Tools and Services: Static Analysis

Submit a tool

Tools & Services

Please enter a tool name or keyword

Static Analysis

Tools available on Static Analysis


PVS-Studio is a proprietary static code analyzer. It is intended for locating a wide range of programming errors and vulnerabilities in a source code. One of its distinctive features is the ability to find misprints and copy-pasting errors.

The analyzer supports following languages: C, C++, C++11, C++/CLI, C++/CX.PVS-Studio supports integration with the Visual Studio IDE, but can also be used as a standalone tool for checking C/C++ preprocessed files and intercepting compiler invocations. It supports GCC, Clang, Borland C++ and Visual C++ compilers.

Our Customers: id Software, Intel, Bosch, Microsoft, NVIDIA, Viber, ZeniMAX Media Inc, Tech Soft 3D, Nobel Biocare, etc.



AgitarOne helps you work safer, better, and smarter as you develop and maintain Java applications. AgitarOne JUnit Generator creates thorough JUnit tests on your code, with 80% coverage out of the box! It helps find regressions and makes it safer and easier to improve code, reducing maintenance costs. AgitarOne Agitator helps you understand the behavior of your code as it is written, aiding the prevention of bugs and code complexity. AgitarOne also now provides functional coverage capabilities in and out of the JUnit environment.

All software systems are built to some degree using copy/paste/edit. This is efficient short term because it is code reuse. It is inefficient long term because it is reuse of assumptions (which break) and bugs, and failure to build clean abstractions of useful concepts and their implementation. CloneDR uses precise language parsers to locate duplicated code, in terms of language structures (statement sequences, declarations, methods, ...) including variants which have been edited. This enables management/removal of the clones.

Clover identifies the riskiest code in your projects so you can focus on testing where it'll have the most impact.

Testwell CMT++ calculates the basic McCabe, Halstead, lines-of-code and maintainability Index metrics on C/C++. Configurable alarm limits. Very fast. Can manage huge code volumes. Can be used without included header files and a C/C++ compiler. Easy to read and compact textual and HTML reporting (hierarachical, color-coded, mapped to source files). Can produce Excel and XML data file for customer specific further processing and analysis.

Testwell CMTJava calculates the basic McCabe, Halstead, lines-of-code and maintainability Index metrics on Java. Configurable alarm limits. Very fast. Can manage huge code volumes. Can be used a Java development environment. Easy to read and compact textual and HTML reporting (hierarchical, color-coded, mapped to source files). Can produce Excel and XML data file for customer specific further processing and analysis.

Code Coverage is radically different from other software testing tools.

* Through an innovative strategy, runtime instrumentation gathers coverage information
* Dynamic Code Coverage measures all function in the process, not just a single module
* Measures 3rd party code
* Does not require any recompile, so is easiest to use

Dynamic Code Coverage re-invents the test coverage tool. Dynamic Code Coverage does not require any compile/link time instrumentation. Free Trial.

CodeSonar, GrammaTech's flagship product, identifies programming bugs that can result in system crashes, memory corruption, and other serious problems. CodeSonar's powerful static analysis engine works out-of-the-box, requiring no changes to your existing build system or code. It performs whole-program analysis on codebases over 10 million lines of code. CodeSonar also includes workflow automation features, like an API for custom integrations and support for extensions that add custom checks.

Automating complex analysis and modification tasks on software code requires compiler-accurate processing. DMS provides language-precise parsing for some 30 languages (including tough languages such as C++11, Java and C#), basic language analysis such as symbol tables and control/data flow analysis, pattern matching and transformation, and regeneration of code from transformed structures. Tool builders use the DMS as a foundation for building custom code processing tools; this can literally save years of elapsed development time.

Engine Lab Software is an outsourcing software development company based in Ireland and serving companies from Ireland, UK and America.

Powered by a comprehensive static analysis engine, Klocwork Insight™ combines on-the-fly analysis, drag & drop build reporting and cross-project impact analysis to deliver serious productivity gains to the entire development process. Software teams around the world trust Klocwork Insight to help them develop the most secure and reliable code possible.

Fully integrated with Klocwork Insight™ source code analysis and leading code management tools, Klocwork Inspect™ is a lightweight, web-based collaboration tool that simplifies peer code reviews and helps teams write better code.

Offered as a downloadable Eclipse plug-in, Klocwork Solo® makes Klocwork’s award-winning static analysis technology available as a standalone tool for Java developers focused on mobile app development.

Static analysis and code coverage tool for C, C++, Java, Ada83/Ada95 and Assembler (Intel, Freescale, Texas Instruments). Static analysis features include code visualisation, programming standards checking and complexity metrics. Code coverage is available for different coverage levels including MC/DC level A for the DO-178B standard, regression testing and available for any host/target environment.

The McCabe IQ suite is made up of three multi-platform, multi-language software quality, testing, and security solutions. McCabe IQ Developers Edition uncovers and visualizes risk in the form of source code complexity and security vulnerability, providing a host of metrics. IQ Test Team Edition delivers the most stringent code coverage from LOC to Basis Path level. IQ Enterprise Edition provides all the functionality of the Developers and Test Team Editions, in addition to enterprise reporting and web-enabled test data collection.

PE Explorer provides software engineers the necessary tools for disassembly and inspection of unknown binaries, modifying the properties of executable files and customizing and translating their resources. With PE Explorer, you can apply a professional approach to research and reverse engineering of win32 EXE and DLL files. Leveraging the power of PE Explorer Disassembler, you can rapidly analyze the procedures and libraries an executable uses, view a list of the files that are required for an application to run or for a DLL to load.

Project Analyzer is a Visual Basic source code analyzer, optimizer, and documentor. Detect dead code and remove it. Diagram your systems. Surf your code as hypertext and graphical call trees. Document your work with a large selection of reports. Project Analyzer does an automatic code review to enforce configurable programming standards. It detects problems such as dead code and possible memory leaks. Supports VB 3-6, VBA and VB.NET.

IBM Rational AppScan is an industry-leading Web application security testing solutions that scans and tests for all common web application vulnerabilities—including those identified in the WASC threat classification—such as SQL-Injection, Cross-Site Scripting and Buffer Overflow.

Regular "diff" is line oriented; programmers think in terms of language structures. SmartDifferencer compares two source files using precise language parsers to determine code structure, and reports differences in terms of language structures (identifier, expression, statement, block, method) regardless of format layout. Changes are reported as plausible edits: copy, move, insert, delete, and rename-identifier-in-block. This reduces the amount of deltas compared to typical diff, and thus makes code reviews much easier.

SplineTech JavaScript HTML Debugger is an award-winning JavaScript Debugger that enables you to easily edit and debug JavaScript and VBScript inside HTML pages. Client-Side JavaScript, JScript and VBScript debugging languages are fully supported for simple and complex HTML and DHTML debugging scenarios.

Structure101 Build6 comprises a simple but powerful set of command line utilities, that integrates easily with almost any continuous integration environment, including off-the-shelf integration with Hudson/Jenkins, Maven and Sonar.

TBvision provides transparency into source code, enabling managers, teams and developers to better monitor testing, quality metrics, memory errors and security vulnerabilities.

Recognising the increased need for graphical ability to show code quality, fault detection and avoidance measures, TBvision incorporates next-generation reporting capabilities. As a highly flexible solution, TBvision provides users with the ability to quickly and easily view results in call graphs, flow graphs and code review reports for graphical feedback.

Upcoming Events

Sep 22
Oct 13
Apr 27