Tutorials / Guides
2 Alternatives to Symfony Insight
Automated PHP code review.
24 Multi-Language Tools
Commercial Static Code Analysis which generates exploits to verify vulnerabilities.
Better Code Hub
Better Code Hub checks your GitHub codebase against 10 engineering guidelines devised by the authority in software quality, Software Improvement Group.
Code Analysis to ship Better Code, Faster.
Automated Code Analysis for repos on GitHub or BitBucket.
Automated code analysis tool to deal with technical depth. Integrates with Bitbucket and Gitlab. (free for Open Source Projects)
Automated SAST code reviews driven by security, supports 15+ languages and includes security training.
CodeScene is a quality visualization tool for software. Prioritize technical debt, detect delivery risks, and measure organizational aspects. Fully automated.
Automated Code Reviews and Technical Debt management platform that supports 12+ languages.
Emerge is a source code and dependency visualizer that can be used to gather insights about source code structure, metrics, dependencies and complexity of software projects. After scanning the source code of a project it provides you an interactive web interface to explore and analyze your project by using graph structures.
HCL AppScan Source
Commercial Static Code Analysis.
Identify and remediate cyber threats in a blazingly fast, collaborative environment, with seamless integration in your SDLC. Python, C\C++, Java, C#, PHP and more.
Commercial Static Code Analysis system doesn't require building the source code or pre-compilation.
Scanmycode CE (Community Edition)
Scanmycode - Code Scanning/SAST/Linting using many tools/Scanners with One Report
A proprietary code quality checker that can be integrated with GitHub.
A fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. Its rules look like the code you already write; no abstract syntax trees or regex wrestling. Supports 17+ languages.
Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines.
Sigrid helps you to improve your software by measuring your system's code quality, and then compares the results against a benchmark of thousands of industry systems to give you concrete advice on areas where you can improve.
SonarQube is an open platform to manage code quality.
Reports known vulnerabilities in common dependencies and recommends updated packages to minimize breaking changes
Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It integrates of a number of self-developed tools, and also supports dynamic integration of code analysis tools in various programming languages.
Vulnerability Scanner and Risk Evaluation for containers, serverless and hosts at runtime. ThreatMapper generates runtime BOMs from dependencies and operating system packages, matches against multiple threat feeds, scans for unprotected secrets, and scores issues based on severity and risk-of-exploit.
Help make this list better