내 남자의 길~!

[edit] Open-source products

• Bandera — analyser for Java
• Checkstyle — analyse Java and apply coding standard
• ClassCycle — analyse Java class cycles and class and package dependencies (Layers)
• CQual — A tool for adding type qualifiers in C
• FindBugs — an open-source static bytecode analyzer for Java (based on Jakarta BCEL).
• Flawfinder — open source programming tool that examines C or C++ source code for security weaknesses.
• Jlint — for Java
• JsLint - online analyzer for JavaScript
• Oink — collaboration of C++ static analysis tools
• Perl::Critic - a static code analysis tool for Perl
• Pixy — a PHP 4 source code scanner for detection of XSS and SQL injection vulnerabilities.
• PMD (software) — a static ruleset based Java source code analyzer that identifies potential problems.
• PyChecker - The original static code analyser for Python.
• pylint - A static code analyser for Python. Works as a plugin to PyDev for the Eclipse IDE.
• RATS — Rough Auditing Tool for Security, which can scan C, C++, Perl, PHP and Python source code.
• Soot — A Java program analysis and compiler optimization framework
• Sparse — a tool designed to find faults in the Linux kernel.
• Splint — an open source evolved version of Lint (C language).

[edit] Commercial products

• Aivosto Oy's - Project Analyzer - Static code analysis tool for VBA, and VB6/VB.net
• Armorize Technologies CodeSecure - source code scanning (PHP, J2EE, ASP, etc.)
• Axivion Bauhaus Suite — a tool for C, C++, Java and Ada code that comprises various analyses such as architecture checking, interface analyses, and clone detection.
• checKing - monitors the quality of software development process, including violations of coding rules for Java, JSP, Javascript, XML and HTML.
• Checkmarx CxSuite - a suite of software which helps developers and auditors identify software security vulnerabilities. Company homepage (http://www.checkmarx.com)
• ClockSharp - checks C# code against the Philips C# coding standard.
• Compuware DevPartner - static code analyzer for .NET (C#, ASP.NET) with Visual Studio 2005 integration
• Coverity Prevent — analyzes C, C++ and Java code.
• DMS Software Reengineering Toolkit — supports custom analysis of C, C++, Java, COBOL, and many other languages.
• Fortify — helps developers identify software security vulnerabilities in C/C++, Java, JSP, Javascript, ASP.NET, C#, VB.NET, PHP, "Classic" ASP, VB, PL/SQL, T-SQL, XML and other languages.
• FxCop — static analysis for Microsoft .NET programs based on IL. Standalone and integrated in some Microsoft Visual Studio editions. From Microsoft.
• Green Hills Software DoubleCheck - static analysis for C and C++ code.
• HP Code Advisor - A static analysis tool for C and C++ programs
• Intel Compiler Suite — The Intel compilers Intel C++ Compiler and Intel_Fortran_Compiler both offer static analysis.
• IntelliJ IDEA — IDE for Java that also provides static code analysis.
• Klocwork K7 — provides security vulnerability and defect detection as well as architectural and build-over-build trend analysis for C, C++ and Java
• Lattix, Inc. LDM - Architecture and dependency analysis tool for Ada, C/C++, Java, .NET software systems.
• LDRA Testbed - A software analysis and testing tool suite for C, C++, Ada83, Ada95 and Assembler (Intel, Freescale, Texas Instruments).
• M Squared Technologies Resource Standard Metrics - source code analysis and metrics (Java, Javascript, etc.)
• Microsoft Visual Studio - Visual Studio Team System includes a static code analyzer.
• MZTools - MZTools 3.0 - Free Static Code Analysis, productivity enhancement tool for VBA.
• NStatic - deep static analysis of C# code.
• Ounce Labs — automated source code analysis that enables organizations to identify and eliminate software security vulnerabilities in languages including Java, JSP, C/C++, C#, ASP.NET, and VB.Net.
• Parasoft - static code analysis and security testing tools for Java, C, C++, C#, .Net, HTML, CSS, JavaScript, VSscript.
• PC-Lint - A multiplatform static code analysis tool by Gimpel Software for C and C++. Also available for the GNU/Linux and Unix operating systems in the form of FlexeLint.
• PolySpace^TM code verifiers by The MathWorks - Software verification for C, C++ and Ada
• QA-C - deep static analysis of C for quality assurance and guideline enforcement.
• ReSharper - Add-on for Visual Studio 2003/2005 from the creators of IntelliJ IDEA, which also provides static code analysis for C#.
• SemmleCode — object oriented code queries for static program analysis.
• SofCheck Inspector — provides static detection of logic errors, race conditions, and redundant code for Java and Ada.
• Sotoarc/Sotograph - Architecture and quality in-depth analysis and monitoring for Java, C#, C and C++
• STAN — Structure Analysis for Java. Eclipse integrated visual dependency analysis, quality metrics and reporting.
• Swat4j — a model based, goal oriented source code auditing tool for Java. Comes as an Eclipse plug-in.
• Telelogic Logiscope RuleChecker (coding standards checking) and Audit (metrics measurement and ISO 9126-based quality modeling) for C, C++, Ada, Java.
• TorqueWrench - A static Java bytecode analysis tool by StackFrame, LLC.
• Understand — analyzes C,C++, Java, Ada, Fortran, Jovial, Delphi — reverse engineering of source, code navigation, and metrics tool.
• Viva64 — analyzes C, C++ code for detect 64-bit portability issues.
• Veracode SecurityReview — an outsourced application security testing and remediation, C, C++, Java, .Net and other languages.
• CodePro Analytix - Static code analysis for Java, integrated with Eclipse.
• Sparrow - C/C++ memory-bug detecting static analyzer.