bandit is a tool designed to find common security issues in Python code. By processing files, building an AST and running appropriate plugins against the AST nodes, Bandit is able to generate a report once it has finished scanning code.

bandit

SpotBugs is a program which uses static analysis to look for bugs in Java code. SpotBugs is capable of checking for more than 400 bug patterns and can be used standalone or through many integrations including: Ant, Maven, Gradel, Eclipse. 

SpotBugs

CodePeer is an Ada source code analyzer that detects run-time and logic errors. It assesses potential bugs before program execution, serving as an automated peer reviewer, helping to find errors easily at any stage of the development life-cycle. CodePeer ...

Continuous Inspection - SonarQube provides the capability to not only show health of an application but also to highlight issues newly introduced. With a Quality Gate in place, you can fix the leak and therefore improve code quality systematically. Detec ...

Automatically scan your code to identify and remediate vulnerabilities. Compliant with the most stringent security standards, such as OWASP and CWE, Kiuwan Code Security covers all important languages and integrates with leading DevOps tools. Make I ...

Code Security (SAST)

Deliver C and C++ software that’s robust, predictable, and secure. Manage risk and costs by building better software. Static analysis and unit testing are critical for application quality, security, and safety, and the cornerstone of any connected-applic ...

Parasoft C/C++test

Complement your existing Visual Studio tools with deep static analysis and advanced coverage. An automated, non-invasive solution that scans the application codebase to identify issues before they become production problems, Parasoft dotTEST integrates i ...

Parasoft dotTEST

Parasoft Jtest enables you to accelerate Java software development while minimizing risks introduced into the code, by providing comprehensive analysis, guidance, and tools to get the job done. Jtest integrates with Parasoft DTP for sophisticated reportin ...

The Mathworks, Inc.

Polyspace®static code analysis products use formal methods to prove the absence of critical run-time errors under all possible control flows and data flows. They include checkers for coding rules, security vulnerabilities, code metrics, and hundreds of ad ...

Snappy Tick Source Edition(SAST) is a source code review tool, it helps to identify the Vulnerability during static code review. Consider an in-line auditing approaches will identify the largest amount of most significant security issues in your applicati ...

Snappytick

OCLint is a static code analysis tool for improving quality and reducing defects by inspecting C, C++ and Objective-C code and looking for potential problems like: Possible bugs - empty if/else/try/catch/finally statements Unused code - unused local v ...

David Wheeler

Flawfinder is a simple program that examines C/C++ source code and reports possible security weaknesses (“flaws”) sorted by risk level. It’s very useful for quickly finding and removing at least some potential security problems before a program is widely ...