Want to see who topped the 2019 Best Software Awards?

Best Static Code Analysis Software

Static code analysis is the analysis of computer software performed without actually executing the code. Static code analysis software scans all code in a project and seeks out vulnerabilities, validates code against industry best practices, and some software tools validate against company-specific project specifications. Static code analysis software is used by software development and quality assurance teams to ensure the quality and security of code, and that project requirements are met. Static code analysis is a type of source code management and can integrate with version control systems and through build automation tasks using continuous integration software.

To qualify as a static code analysis system, a product must:

  • Scan code without executing that code
  • List security vulnerabilities after scanning
  • Validate code against industry best practices
  • Provide recommendations on where and how to fix issues
G2 Crowd Grid® for Static Code Analysis
High Performers
Momentum Leaders
Momentum Score
Market Presence
Star Rating

Static Code Analysis reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Static Code Analysis Software
Results: 71
    G2 Crowd takes pride in showing unbiased ratings on user satisfaction. G2 Crowd does not allow for paid placement in any of our ratings.
    Sort By:

    Turn your compliance, security, and other policy requirements into automated tests.

    JArchitect simplifies managing a complex Java code base. You can analyze code structure, specify design rules, do effective code reviews and master evolution by comparing different versions of the code.

    JProfiler is a Java profiler tool that helps users to resolve performance bottlenecks, pin down memory leaks and understand threading issues

    Jtest helps development teams produce better code, test it more efficiently, and consistently monitor progress toward quality goals.

    Software analytics technology with a breadth of third party integrations that takes into account the wealth of applications your teams are currently using. We facilitate and encourage work between unlocalized teams. We understand the complexity of working on multi technology environments, constantly striving to increase the number of programming languages and technologies we support.

    The LDRA tool suite helps you build quality into your software development life-cycle. Our software standards compliance, testing, and verification tools are based on industry best practices to help you develop high quality safety- and security-critical products. Many users of the LDRA tool suite are required to certify their software. The LDRA tool suite’s open and extensible platform is unique in its integration of software life-cycle traceability, static and dynamic analysis, unit test and system-level testing on virtually any host or target platform.

    Manta Checker automates code reviews, helps you quickly fix errors and improves your data governance. HOW IT WORKS 1. Manta Checker analyzes everything n your repository. 2. Finds errors and other issues. 3. Reports everything in reports, ready for people or other quality assurance solutions. AND THAT HELPS OUR CUSTOMERS TO 1. Save on expensive labor 2. Detect production errors early 3. Correct errors quickly and automatically Manta Checker is available in cloud or on premise for Teradata, Informatica and Oracle. To learn more about Manta Checker or get a full Manta Checker Trial for free, visit our webpage: getmanta.com/manta-checker

    Fortify Static Code Analyzer is designed to identify security vulnerabilities in the user's source code early in the software development lifecycle and provides best practices so developers can code more securely.

    Moose is a platform for software and data analysis. It helps programmers craft custom analyses cheaply. It's based on Pharo and it's open source under BSD/MIT. Install

    OverOps develops a static and dynamic code analysis technology to analyze code events in real time.����������

    PreEmptive Protection for iOS protects all your iOS applications, greatly reducing the risk of piracy, intellectual property theft and tampering.

    Prepros can compile almost all preprocessing languages like Sass, Less, Stylus, Cssnext, Jade/Pug, Markdown, Slim, Coffeescript etc.

    QuantifiedCode is the automated code repair platform.

    RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis.

    RIPS is the code analysis solution dedicated to the PHP language. It supports all major PHP frameworks, SDLC integration, relevant industry standards and can be deployed as a self-hosted software or used as a cloud service.

    SMART TS XL is an application discovery suite that helps you understand and analyze all application assets. The patented Software Intelligence technology allows you to instantly search any code base, giving you insight into your programs, structured and unstructured information, change management resources, ticketing systems and documentation.

    Snyk is a security solution designed to find and fix vulnerabilities in Node.js and Ruby apps.

    SourceMeter is an innovative tool built for the precise static source code analysis of C/C++, Java, C#, Python, and RPG projects.

    Sparrow SAST is designed to detect security weaknesses in source code with its semantic based static program analysis engine.

    Teamscale supports your team to analyze, monitor, and improve the quality of your code.

    Understand is very efficient at collecting metrics about the code and providing different ways for you to view it.