TOP 40 Static Code Analysis Tools (Best Source Code Analysis Tools)

Raxis is a cybersecurity company with ethical hacking (red team) experience. Years of penetration testing and general mischief-making have taught us that there’s always a way in. We’ll find it — and help you keep the bad guys out.

Static code analysis tool for web application security

PVS-Studio is a useful piece of software for detecting problems in source code. The software examines program codes written in C, C++, and C# for any problems that might prohibit the code from functioning properly.

Examining suspicious code fragments in AWS SDK for .NET about 3 months ago

I checked the code with the PVS-Studio analyzer using the plugin for Visual Studio.

 Learn how Kiuwan's Code Security (SAST) identifies and remediates cyber threats with a DevSecOps approach in a collaborative environment, with seamless integration in your SDLC.

Peer Code Review

How I go with react native in late 2022 about 10 months ago:

Having a code review and analysis tool in CI/CD pipeline can help developers to keep their code clean. Some examples of these tools are sonarqube and embold.

This hasn't been added to SaaSHub yet

This hasn't been added to SaaSHub yet

An all-in-one Static Code Analysis + SAST tool for PowerBuilder, Oracle and SQL Server

Veracode's application security software products are simpler and more scalable to increase the resiliency of your application infrastructure.

Complete application security as a service (AppSec SaaS) solution with SAST, DAST, IAST, RASP, SCA (open source security), and developer security training.

This hasn't been added to SaaSHub yet

Find and fix defects in your Java, C/C++ or C# open source project for free

I created this point of sale system for restaurants and... about almost 2 years ago:

You can use Coverity for free on open source code. I use it on an app I open sourced for packet processing. https://scan.coverity.com/.

Record, edit, publish, and host your podcast

Best Zoom alternative for online recording? about 10 months ago:

Cast is an online solution for podcasting and online recording. It records audio and video locally and syncs it to the cloud, which allows users not to worry about Internet connection failures and ensures high quality of the recorded content. The tool isn’t overloaded with features and isn't pricey.

CodeSonar, produced by GrammaTech, is source and binary code analysis software that finds critical defects that can crash systems, result in unexpected operations, threaten security, and more.

Combines a powerful Code Editor together with an impressive array of static analysis tools that will change the way you work with code.

paid Free Trial

Discontinue Sourcetrail about about 2 years ago

Https://lattix.com/ can produce impact reports showing “changing X affects A, B and Y on the first level which in turn affects C, D, E, F and Z on the second level” and so on… https://scitools.com/ Understand can answer similar questions and tries to perform flow analysis “through” function pointers as well.

Code Compare is an advanced file and folder comparison tool. Its intuitive interface allows you to merge differing files and folders fast and easily! And it's FREE!

freemium $69.95 / Annually

The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C...

Static Code analysis about 6 months ago:

No one static analyzer catches everything. It's best to run multiple. Popular ones are cppcheck, clang-analyzer, GCC static analyzer in GCC 10+, flawfinder, lizard.

CppDepend is used by developers to measure, understand and improve their C & C++ code quality.

Klocwork is a static code analysis and SAST tool for C, C++, C#, Java, and JavaScript.

Cppcheck is an analysis tool for C/C++ code. It detects the types of bugs that the compilers normally fail to detect. The goal is no false positives. CppCheckDownload cppcheck for free.

Enforcing Memory Safety? about 4 months ago:

Using infer, someone else exploited null-dereference checks to introduce simple affine types in C++. Cppcheck also checks for null-dereferences. Unfortunately, that approach means that borrow-counting references have a larger sizeof than non-borrow counting references, so optimizing the count away potentially changes the semantics of a program which introduces a whole new way of writing subtly wrong code.

Perforce Helix QAC is a handy, reliable, and highly rated Static Code Analysis solution that aids you in the process of finding vulnerabilities and problems within your C/C++ code.

This hasn't been added to SaaSHub yet

This hasn't been added to SaaSHub yet

This hasn't been added to SaaSHub yet

This hasn't been added to SaaSHub yet

JArchitect is used by developers to measure, understand and improve their Java code quality.

This hasn't been added to SaaSHub yet

"Watchtower monitors your competition's websites and alerts you to important changes instantly."

This hasn't been added to SaaSHub yet

This hasn't been added to SaaSHub yet

This hasn't been added to SaaSHub yet

This hasn't been added to SaaSHub yet

This hasn't been added to SaaSHub yet

SonarQube, a core component of the Sonar solution, is an open source, self-managed tool that systematically helps developers and organizations deliver Clean Code.

freemium $150.0 / Annually

Google: C++20, How Hard Could It Be about about 1 year ago:

Even for Java, C# and JS we do enforce such kind of rules, e.g. https://sonarqube.org.

This hasn't been added to SaaSHub yet

A unofficial Framer for Web desktop app for Mac

Semmle analytics platform that provides data-driven software engineering for visibility for every project, location, team and timeframe.

PMD scans Java source code and looks for potential problems like:

Findbugs is a tool that looks for bugs in Java code. Findbugs finds the bugs by analyzing computer software without actually executing programs. Using this software allows for easy debugging and repairing broken script. Read more about FindBugs.

Scanning for flaws? about almost 2 years ago

The tools generally depend on the programming language. You might be looking for something like a "linter" or static analyzer (i.e. FindBugs for Java).

HCL Software Site

David A. Wheeler's Page for Flawfinder

Splint Home Page

C-rusted: The Advantages of Rust, in C, without the... about 8 months ago

Whenever I see people talk about the portability or compatibility advantages of C, I'm reminded of how "even C isn't compatible with C", because you typically aren't talking about up-to-date GCC or LLVM on these niche platforms... you're talking about some weird or archaic vendor-provided compiler... Possibly with syntax extensions that static analyzers like splint will choke on. (Splint can't even understand near...

This hasn't been added to SaaSHub yet

This hasn't been added to SaaSHub yet

This hasn't been added to SaaSHub yet

New JSHint website. Anton Kovalyov Oct 1st, 2013. For the last couple of weeks I've been working on a new homepage for JSHint and today I'm proud to announce the new jshint. com! JSHint Website.

Trouble with Syntax about 3 months ago

Also, if you are going to code for this sheet and do not know about the website jshint.com, you need to know about jshint.com.

DeepScan is a static analysis tool for JavaScript that helps you to find security vulnerabilities and programming mistakes in your code.

free-for.dev about 11 months ago:

Deepscan.io — Advanced static analysis for automatically finding runtime errors in JavaScript code, free for Open Source.