Automated code review Automated code review software checks source code for compliance with a predefined set of rules or best practices.
Bauhaus Project (computing) The Bauhaus project is a software research project collaboration among the University of Stuttgart, the University of Bremen, and a commercial spin-off company Axivion formerly called Bauhaus So...
BLAST model checker The Berkeley Lazy Abstraction Software Verification Tool (BLAST) is a software model checking tool for C programs.
Checkstyle Checkstyle is a static code analysis tool used in software development for checking if Java source code complies with coding rules.
Clang Clang is a compiler front end for the C, C++, Objective-C and Objective-C++ programming languages.
Coccinelle (software) Coccinelle (French for ladybug) is a tool to match and transform the source code of programs written in the programming language C. Coccinelle was initially used to aid the evolution of Lin...
Code Rocket Code Rocket by Rapid Quality Systems is a family of software development tools aimed at improving developer productivity and code quality.
CodeIt.Right CodeIt.Right combines static code analysis and automatic refactoring in one application.
ConQAT The Continuous Quality Assessment Toolkit (ConQAT) is a highly configurable software quality analysis engine.
Coverity Coverity is a software vendor which develops development testing solutions, including static code analysis tools, for C, C++, Java and C#, used to find defects and security vulnerabilities in so...
Cppcheck Cppcheck is a static code analysis tool for the C and C++ programming languages.
Cpplint cpplint is an open source lint-like tool developed by Google, designed to ensure that C++ code conforms to Google's coding style guides.
cscope cscope is a console mode or text-based graphical interface that allows computer programmers or software developers to search C source code.
Daikon (system) Daikon is a computer program that detects likely invariants of programs.
DMS Software Reengineering Toolkit The DMS Software Reengineering Toolkit is a proprietary set of program transformation tools available for automating custom source program analysis, modification, translation or generation of so...
ECLAIR ECLAIR is a commercial static code analysis tool developed by BUGSENG, LLC for the automatic analysis, verification, testing and transformation of C and C++ programs.
ESC/Java ESC/Java (and more recently ESC/Java2), the "Extended Static Checker for Java," is a programming tool that attempts to find common run-time errors in Java programs at compile time.
Extended static checking Extended static checking (ESC) is a collective name for a range of techniques for statically checking the correctness of various program constraints.
FindBugs FindBugs is an open source program created by Bill Pugh and David Hovemeyer which looks for bugs in Java code.
Fluctuat Fluctuat has been developed by Commissariat à l'Énergie Atomique et aux Énergies Alternatives since 2001.
Fortify Software Fortify Software or later Fortify was a California-based software security vendor, founded in 2003 and acquired by Hewlett-Packard in 2010.
Frama-C Frama-C stands for Framework for Modular Analysis of C programs.
FxCop FxCop is a free static code analysis tool from Microsoft that checks .NET managed code assemblies for conformance to Microsoft's .NET Framework Design Guidelines.
GrammaTech GrammaTech is a software-development tools vendor based in Ithaca, New York.
Hermes (programming language) Hermes is a language for distributed programming that was developed at IBM's Thomas J. Watson Research Center from 1986 through 1992.
Imagix 4D Imagix 4D is a source code analysis tool from Imagix Corporation, used primarily for understanding, documenting and evolving existing C, C++ and Java software.
JArchitect JArchitect is a static analysis tool for JAVA code.
Jtest Jtest is an automated Java software testing and static analysis product that is made by Parasoft.
Klocwork Klocwork is a software company with headquarters in Burlington, MA and R&D based in Ottawa, ON, Canada.
LDRA Testbed LDRA Testbed provides the core static and dynamic analysis engines for both host and embedded software.
lint (software) In computer programming, lint was the name originally given to a particular program that flagged some suspicious and non-portable constructs (likely to be bugs) in C language source code.
Sonargraph Sonargraph is a commercial tool for static code analysis of software written in Java.
SonarJ SonarJ is a commercial tool for static code analysis of software written in Java.
SonarQube SonarQube (formerly Sonar) is an open source software quality platform.
Soot (software) In static program analysis, Soot is a language manipulation and optimization framework consisting of intermediate languages for the Java programming language.
Sotoarc Sotoarc is a commercial static code analysis tool for software architects.
SPARROW SPARROW is a static analysis tool that understands the semantics of C and C++ code based on Abstract Interpretation in static analysis theory by automatically detecting fatal errors such as memo...
Sparse Sparse is a computer software tool designed to find possible coding faults in the Linux kernel.
Spec Sharp Spec# is a programming language with specification language features that extends the capabilities of the C# programming language with Eiffel-like contracts, including object invariants, precond...
Splint (programming tool) Splint, short for Secure Programming Lint, is a programming tool for statically checking C programs for security vulnerabilities and coding mistakes.
SQuORE SQuORE is a business intelligence and static code analysis tool for software projects.
StyleCop StyleCop is an open source static code analysis tool from Microsoft that checks C# code for conformance to StyleCop's recommended coding styles and a subset of Microsoft's .NET Framework Design ...
Understand (software) Understand is a commercial static code analysis software tool produced by SciTools.
Veracode Veracode is a Burlington, Massachusetts based application security company offering a cloud-based platform for application risk management.
VeriFlux VeriFlux is a formal methods based static analysis tool for programs written in Java.
Yasca Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code.