G2 Crowd Acquires Siftery to Create a New Way to Buy and Manage Software Spend 🚀

Best Static Code Analysis Software

Static code analysis is the analysis of computer software performed without actually executing the code. Static code analysis software scans all code in a project and seeks out vulnerabilities, validates code against industry best practices, and some software tools validate against company-specific project specifications. Static code analysis software is used by software development and quality assurance teams to ensure the quality and security of code, and that project requirements are met. Static code analysis is a type of source code management and can integrate with version control systems and through build automation tasks using continuous integration software.

To qualify as a static code analysis system, a product must:

  • Scan code without executing that code
  • List security vulnerabilities after scanning
  • Validate code against industry best practices
  • Provide recommendations on where and how to fix issues
G2 Crowd Grid® for Static Code Analysis
Leaders
High Performers
Contenders
Niche
Momentum Leaders
Momentum Score
Market Presence
Satisfaction
Filters
Star Rating

Static Code Analysis reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Static Code Analysis Software
Results: 69
    G2 Crowd takes pride in showing unbiased ratings on user satisfaction. G2 Crowd does not allow for paid placement in any of our ratings.
    Sort By:

    PyCharm is an IDE for Python developed by JetBrains. PyCharm is built for professional Python developers, and comes with many features to deal with large code bases: code navigation, automatic refactoring, and other productivity tools, in a single unified interface.


    ReSharper is a renowned productivity tool that turns Microsoft Visual Studio into a much better IDE. Both individual .NET developers and teams rely on ReSharper to write and maintain code in a more manageable and enjoyable way, adopt best coding practices and deliver higher-quality applications faster.


    Coverity static analysis by Synopsys helps development and security teams find and fix defects and security flaws in code as it’s being written. Coverity is highly accurate, supports thousands of developers, and quickly analyzes large projects exceeding 100 million lines of code, helping your teams build secure, high-quality software faster.


    ReSharper C++ makes Visual Studio a better IDE for C++ developers, providing on-the-fly code analysis, quick-fixes, powerful search and navigation, smart code completion, refactorings, a variety of code generation options and other features to help increase your everyday productivity.


    SonarSource products have innovative features to maximize quality and manage risk for both small and large software portfolios.


    Software security solutions from Micro Focus Fortify cover your entire software development lifecycle (SDLC) for mobile, third party and website security.


    Organizations worldwide use Black Duck’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com. com.


    Checkmarx is the Software Exposure Platform for the enterprise. Over 1,400 organizations around the globe rely on Checkmarx to measure and manage software risk at the speed of DevOps. Checkmarx serves five of the world’s top 10 software vendors, four of the top American banks, and many government organizations and Fortune 500 enterprises, including SAP, Samsung, and Salesforce.com. Learn more at Checkmarx.com or follow us on Twitter: @checkmarx.


    JSHint is a community-driven tool to detect errors and potential problems in JavaScript code.


    WhiteSource helps business to develop better software by harnessing the power of open source. WhiteSource becomes part of your software development lifecycle (SDLC) and automates the entire process of open source components selection, approval, and management, including finding and fixing vulnerable components. We provide software development and security teams full control and visibility over their open source usage and helps them drive open source adoption


    IBM Security AppScan Standard protects against web application attacks and expensive data breaches by automating application security vulnerability testing. Avoid security vulnerabilities Use automated dynamic security testing and advanced static analysis – “black box” and “white box” – to detect developing security issues. Empower accurate scanning Scan websites to identify embedded vulnerabilities. Simplify interpretation of scan results with scan-specific explanations of each issue. Get quick remediation Fix high-priority problems first with streamlined remediation. Make fixes quickly with the provided remediation steps – including code examples and a task list.


    Klocwork brings social collaboration to solving coding issues, combining skillsets and sharing this learning across teams.


    codebeat is an automated review for web and mobile that gathers the results of static code analysis into a single, real-time report that gives all project stakeholders the information required to identify code smells, security holes and improve code quality.


    Pylint is a tool that checks for errors in Python code, tries to enforce a coding standard and looks for bad code smells.


    Semmle makes the management of software development easier than ever before. By giving you complete visibility _ for every project, location, team, developer, timeframe and cost _ Semmle is engineering intelligence at its most advanced.


    Veracode is the world's best automated, on-demand application security testing and code review solution.


    Codacy automates code reviews and monitors code quality on every commit and pull request reporting back the impact of every commit or pull request, issues concerning code style, best practices, security, and many others. It monitors changes in code coverage, code duplication and code complexity. Saving developers time in code reviews thus efficiently tackling technical debt. JavaScript, Java, Ruby, Scala, PHP, Python, CoffeeScript and CSS are currently supported. Codacy is static analysis without the hassle.


    Gamma supports developers and development teams by finding critical code issues before they become roadblocks. It is the perfect tool to analyze, diagnose, transform, and sustain your software efficiently. With the use of A.I. and machine learning technologies, Gamma can immediately prioritize issues, suggest ways to best solve them, and re-factor software where necessary. Run it within your current Dev-Ops stack, on premise or in the cloud privately or publicly.

