
Cppcheck
Clang Static Analyzer
Coverity Scan
lgtm.com
SonarQube
VisualCodeGrepper
Flawfinder
Parasoft C/C++test
OWASP Dependency-Track
Snyk
Quick License Manager
Open iT LicenseAnalyzerโข
LicenseSpring
VIZOR
WhiteSource Renovate
SCANOSS
Cppcheck
OWASP Dependency-TrackCppcheck is recommended for C/C++ developers and development teams, particularly those responsible for maintaining large codebases or projects where code quality and reliability are paramount. It is also beneficial for educational purposes, where students and new developers can learn about potential pitfalls in C/C++ programming.
OWASP Dependency-Track is ideal for security-conscious development teams, DevSecOps professionals, and organizations with a strong focus on application security. It is particularly beneficial for those using a wide array of open-source components who need to ensure ongoing compliance with security standards.
No OWASP Dependency-Track videos yet. You could help us improve this page by suggesting one.
Based on our record, OWASP Dependency-Track should be more popular than Cppcheck. It has been mentiond 20 times since March 2021. We are tracking product recommendations and mentions on various public social media platforms and blogs. They can help you identify which product is more popular and what people think of it.
I dedicated Sunday morning to going over the documentation of the linters we use in the project. The goal was to understand all options and use them in the best way for our project. Seeing their manuals side by side was nice because even very similar things are solved differently. Cppcheck is the most configurable and best documented; JSON Lint lies at the other end. - Source: dev.to / over 2 years ago
Using infer, someone else exploited null-dereference checks to introduce simple affine types in C++. Cppcheck also checks for null-dereferences. Unfortunately, that approach means that borrow-counting references have a larger sizeof than non-borrow counting references, so optimizing the count away potentially changes the semantics of a program which introduces a whole new way of writing subtly wrong code. Source: about 3 years ago
For my own projects, I used cppcheck. You can check out that tool to get a feel. Depending on what industry your in, you might need to follow a standard like Misra. Source: over 3 years ago
Https://cppcheck.sourceforge.io/ (there are many other static analysis tools, I just haven't used them or didn't care for them). Source: over 3 years ago
Sounds like something that could simply be communicated with the team that writes the tests. Unless you have dozens of such classes. In that case, you could just use e.g. Cppcheck and add a rule (regular expression) that searches for usages of the forbidden classes. Source: over 3 years ago
DependencyTrack is a great tool from OWASP for managing SBOMs and auditing vulnerabilities of used dependencies. DependencyTrack is built around projects. While a project type (e.g., Application, Container Image) is technically just a label, how you structure them matters. - Source: dev.to / 5 months ago
I've become interested in SBOM recently, and found there were great tools like https://dependencytrack.org/ for CycloneDX SBOMs, but all I have is SPDX SBOMs generated by GitHub. I decided to have a go at writing my own dependency track esque tool aiming to integrate with the APIs GitHub provides. It's pretty limited in functionality so far, but can give a high level summary of the types of licenses your... - Source: Hacker News / about 2 years ago
To detect these types of vulnerabilities, we should first and foremost know our dependencies and versions, and which of them have vulnerabilities. The OWASP Top 10 2021 identifies this need as A06:2021-Vulnerable and Outdated Components. OWASP has several tools for this, including Dependency Check and Dependency Track. These tools will warn about the use of components with vulnerabilities. - Source: dev.to / over 2 years ago
Https://dependencytrack.org/ You just need to use one of the various tools out there to scan. - Source: Hacker News / almost 3 years ago
OWASP Dependency Track - https://dependencytrack.org/. Source: about 3 years ago
Clang Static Analyzer - The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C...
Snyk - Snyk helps you use open source and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and much more.
Coverity Scan - Find and fix defects in your Java, C/C++ or C# open source project for free
Quick License Manager - Quick License Manager (QLM) is a license protection framework that creates professional and secure license keys to protect software against piracy.
lgtm.com - lgtm.com is a platform for code analytics.
Open iT LicenseAnalyzerโข - Align engineering software resources with business needs to reduce expenses