Search results
Results from the WOW.Com Content Network
Static code analysis based automated code review tool working on GitHub and GitLab. Checks style, quality, dependencies, security and bugs. It integrates a number of open source static analysis tools. SLAM project: 2010-07-14 No; proprietary — C — — — — —
The company develops the Semgrep AppSec Platform (a commercial offering for SAST, SCA, and secrets scanning) and actively maintains the open-source static code analysis tool semgrep OSS. Semgrep has stable support for over 30 languages including C# , C , C++ , Go , Java , JavaScript , JSON , Python , PHP , Ruby , and Scala .
SonarQube (formerly Sonar) [3] is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages.
RIPS (Research and Innovation to Promote Security) is a static code analysis software, designed for automated detection of security vulnerabilities in PHP and Java applications. The initial tool was written by Johannes Dahse and released during the Month of PHP Security [1] in May 2010 as open-source software. [2]
A SAST tool scans the source code of applications and its components to identify potential security vulnerabilities in their software and architecture. Static analysis tools can detect an estimated 50% of existing security vulnerabilities. [1]
Splint has the ability to interpret special annotations to the source code, which gives it stronger checking than is possible just by looking at the source alone. Splint is used by gpsd as part of an effort to design for zero defects. [1] Splint is free software released under the terms of the GNU General Public License.
Sider is an automated code review tool with GitHub. [1] It's based on static code analysis and integrates with a number of open source static analysis tools. [ 2 ] It checks style violations, code quality, security and dependencies and provides results as a comment on GitHub pull request.
CodeSonar is a static code analysis tool from CodeSecure, Inc. CodeSonar is used to find and fix bugs and security vulnerabilities [1] in source and binary code. [2] [3] [4] It performs whole-program, inter-procedural analysis with abstract interpretation on C, C++, C#, Java, as well as x86 and ARM binary executables and libraries.