* - The original static code analyser for Python. * - a lint implementation for the popular templating engine, Smarty. * - a PHP 4 source code scanner for detection of XSS and SQL injection vulnerabilities. * - script which indents and reformats Perl scripts to make them easier to read * - a module to evaluate the readability of Perl code * module is used to generate a cross reference listing of all definitions and uses of variables, subroutines and formats in a Perl program. * command from Perl::Metrics::Simple module - code metrics include Cyclomatic complexity * - static analyzer for Fortran 77 programs * - Checks C/C++ code for simple mistakes. * - Examines C++ code to identify problems with C++ exception propagation and usage. * - A scriptable static analysis tool based on GCC. * - collaboration of C++ static analysis tools, based on the research of CQual * - open source programming tool that examines C or C++ source code for security weaknesses.
* - BLAST is a software model checker for C programs. * - BOON is a tool for automatically finding buffer overrun vulnerabilities in C source code. * - MOPS is a tool for finding security bugs in C programs and for verifying conformance to rules of defensive programming. * - standalone tool that find bugs in C and Objective-C programs. * - RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions. It analyzes the C program to determine the smallest number of run-time checks that must be inserted in the program to prevent all memory safety violations.
* - CCured is a source-to-source translator for C. * - Deputy is a C compiler that is capable of preventing common C programming errors, including out-of-bounds memory accesses as well as many other common type-safety errors. * - A tool for proving the absence of runtime errors (overflows, failed assertions, etc.), taylored to critical embedded control code (was applied to Airbus A340 and A380 avionics code) * - Frama-C is a suite of tools dedicated to the analysis of the source code of software written in C. * Splint - an open source evolved version of Lint (C language). * Sparse - a tool designed to find faults in the Linux kernel. * - A tool for adding type qualifiers in C. * - structural dependencies analyzes, measures stability, detects structural "anti-patterns", impact analysis on dependencies, and more. * - Unnecessary Code Detector: Eclipse PlugIn to find unnecessary (dead) public java code * - Customizable static code analysis tool for java (based on coding standards) that can also generate metrics report * - A Java program analysis and compiler optimization framework * - A Java program analysis tool that is programmable with SCL (Structural Constraint Language). * PMD (software) - a static ruleset based Java source code analyzer that identifies potential problems. * FindBugs - an open-source static bytecode analyzer for Java (based on Jakarta BCEL). * - analyze Java class cycles and class and package dependencies (Layers) * - analyze Java and apply coding standard
* - A Free static analysis tool from the Mono project Standalone and integrated in some Microsoft Visual Studio editions. * FxCop - Free static analysis for Microsoft. * Lint - the original static code analyzer of C code. This is a list of significant tools for static code analysis.