Software Alternatives & Reviews

TOP 40 Static Code Analysis Tools (Best Source Code Analysis Tools)

Recommended and mentioned products

  1. Raxis is a cybersecurity company with ethical hacking (red team) experience. Years of penetration testing and general mischief-making have taught us that there’s always a way in. We’ll find it — and help you keep the bad guys out.

  2. Static code analysis tool for web application security

  3. PVS-Studio is a useful piece of software for detecting problems in source code. The software examines program codes written in C, C++, and C# for any problems that might prohibit the code from functioning properly.

    Examining suspicious code fragments in AWS SDK for .NET about 3 months ago

    I checked the code with the PVS-Studio analyzer using the plugin for Visual Studio.
  4.  Learn how Kiuwan's Code Security (SAST) identifies and remediates cyber threats with a DevSecOps approach in a collaborative environment, with seamless integration in your SDLC.

  5. Peer Code Review

    How I go with react native in late 2022 about 10 months ago:

    Having a code review and analysis tool in CI/CD pipeline can help developers to keep their code clean. Some examples of these tools are sonarqube and embold.
  6. r

    reshift

    This hasn't been added to SaaSHub yet

  7. ECS

    Empear Code Scene

    This hasn't been added to SaaSHub yet

  8. An all-in-one Static Code Analysis + SAST tool for PowerBuilder, Oracle and SQL Server

  9. Veracode's application security software products are simpler and more scalable to increase the resiliency of your application infrastructure.

  10. Complete application security as a service (AppSec SaaS) solution with SAST, DAST, IAST, RASP, SCA (open source security), and developer security training.

  11. PSA

    Parasoft Static Analysis

    This hasn't been added to SaaSHub yet

  12. Find and fix defects in your Java, C/C++ or C# open source project for free

    I created this point of sale system for restaurants and... about almost 2 years ago:

    You can use Coverity for free on open source code. I use it on an app I open sourced for packet processing. https://scan.coverity.com/.
  13. Record, edit, publish, and host your podcast

    Best Zoom alternative for online recording? about 10 months ago:

    Cast is an online solution for podcasting and online recording. It records audio and video locally and syncs it to the cloud, which allows users not to worry about Internet connection failures and ensures high quality of the recorded content. The tool isn’t overloaded with features and isn't pricey.
  14. CodeSonar, produced by GrammaTech, is source and binary code analysis software that finds critical defects that can crash systems, result in unexpected operations, threaten security, and more.

  15. Combines a powerful Code Editor together with an impressive array of static analysis tools that will change the way you work with code.

    paid Free Trial

    Discontinue Sourcetrail about about 2 years ago

    Https://lattix.com/ can produce impact reports showing “changing X affects A, B and Y on the first level which in turn affects C, D, E, F and Z on the second level” and so on… https://scitools.com/ Understand can answer similar questions and tries to perform flow analysis “through” function pointers as well.
  16. Code Compare is an advanced file and folder comparison tool. Its intuitive interface allows you to merge differing files and folders fast and easily! And it's FREE!

    freemium $69.95 / Annually

  17. The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C...

    Static Code analysis about 6 months ago:

    No one static analyzer catches everything. It's best to run multiple. Popular ones are cppcheck, clang-analyzer, GCC static analyzer in GCC 10+, flawfinder, lizard.
  18. CppDepend is used by developers to measure, understand and improve their C & C++ code quality.

  19. Klocwork is a static code analysis and SAST tool for C, C++, C#, Java, and JavaScript.

  20. Cppcheck is an analysis tool for C/C++ code. It detects the types of bugs that the compilers normally fail to detect. The goal is no false positives. CppCheckDownload cppcheck for free.

    Enforcing Memory Safety? about 4 months ago:

    Using infer, someone else exploited null-dereference checks to introduce simple affine types in C++. Cppcheck also checks for null-dereferences. Unfortunately, that approach means that borrow-counting references have a larger sizeof than non-borrow counting references, so optimizing the count away potentially changes the semantics of a program which introduces a whole new way of writing subtly wrong code.
  21. Perforce Helix QAC is a handy, reliable, and highly rated Static Code Analysis solution that aids you in the process of finding vulnerabilities and problems within your C/C++ code.

  22. G

    Goanna

    This hasn't been added to SaaSHub yet

  23. MPB

    Mathworks Polyspace Bug Finder

    This hasn't been added to SaaSHub yet

  24. S

    Sourcemeter

    This hasn't been added to SaaSHub yet

  25. CQA

    ConQAT

    This hasn't been added to SaaSHub yet

  26. JArchitect is used by developers to measure, understand and improve their Java code quality.

  27. OCL

    OCLint.org

    This hasn't been added to SaaSHub yet

  28. "Watchtower monitors your competition's websites and alerts you to important changes instantly."

  29. OWA

    OWASP Code Crawler

    This hasn't been added to SaaSHub yet

  30. OWA

    OWASP Orizon

    This hasn't been added to SaaSHub yet

  31. GPC

    Gimpel PC-lint

    This hasn't been added to SaaSHub yet

  32. IBM

    IBM Rational Software Analyzer

    This hasn't been added to SaaSHub yet

  33. bSE

    bugSeng Eclair

    This hasn't been added to SaaSHub yet

  34. SonarQube, a core component of the Sonar solution, is an open source, self-managed tool that systematically helps developers and organizations deliver Clean Code.

    freemium $150.0 / Annually

    Google: C++20, How Hard Could It Be about about 1 year ago:

    Even for Java, C# and JS we do enforce such kind of rules, e.g. https://sonarqube.org.
  35. R

    Rosecheckers

    This hasn't been added to SaaSHub yet

  36. A unofficial Framer for Web desktop app for Mac

  37. Semmle analytics platform that provides data-driven software engineering for visibility for every project, location, team and timeframe.

  38. PMD scans Java source code and looks for potential problems like:

  39. Findbugs is a tool that looks for bugs in Java code. Findbugs finds the bugs by analyzing computer software without actually executing programs. Using this software allows for easy debugging and repairing broken script. Read more about FindBugs.

    Scanning for flaws? about almost 2 years ago

    The tools generally depend on the programming language. You might be looking for something like a "linter" or static analyzer (i.e. FindBugs for Java).
  40. HCL Software Site

  41. David A. Wheeler's Page for Flawfinder

  42. Splint Home Page

    C-rusted: The Advantages of Rust, in C, without the... about 8 months ago

    Whenever I see people talk about the portability or compatibility advantages of C, I'm reminded of how "even C isn't compatible with C", because you typically aren't talking about up-to-date GCC or LLVM on these niche platforms... you're talking about some weird or archaic vendor-provided compiler... Possibly with syntax extensions that static analyzers like splint will choke on. (Splint can't even understand near...
  43. HFC

    Header Free Cyclomatic Complexity Analyzer

    This hasn't been added to SaaSHub yet

  44. C

    Cloc

    This hasn't been added to SaaSHub yet

  45. SLO

    SLOCCount

    This hasn't been added to SaaSHub yet

  46. New JSHint website. Anton Kovalyov Oct 1st, 2013. For the last couple of weeks I've been working on a new homepage for JSHint and today I'm proud to announce the new jshint. com! JSHint Website.

    Trouble with Syntax about 3 months ago

    Also, if you are going to code for this sheet and do not know about the website jshint.com, you need to know about jshint.com.
  47. DeepScan is a static analysis tool for JavaScript that helps you to find security vulnerabilities and programming mistakes in your code.

    free-for.dev about 11 months ago:

    Deepscan.io — Advanced static analysis for automatically finding runtime errors in JavaScript code, free for Open Source.