Checkmarx
SonarQube
Coverity Scan
Veracode
Appknox
GitLab
HCL AppScan
Acunetix Vulnerability Scanner
Clang Static Analyzer
Cppcheck
SonarQube
Coverity Scan
Parasoft C/C++test
lgtm.com
PVS-Studio
LDRA Testbed
CheckmarxBased on our record, Clang Static Analyzer should be more popular than Checkmarx. It has been mentiond 7 times since March 2021. We are tracking product recommendations and mentions on various public social media platforms and blogs. They can help you identify which product is more popular and what people think of it.
Automate security testing: Use tools such as OWASP ZAP, SonarQube, or Checkmarx to automate security testing. This will help you identify security issues early in the development process and reduce the risk of vulnerabilities being introduced into your code. - Source: dev.to / about 1 year ago
Application Security (AppSec) is the forte of Checkmarx, which is an award-winning AppSec Testing tool that integrates security policies into the DevOps workflow and ensures security across the application lifecycle. Checkmarx scans all your code and provides actionable insights for critical vulnerabilities. Checkmarx also offers developer-friendly AppSec training that makes the transition to DevSecOps more... - Source: dev.to / over 2 years ago
Clang has a similar tool, the Clang Static Analyzer: https://clang-analyzer.llvm.org/. - Source: Hacker News / 29 days ago
Continuous Integration and Continuous Deployment [CI/CD] pipelines play a crucial role in enforcing code quality, especially when working with memory-unsafe languages. By integrating automated dynamic analysis tools like Valgrind or AddressSanitizer, static analysis tools like Clang Static Analyzer or cppcheck, and manual code review processes, developers can identify and mitigate many memory-related... - Source: dev.to / about 1 month ago
No one static analyzer catches everything. It's best to run multiple. Popular ones are cppcheck, clang-analyzer, GCC static analyzer in GCC 10+, flawfinder, lizard. Source: about 1 year ago
With "cross translation units" (CTU) analysis a static analyzer could derive a constraint on `some_function` return value and check this against the array size to detect a possible bug. The Clang static analyzer [1], used through CodeChecker (CC) [2], do support CTU (enabled with `--ctu`). I'm very happy with the result on the code I'm working on. Of course this is not magic, and it's important to understand the... - Source: Hacker News / over 1 year ago
Cppcheck and Clang Analyzer: statically analyze your code to find bad style and bugs (undefined behavior) respectively. Clang Analyzer can actually be frighteningly clever and has a low false positive rate (unlike most other non-commercial static checkers). Source: almost 2 years ago
SonarQube - SonarQube, a core component of the Sonar solution, is an open source, self-managed tool that systematically helps developers and organizations deliver Clean Code.
Cppcheck - Cppcheck is an analysis tool for C/C++ code. It detects the types of bugs that the compilers normally fail to detect. The goal is no false positives. CppCheckDownload cppcheck for free.
Coverity Scan - Find and fix defects in your Java, C/C++ or C# open source project for free
Veracode - Veracode's application security software products are simpler and more scalable to increase the resiliency of your application infrastructure.
Appknox - Appknox is a cloud-based mobile app security solution to detect threats and vulnerabilities in the app.
Parasoft C/C++test - Ensure compliance with a variety of functional safety, security, and coding standards in embedded C/C++ software.
