Software Alternatives & Reviews

Top 9 C++ Static Code Analysis Tools

  1. Klocwork is a static code analysis and SAST tool for C, C++, C#, Java, and JavaScript.
    Klocwork by Perforce is a leader when it comes to C++ static code analysis tools. There is a reason it’s an industry leader; it specializes in large codebases, which is a big plus. It has more than 1K checkers and it offers the possibility to create custom checkers. It considers false positives and false negatives (which some tools fail to do), and it is one of the few tools that provide differential analysis, which means you get the shortest possible analysis times for new and changed code. And… it’s not just another static analysis tool – it’s also a SAST (static application security testing) tool, so the security aspect is pretty much covered. Additionally, it integrates with many IDEs and CI/CD tools. Finally, we can’t just ignore the fact it has an amazing integration with Incredibuild to accelerate the execution of its analysis.

    #Code Analysis #Code Coverage #Code Review

  2. Cppcheck is an analysis tool for C/C++ code. It detects the types of bugs that the compilers normally fail to detect. The goal is no false positives. CppCheckDownload cppcheck for free.
    Pricing:
    • Open Source
    Cppcheck is a popular, open-source, free, cross-platform static code analysis tool dedicated to C and C++. It is known for being easy to use and its simplicity is one of its pros. To get started with it you don’t have to do any adjustments or modifications, which is why it’s often recommended for beginners. It also has a reputation of reporting a relatively small number of false positives, or at least that’s the tool’s aspiration.

    #Code Analysis #Code Coverage #Code Review 9 social mentions

  3. Master Your C and C++ Codebase with Precision and Insight
    Pricing:
    CppDepend is a commercial static code analysis tool for C++. It can complement other static code analysis tools quite easily as it focuses on analyzing and visualizing the code base architecture (for example, whether it is layered correctly, dependencies-wise), rather than on revealing errors. Speaking of dependencies, its Dependency Graph feature is something to write home about, and so is its trend monitoring capabilities (what has been changed between builds). Like Klocwork, it also allows you to write custom rules.

    #Code Coverage #Code Analysis #Code Quality 4 user reviews

  4. Ensure compliance with a variety of functional safety, security, and coding standards in embedded C/C++ software.

    #Code Analysis #Code Coverage #Development

  5. PVS-Studio is a useful piece of software for detecting problems in source code. The software examines program codes written in C, C++, and C# for any problems that might prohibit the code from functioning properly.

    #Code Analysis #Code Coverage #Code Review 8 social mentions

  6. Synopsys offers Static Application Security Testing solutions to find and eliminate software security vulnerabilities within the code.
    Coverity static analysis is well known. The solution locates errors and weaknesses as the code is being written, saving a lot of time and hassle. Additionally, it has a free cloud-based service, Coverity Scan, for the benefit of the open-source community. It’s considered very accurate and comprehensive, providing deeper analysis than many other tools, basing its checkers on analysis of over 10 billion lines of code!

    #Code Coverage #Code Quality #Code Analysis

  7. Polyspace is a suite of static code analysis products developed by Matlab to help software developers, QA Testers, and engineers find critical problems in their code and fix them before they become a serious threat.
    Polyspace is a static analysis tool that identifies and fixes, or proves the absence of, potential run-time errors (such as divide-by-zero) and checks if the source code follows code standards like MISRA C, MISRA C++, and JSF++. In addition, it highlights unproven checks that must be reviewed manually. It is commonly used in the embedded software arena (especially in transportation, such as automotive, aerospace, and railway transport, where safety is of the essence).

    #Development #Tool #Code Analysis

  8. David A. Wheeler's Page for Flawfinder
    Flawfinder is a free open-source tool developed by security expert David A. Wheeler. It focuses, not surprisingly, mainly on locating security flaws (hence the name), sorted by risk level (the riskiest first). It is pretty straightforward, simple and fast, which is why a lot of beginners use it.

    #Code Analysis #Code Coverage #Development

  9. Perforce Helix QAC is a handy, reliable, and highly rated Static Code Analysis solution that aids you in the process of finding vulnerabilities and problems within your C/C++ code.
    Helix QAC is yet another excellent code analysis tool by Perforce for C and C++ that is popular amongst “tightly regulated and safety-critical industries” such as automotive. It also automatically enforces coding standards, such as MISRA®, which ensures your code is compliant.

    #Development #Tool #Code Analysis

Discuss: Top 9 C++ Static Code Analysis Tools

Log in or Post with