Static program analysis tools

Clang () is a compiler front end for the programming languages C, C++, Objective-C, Objective-C++, and the software frameworks OpenMP, OpenCL, RenderScript, CUDA, SYCL, and HIP. It acts as a drop-in replacement for the GNU Compiler Collection (GCC), supporting most of its compiling flags and unofficial language extensions. It includes a static analyzer, and several code analysis tools.

Unix tool which performs static analysis of C source code and flags suspicious and non-portable constructs

SonarQube is an open-core static code analysis platform developed by Sonar. It provides continuous inspection of code quality to perform automatic reviews to detect bugs, vulnerabilities, security hotspots, and code smells on over 35 programming languages as well as frameworks and infrastructure technologies. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, technical debt, code complexity, comments, bugs, software bill of materials (SBOMs), and security recommendations.

ESLint is a static code analysis tool for identifying problematic patterns found in JavaScript code. It was created by Nicholas C. Zakas in 2013. Rules in ESLint are configurable, and customized rules can be defined and loaded. ESLint covers both code quality and coding style issues. ESLint supports current standards of ECMAScript, and experimental syntax from drafts for future standards. Code using JSX or TypeScript can also be processed when a plugin or transpiler is used.

JSLint is a static code analysis tool used in software development for checking if JavaScript source code complies with coding rules. It is provided primarily as a browser-based web application accessible through the domain jslint.com, but there are also command-line adaptations. It was created in 2002 by Douglas Crockford.

JSHint is a static code analysis tool used in software development for checking if JavaScript source code complies with coding rules. JSHint was created in 2011 by Anton Kovalyov as a fork of the JSLint project (by Douglas Crockford). Anton and others felt JSLint was getting "too opinionated", and did not allow enough customization options. The JSHint maintainers publish both an online version, and a command-line version.

Coverity is a proprietary static code analysis tool from Black Duck, Inc. This product enables engineers and security teams to find and fix software defects.

Checkstyle is a static code analysis tool used in software development for checking if Java source code is compliant with specified coding rules.

Cppcheck is a static code analysis tool for the C and C++ programming languages. It is a versatile tool that can check non-standard code. The creator and lead developer is Daniel Marjamäki.

FxCop is a free static code analysis tool from Microsoft that checks .NET managed code assemblies for conformance to Microsoft's .NET Framework Design Guidelines.

FindBugs is an open-source static code analyzer created by Bill Pugh and David Hovemeyer which detects possible bugs in Java programs. Potential errors are classified in four ranks: (i) scariest, (ii) scary, (iii) troubling and (iv) of concern. This is a hint to the developer about their possible impact or severity. FindBugs operates on Java bytecode, rather than source code. The software is distributed as a stand-alone GUI application. There are also plug-ins available for Eclipse, NetBeans, IntelliJ IDEA, Gradle, Hudson, Maven, Bamboo and Jenkins.

free software tool

class browser, decompiler and static analyzer

Pylint is a static code analysis tool for the Python programming language. It is named following a common convention in Python of a "py" prefix, and a nod to the C programming lint program. It follows the style recommended by PEP 8, the Python style guide. It is similar to Pychecker and Pyflakes, but includes the following features: Checking the length of each line Checking that variable names are well-formed according to the project's coding standard Checking that declared interfaces are truly implemented.

code reviewing software

free static software analysis tool

is a POSIX-defined shell command for generating a C-language flow graph. The GNU implementation reads C source code files, and generates a flow graph of external references. It uses only source files and does not need to run the program. Another implementation is available in Tru64 Unix.