Best Static Code Analysis Software

Static code analysis is the analysis of computer software performed without actually executing the code. Static code analysis software scans all code in a project and seeks out vulnerabilities, validates code against industry best practices, and some software tools validate against company-specific project specifications. Static code analysis software is used by software development and quality assurance teams to ensure the quality and security of code, and that project requirements are met. Static code analysis is a type of source code management and can integrate with version control systems and through build automation tasks using continuous integration software.

To qualify as a static code analysis system, a product must:

  • Scan code without executing that code
  • List security vulnerabilities after scanning
  • Validate code against industry best practices
  • Provide recommendations on where and how to fix issues
G2 Grid® for Static Code Analysis
High Performers
Market Presence
Star Rating

Static Code Analysis reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Static Code Analysis Software

Results: 79
G2 takes pride in showing unbiased ratings on user satisfaction. G2 does not allow for paid placement in any of our ratings.
Results: 79
Filter Results
Filter by:
Sort by
Star Rating
Sort By:

    CodeIt.Right provides a fast, automated way to ensure that your source code adheres to (your) predefined design and style guidelines as well as best coding practices. We take static code quality analysis to the next level by enabling rule violations to be automatically refactored into conforming code. CodeIt.Right helps to improve your software quality, ensure code correctness, find issues early and resolve them quickly.

    CodeMeter is the universal technology for software publishers and intelligent device manufacturers, upon which all solutions from Wibu-Systems are built.

    CodeScan is a plugin for SonarQube and runs over 160 different checks for the quality on the Apex and VisualForce code.

    DeepCode is the most advanced Static Analysis Tool for code. It utilizes semantic analysis over Open Source code to identify hundreds of thousands of rules that each developer can benefit from. The Machine Learning combined with the Semantic Internal representation delivers the highest Precision in the space and a rapidly growing number of suggestions that DeepCode can find. The tool is already outperforming all competitors and it is on track to be 10X better by the end of 2019. Language support covers Java, JS, Python with TypeScript, C and C++ coming soon followed by the most requested languages.

    FlexNet Code Aware can see what you can't in your open source code - from security threats to intellectual property (IP) compliance issues. It's a simple scan that ensures you're safe to ship ...or stops you from spreading risk. All in a matter of minutes. Best of all, it's free for developers like you - so you can focus on doing what you do best.

    Turn your compliance, security, and other policy requirements into automated tests.

    JArchitect simplifies managing a complex Java code base. You can analyze code structure, specify design rules, do effective code reviews and master evolution by comparing different versions of the code.

    Jtest helps development teams produce better code, test it more efficiently, and consistently monitor progress toward quality goals.

    Provides an end-to-end Application Security platform to bring you objective data so you can make informed decisions regarding the security, risk, cost, activity, quality, maintainability, efficiency and dependencies of your applications.

    Insights allows you to secure and manage any vulnerabilities, compliance and operational risk that may arise from using open source components.

    The LDRA tool suite helps you build quality into your software development life-cycle. Our software standards compliance, testing, and verification tools are based on industry best practices to help you develop high quality safety- and security-critical products. Many users of the LDRA tool suite are required to certify their software. The LDRA tool suite’s open and extensible platform is unique in its integration of software life-cycle traceability, static and dynamic analysis, unit test and system-level testing on virtually any host or target platform.

    Manta Checker automates code reviews, helps you quickly fix errors and improves your data governance. HOW IT WORKS 1. Manta Checker analyzes everything n your repository. 2. Finds errors and other issues. 3. Reports everything in reports, ready for people or other quality assurance solutions. AND THAT HELPS OUR CUSTOMERS TO 1. Save on expensive labor 2. Detect production errors early 3. Correct errors quickly and automatically Manta Checker is available in cloud or on premise for Teradata, Informatica and Oracle. To learn more about Manta Checker or get a full Manta Checker Trial for free, visit our webpage:

    Fortify Static Code Analyzer is designed to identify security vulnerabilities in the user's source code early in the software development lifecycle and provides best practices so developers can code more securely.

    Moose is a platform for software and data analysis. It helps programmers craft custom analyses cheaply. It's based on Pharo and it's open source under BSD/MIT. Install

    OverOps develops a static and dynamic code analysis technology to analyze code events in real time.

    Offers a visual and insightful Debugging-as-a-Service that cuts debugging time by half so developers can concentrate on crafting high-quality code.

    Petze is an automated code reviewer to ensure that UiPath workflows are developed faster, with more efficient as well as being fully compliant with best practices, industry standards and IT security & compliance rules. It can help your customers scale faster and deliver more automated business processes, while ensuring the highest quality and compliance.

    PreEmptive Protection for iOS protects all your iOS applications, greatly reducing the risk of piracy, intellectual property theft and tampering.

    QuantifiedCode is the automated code repair platform.

    RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis.

    RIPS is the code analysis solution dedicated to the PHP language. It supports all major PHP frameworks, SDLC integration, relevant industry standards and can be deployed as a self-hosted software or used as a cloud service.

    RIPS Static Code Analysis is a PCI compliance software that detects the most complex security vulnerabilities deeply nested within the PHP code that no other tools are able to find.

    Seamless GitHub integration

    SMART TS XL is an application discovery suite that helps you understand and analyze all application assets. The patented Software Intelligence technology allows you to instantly search any code base, giving you insight into your programs, structured and unstructured information, change management resources, ticketing systems and documentation.

    SourceMeter is an innovative tool built for the precise static source code analysis of C/C++, Java, C#, Python, and RPG projects.

    Sparrow SAST is designed to detect security weaknesses in source code with its semantic based static program analysis engine.

    Teamscale supports your team to analyze, monitor, and improve the quality of your code.

    Understand is very efficient at collecting metrics about the code and providing different ways for you to view it.