List of tools for static code analysis - Wikiwand
- ️Mon Nov 18 2024
Ada
This section is a sublist. Links here will take you to the full list on the top of this article.
C, C++
This section is a sublist. Links here will take you to the full list on the top of this article.
- Astree
- Axivion Suite (Bauhaus)
- BLAST
- Clang
- Coccinelle
- Coverity
- CPAchecker
- Cppcheck
- Cppdepend
- Cpplint
- ECLAIR
- Eclipse
- Fluctuat
- Frama-C
- GCC
- Helix QAC
- Facebook Infer
- Klocwork
- Lint
- LDRA Testbed
- Parasoft C/C++test
- PC-lint Plus
- Polyspace
- PVS-Studio
- SLAM project
- Sparse
- SonarQube
- Splint
- Understand
- Visual Studio
C#
This section is a sublist. Links here will take you to the full list on the top of this article.
IEC 61131-3
- CODESYS Static Analysis – integrated add-on for CODESYS (application code realized e.g. in ST, FBD, LD)
Java
More information Tool, Latest release ...
Tool | Latest release | Free software | Duplicate code |
Notes |
---|---|---|---|---|
Checkstyle | 2020-01-26 | Yes; LGPL | No | Besides some static code analysis, it can be used to show violations of a configured coding standard. Duplicate code detection was removed[13] from Checkstyle. |
Eclipse | 2017-06-28 | Yes; EPL | No | Cross-platform IDE with own set of several hundred code inspections available for analyzing code on-the-fly in the editor and bulk analysis of the whole project. Plugins for Checkstyle, FindBugs, and PMD. |
FindBugs | 2015-03-06 | Yes; LGPL | Based on Jakarta BCEL from the University of Maryland. SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community. | |
IntelliJ IDEA | 2021-04-06 | Yes; ASL 2 | Yes | A leading Java IDE with built-in code inspection and analysis. Plugins for Checkstyle, FindBugs, and PMD. |
JArchitect | 2017-06-11 | No; proprietary | Simplifies managing a complex code base by analyzing and visualizing code dependencies, defining design rules, doing impact analysis, and by comparing different versions of the code. | |
Jtest | 2024-11-01 (2024.2) | No; proprietary | Yes | Testing and static code analysis product by Parasoft. |
Soot | 2020-10-28 | Yes; LGPL | A language manipulation and optimization framework consisting of intermediate languages. | |
PMD | 2021-01-30 | Yes; BSD License | Yes | Static code analyzer with support for plugins, including CPD. PMD supports checking of several languages. |
Squale | 2011-05-26 | Yes; LGPL | A platform to manage software quality. | |
ThreadSafe | 2014-03-28 | No; proprietary | A static analysis tool focused on finding concurrency bugs. |
Close
This section is a sublist. Links here will take you to the full list on the top of this article.
JavaScript
- ESLint – JavaScript syntax checker and formatter.
- Google's Closure Compiler – JavaScript optimizer that rewrites code to be faster and smaller, and checks use of native JavaScript functions.
- CodeScene – Behavioral analysis of code.
- JSHint – A community driven fork of JSLint.
- JSLint – JavaScript syntax checker and validator.
- Klocwork
- Semgrep – A static analysis tool that helps expressing code standards and surfacing bugs early. A CI service and a rule library is also available.
- Understand
Objective-C, Objective-C++
- Clang – The free Clang project includes a static analyzer. As of version 3.2, this analyzer is included in Xcode.[14]
- Infer – Developed by an engineering team at Facebook with open-source contributors. Targets null pointers, leaks, API usage and other lint checks. Available as open source on github.
- Understand
Opa
Packaging
Perl
- Perl::Critic – A tool to help enforce common Perl best practices. Most best practices are based on Damian Conway's Perl Best Practices book.
- PerlTidy – Program that acts as a syntax checker and tester/enforcer for coding practices in Perl.
- Padre – An IDE for Perl that also provides static code analysis to check for common beginner errors.
PL/SQL
- TOAD – A PL/SQL development environment with a Code xPert component that reports on general code efficiency as well as specific programming issues.
- Visual Expert – A PL/SQL code analysis tool[15] that reports on programming issues and helps understand and maintain complex code (Impact Analysis, Source Code documentation, Call trees, CRUD matrix, etc.).
PowerBuilder, PowerScript
- Visual Expert – A tool scanning PowerBuilder libraries (PBLs) for code inspection, Impact Analysis, Source Code documentation, Call trees, CRUD matrix.
Python
- PyCharm – Cross-platform Python IDE with code inspections available for analyzing code on-the-fly in the editor and bulk analysis of the whole project.
- PyDev – Eclipse-based Python IDE with code analysis available on-the-fly in the editor or at save time.
- Pylint – Static code analyzer. Quite stringent; includes many stylistic warnings as well.
- Klocwork
- Semgrep – Static code analyzer that helps expressing code standards and surfacing bugs early. A CI service and a rule library is also available.
- Understand
Transact-SQL
- Visual Expert – A SQLServer code analysis tool[16] that reports on programming issues and helps understand and maintain complex code (Impact Analysis, source code documentation, call trees, CRUD matrix, etc.).