wikiwand.com

List of tools for static code analysis - Wikiwand

  • ️Mon Nov 18 2024

Ada

This section is a sublist. Links here will take you to the full list on the top of this article.

C, C++

This section is a sublist. Links here will take you to the full list on the top of this article.

C#

This section is a sublist. Links here will take you to the full list on the top of this article.

IEC 61131-3

  • CODESYS Static Analysis  integrated add-on for CODESYS (application code realized e.g. in ST, FBD, LD)

Java

More information Tool, Latest release ...

Tool Latest release Free software Duplicate
code
Notes
Checkstyle 2020-01-26 Yes; LGPL No Besides some static code analysis, it can be used to show violations of a configured coding standard. Duplicate code detection was removed[13] from Checkstyle.
Eclipse 2017-06-28 Yes; EPL No Cross-platform IDE with own set of several hundred code inspections available for analyzing code on-the-fly in the editor and bulk analysis of the whole project. Plugins for Checkstyle, FindBugs, and PMD.
FindBugs 2015-03-06 Yes; LGPL Based on Jakarta BCEL from the University of Maryland. SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community.
IntelliJ IDEA 2021-04-06 Yes; ASL 2 Yes A leading Java IDE with built-in code inspection and analysis. Plugins for Checkstyle, FindBugs, and PMD.
JArchitect 2017-06-11 No; proprietary Simplifies managing a complex code base by analyzing and visualizing code dependencies, defining design rules, doing impact analysis, and by comparing different versions of the code.
Jtest 2024-11-01 (2024.2) No; proprietary Yes Testing and static code analysis product by Parasoft.
Soot 2020-10-28 Yes; LGPL A language manipulation and optimization framework consisting of intermediate languages.
PMD 2021-01-30 Yes; BSD License Yes Static code analyzer with support for plugins, including CPD. PMD supports checking of several languages.
Squale 2011-05-26 Yes; LGPL A platform to manage software quality.
ThreadSafe 2014-03-28 No; proprietary A static analysis tool focused on finding concurrency bugs.

Close

This section is a sublist. Links here will take you to the full list on the top of this article.

JavaScript

  • ESLint  JavaScript syntax checker and formatter.
  • Google's Closure Compiler  JavaScript optimizer that rewrites code to be faster and smaller, and checks use of native JavaScript functions.
  • CodeScene  Behavioral analysis of code.
  • JSHint  A community driven fork of JSLint.
  • JSLint  JavaScript syntax checker and validator.
  • Klocwork
  • Semgrep  A static analysis tool that helps expressing code standards and surfacing bugs early. A CI service and a rule library is also available.
  • Understand

Objective-C, Objective-C++

  • Clang  The free Clang project includes a static analyzer. As of version 3.2, this analyzer is included in Xcode.[14]
  • Infer  Developed by an engineering team at Facebook with open-source contributors. Targets null pointers, leaks, API usage and other lint checks. Available as open source on github.
  • Understand

Opa

  • Opa includes its own static analyzer. As the language is intended for web application development, the strongly statically typed compiler checks the validity of high-level types for web data, and prevents by default many vulnerabilities such as XSS attacks and database code injections.

Packaging

  • Lintian  Checks Debian software packages for common inconsistencies and errors.
  • Rpmlint  Checks for common problems in rpm packages.

Perl

PL/SQL

PowerBuilder, PowerScript

Python

  • PyCharm  Cross-platform Python IDE with code inspections available for analyzing code on-the-fly in the editor and bulk analysis of the whole project.
  • PyDev  Eclipse-based Python IDE with code analysis available on-the-fly in the editor or at save time.
  • Pylint  Static code analyzer. Quite stringent; includes many stylistic warnings as well.
  • Klocwork
  • Semgrep  Static code analyzer that helps expressing code standards and surfacing bugs early. A CI service and a rule library is also available.
  • Understand

Transact-SQL

  • Visual Expert  A SQLServer code analysis tool[16] that reports on programming issues and helps understand and maintain complex code (Impact Analysis, source code documentation, call trees, CRUD matrix, etc.).