Code Analysis Tools

Code Analysis Tools
Name Type Description
BOON academic A model checker that targets buffer-overflow vulnerabilities in C code.
Bugscam open source Checks for potentially dangerous function calls in binary executable code.
Bugscan commercial Checks for potentially dangerous function calls in binary executable code.
CodeAssure commercial General-purpose security scanners for many programming languages.
CodeSonar commercial Checks for vulnerabilities and other defects in C and C++.
CodeSpy open source Security scanner for Java.
Coverty Prevent commercial C/C++ bug checker and security scanner.
Cqual academic C Data-flow analyzer using type/taint analysis. Requires some program annotations.
DevPartner SecurityChecker commercial Security scanner for C# and Visual Basic
flawfinder open source Security scanner for C code.
Fortify Tools commercial General-purpose security scanner for C, C++, and Java.
inForce commercial Checks for vulnerabilities and other defects in C, C++, and Java.
its4 freeware Checks for potentially dangerous function calls in C code.
MOPS academic Checks for vulnerabilities involving sequences of function calls in C code.
Prexis Engine commercial Security scanner for C/C++ and Java/JSP.
Pscan open source Checks for potentially dangerous function calls in C code.
RATS open source Checks for potentially dangerous function calls in C code.
smatch open source C/C++ bug checker and security scanner.
splint open source Checks C code for potential vulnerabilities and other dangerous programming practices.