Static code analysis is the analysis of computer software performed without actually executing the code. Static code analysis software scans all code in a project and seeks out vulnerabilities, validates code against industry best practices, and some software tools validate against company-specific project specifications. Static code analysis software is used by software development and quality assurance teams to ensure the quality and security of code, and that project requirements are met. Static code analysis is a type of source code management and can integrate with version control systems and through build automation tasks using continuous integration software.
To qualify as a static code analysis system, a product must:
Static Code Analysis reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.
ReSharper is a renowned productivity tool that turns Microsoft Visual Studio into a much better IDE. Both individual .NET developers and teams rely on ReSharper to write and maintain code in a more manageable and enjoyable way, adopt best coding practices and deliver higher-quality applications faster.
Coverity static analysis by Synopsys helps development and security teams find and fix defects and security flaws in code as it’s being written. Coverity is highly accurate, supports thousands of developers, and quickly analyzes large projects exceeding 100 million lines of code, helping your teams build secure, high-quality software faster.
ReSharper C++ makes Visual Studio a better IDE for C++ developers, providing on-the-fly code analysis, quick-fixes, powerful search and navigation, smart code completion, refactorings, a variety of code generation options and other features to help increase your everyday productivity.
Checkmarx is the Software Exposure Platform for the enterprise. Over 1,400 organizations around the globe rely on Checkmarx to measure and manage software risk at the speed of DevOps. Checkmarx serves five of the world’s top 10 software vendors, four of the top American banks, and many government organizations and Fortune 500 enterprises, including SAP, Samsung, and Salesforce.com. Learn more at Checkmarx.com or follow us on Twitter: @checkmarx.
Organizations worldwide use Black Duck’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com. com.
DashO is a Java and Android Obfuscator plus much more. It provides enterprise-grade app hardening and shielding, greatly reducing the risk of intellectual property theft, data theft, piracy, and tampering. Our layered obfuscation, encryption, watermarking, auto-expiry, anti-debug, anti-tampering, anti-rooted device solution provides protection for applications all around the world.
WhiteSource helps business to develop better software by harnessing the power of open source. WhiteSource becomes part of your software development lifecycle (SDLC) and automates the entire process of open source components selection, approval, and management, including finding and fixing vulnerable components. We provide software development and security teams full control and visibility over their open source usage and helps them drive open source adoption
Embold supports developers and development teams by finding critical code issues before they become roadblocks. It is the perfect tool to analyze, diagnose, transform, and sustain your software efficiently. With the use of A.I. and machine learning technologies, Embold can immediately prioritize issues, suggest ways to best solve them, and re-factor software where necessary. Run it within your current Dev-Ops stack, on premise or in the cloud privately or publicly.
Visual Expert is a must-have solution for the maintenance of PowerBuilder, Oracle and SQL Server database code. Visual Expert automates the key processes for developing productive code by assisting the developers to understand complex code by generating diagrams, identify the consequences of a change in code, review, analyze and improve code performances, explore complex chains of calls, compare two or more versions of code, create and review CRUD (Create, Read, Update, Delete) operations matrix
Petze is an automated code reviewer to ensure that UiPath workflows are developed faster, with more efficient as well as being fully compliant with best practices, industry standards and IT security & compliance rules. It can help your customers scale faster and deliver more automated business processes, while ensuring the highest quality and compliance.
SecureAssist by Synopsys helps developers detect security weaknesses and quality defects as they code • Seamlessly integrate static analysis into development workflows to boost developer productivity. • Eliminate hundred-page bug reports, triaging, and costly delays. • Low false-positive rates and actionable results help developers efficiently debug their code.
Cppcheck is a static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to detect only real errors in the code (i.e. have zero false positives).
Dotfuscator is a .NET Obfuscator & much more. It provides enterprise-grade app protection, greatly reducing the risk of piracy, intellectual property theft and tampering. Our layered obfuscation, encryption, watermarking, auto-expiry, anti-debug, anti-tampering and alerting and defense technology provides protection for hundreds of thousands of applications around the world.
Snyk is a developer-first security solution that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and Docker images. The Snyk solution integrates its comprehensive proprietary vulnerability database maintained by its expert security research team in Israel and London.
bugScout is a next-gen SAST platform for detecting vulnerabilities in application and website source codes, designed by ethical hackers and cybersecurity analysts coming out of Deloitte’s European cyberthreat SOC competency center. Today, source code security audits are snapshots that define the status at a point in time and deliver reports that are already out of date by the time they are finished because the development process is continuous. With its fast performance and scalability, bugScout
CA Veracode static analysis enables you to quickly identify and remediate application security flaws at scale and efficiency. Our SaaS-based platform integrates with your development and security tools, making security testing a seamless part of your development process. Once flaws are identified, leverage in-line remediation advice and one-to-one coaching to reduce your mean time resolve. CA Veracode static analysis is the competitive advantage you need to securely bring your applications to ma
Parasoft Development Testing Platform (DTP) enables Continuous Testing. Leveraging policies, DTP consistently applies software quality practices across teams and throughout the SDLC. It enables your quality efforts to shift left_delivering a platform for automated defect prevention and the uniform measurement of risk.
CA Veracode's State of Software Security Report found that 88% of Java applications had at least one open sourced based vulnerability, one of which leaked the Social Security numbers of 143 million Americans. CA Veracode Software Composition Analysis (SCA) identifies risks from open source libraries early so you can reduce unplanned work, covering both security and license risk. SCA helps Engineering keep roadmaps on track, Security achieve regulatory compliance, and the Business make smart deci