Information

License Type

proprietary

More Resources

Suggest resources

You Can Contribute!

You can help to improve this list by voting for your favorite tools or adding new ones on Github GitHub

Suggest a tool

Latest from our Blog

A Closer Look At BugProve

Sun Nov 19 2023

I have never been a huge fan of IoT devices. Granted, they make our life easier, but they also open the door to a lot of security issues. Most IoT devices are black boxes. I don't know what's inside and I don't know what they connect to.

Welcoming Bearer as Our Sponsor: Simple Ruby and JavaScript App Security

Thu Apr 06 2023

As a developer, I have faced my fair share of security mishaps. I recall times when I accidentally exposed sensitive data in logs or sent a network request over a non-encrypted HTTP channel when HTTPS was available. I'm sure many of you can relate to these situations. We may not be security experts, but that doesn't mean we shouldn't take measures to protect our applications. This is where Bearer, a new security tool for Ruby and JavaScript apps (Java coming soon), comes into play.

Redesigning Analysis Tools

Wed Mar 29 2023

We are happy to announce that we completely rebuilt analysis-tools.dev from scratch with more features and a new design!This is a major milestone for us, as it marks the first time we sat down to reinvision what the project should become in the next few years.

Picking the Right Static Analysis Tool For Your Use-Case

Tue Jan 26 2021

This project started as a way to scratch my own itch:Years later, many people still seem to have the same problem. There are more than 500 static analysis (SAST) tools out there; how can you possibly find the "best" one?

Static Analysis Is Broken - Let’s Fix It!

Wed Aug 19 2020

Static analysis is great! It helps improve code quality by inspecting source code without even running it. There are hundreds of great tools to choose from — many are free or open-source. Unfortunately, many projects still don’t make use of static analysis tools for various reasons.

Our Mission

Thu Jul 16 2020

We found that static code analysis is a topic that is attracting a lot of engineers, which care about code-quality and solid engineering standards. Our goal is to create an open community for developers that want to take their code and skill set to the next level.

Welcome, DeepCode!

Thu Jul 16 2020

Today we welcome DeepCode as our first sponsor.It makes us incredibly happy to see the backing of our community project from such a forward-thinking company. Just like us, DeepCode thinks that the space of analysis tools could be vastly improved to increase code quality and foster best practices within organizations of any size.

Show all

Stay Informed

Soto Platform

Maintained

Suite of static analysis tools consisting of the three components Sotoarc (Architecture Analysis), Sotograph (Quality Analysis), and Sotoreport (Quality report). Helps find differences between architecture and implementation, interface violations (e.g. external access of private parts of subsystems, detection of all classes, files, packages and subsystems which are strongly coupled by cyclical relationships and more. The Sotograph product family runs on Windows and Linux.

abap
c
csharp
cpp
java
php
typescript

Visit website

Tutorials / Guides

Help make this list better
Suggest Tools

1 Multi-Language Tools

StaticReviewer

Static Reviewer executes code checks according to the most relevant Secure Coding Standards, OWASP, CWE, CVE, CVSS, MISRA, CERT, for 40+ programming languages, using 1000+ built-in validation rules for Security, Deadcode & Best Practices Available a module for Software Composition Analysis (SCA) to find vulnerabilities in open source and third party libraries.