    Gamma Reviews
    Optimized for quick response


    JavaScript Source Analysis


    SecureAssist by Synopsys helps developers detect security weaknesses and quality defects as they code • Seamlessly integrate static analysis into development workflows to boost developer productivity. • Eliminate hundred-page bug reports, triaging, and costly delays. • Low false-positive rates and actionable results help developers efficiently debug their code.


    Babel is a JavaScript compiler. It helps shape the future of the JavaScript language itself.


    The Closure Compiler is a tool for making JavaScript download and run faster. Instead of compiling from a source language to machine code, it compiles from JavaScript to better JavaScript.


    Cppcheck is a static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to detect only real errors in the code (i.e. have zero false positives).


    DashO is a Java and Android Obfuscator plus much more. It provides enterprise-grade app hardening and shielding, greatly reducing the risk of intellectual property theft, data theft, piracy, and tampering. Our layered obfuscation, encryption, watermarking, auto-expiry, anti-debug, anti-tampering, anti-rooted device solution provides protection for applications all around the world.


    StyleCop analyzes C# source code to enforce a set of style and consistency rules.


    Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard.


    Codecov is a code coverage tool.


    The CodeRush .NET Test Runner is up to 30% faster than the closest competitor so you can get back to coding sooner.


    DeepScan is a static code analysis tool and hosted service for inspecting JavaScript code. It checks possible run-time errors and poor code quality using data-flow analysis. DeepScan follows the execution and data flow of program in greater depth. This enables finding issues that syntax-based linters can't. So you can focus on major issues first and gradually.


    Static analysis tool for finding bugs in Java code.


    FxCop is intended for class library developers.


    Measure quality with metrics, see design with diagrams and enforce decisions with code rules, right into Visual Studio.


    Dotfuscator is a .NET Obfuscator & much more. It provides enterprise-grade app protection, greatly reducing the risk of piracy, intellectual property theft and tampering. Our layered obfuscation, encryption, watermarking, auto-expiry, anti-debug, anti-tampering and alerting and defense technology provides protection for hundreds of thousands of applications around the world.


    OCLint is a static code analysis tool for improving quality and reducing defects by inspecting C, C++ and Objective-C code.


    Parasoft Development Testing Platform (DTP) enables Continuous Testing. Leveraging policies, DTP consistently applies software quality practices across teams and throughout the SDLC. It enables your quality efforts to shift left_delivering a platform for automated defect prevention and the uniform measurement of risk.


    ProGuard is the most popular optimizer for Java bytecode. It makes your Java and Android applications up to 90% smaller and up to 20% faster. ProGuard also provides minimal protection against reverse engineering by obfuscating the names of classes, fields and methods.


    The .NET Compiler Platform ("Roslyn") provides open-source C# and Visual Basic compilers with rich code analysis APIs.


    Source Insight parses your source code and maintains its own database of symbolic information dynamically while you work, and presents useful contextual information to you automatically.


    Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code, integrating with other open-source tools as needed.


    Write better code. With a Definition of Done. Better Code Hub checks your code base for compliance against 10 software engineering guidelines - and gives you immediate feedback on where to focus for quality improvements. https://github.com/marketplace/better-code-hub


    CA Veracode's State of Software Security Report found that 88% of Java applications had at least one open sourced based vulnerability, one of which leaked the Social Security numbers of 143 million Americans. CA Veracode Software Composition Analysis (SCA) identifies risks from open source libraries early so you can reduce unplanned work, covering both security and license risk. SCA helps Engineering keep roadmaps on track, Security achieve regulatory compliance, and the Business make smart decisions


    CA Veracode static analysis enables you to quickly identify and remediate application security flaws at scale and efficiency. Our SaaS-based platform integrates with your development and security tools, making security testing a seamless part of your development process. Once flaws are identified, leverage in-line remediation advice and one-to-one coaching to reduce your mean time resolve. CA Veracode static analysis is the competitive advantage you need to securely bring your applications to market at the speed of DevOps.


    Code Climate is a hosted static analytics software that helps you ship quality Ruby, PHP, JavaScript, and Python code faster.


    CodeDynamics cuts right to the chase, quickly identifying the cause of the crash, allowing you to have complete control over breakpoints and stepping commands.


    CodeFactor.io is an automated code review tool for GitHub.


    CodeIt.Right provides a fast, automated way to ensure that your source code adheres to (your) predefined design and style guidelines as well as best coding practices. We take static code quality analysis to the next level by enabling rule violations to be automatically refactored into conforming code. CodeIt.Right helps to improve your software quality, ensure code correctness, find issues early and resolve them quickly.


    CodeMeter is the universal technology for software publishers and intelligent device manufacturers, upon which all solutions from Wibu-Systems are built.


    CodeScan is a plugin for SonarQube and runs over 160 different checks for the quality on the Apex and VisualForce code.


    FlexNet Code Aware can see what you can't in your open source code - from security threats to intellectual property (IP) compliance issues. It's a simple scan that ensures you're safe to ship ...or stops you from spreading risk. All in a matter of minutes. Best of all, it's free for developers like you - so you can focus on doing what you do best.