List Of Tools For Static Code Analysis
   HOME
*





List Of Tools For Static Code Analysis
This is a list of notable tools for static program analysis (program analysis is a synonym for code analysis). Static code analysis tools Languages Ada * * * * * * * * * * * C, C++ * * * * * * * * * * * * * * * * * * * * * * * * * * Fortran * ''Fortran- Lint'' (Information Processing Techniques, Inc) IEC 61131-3 * CODESYS Static Analysis integrated add-on for CODESYS (application code realized e.g. in ST, FBD, LD) Java * * * * * * * JavaScript * ESLint JavaScript syntax checker and formatter. * Google's Closure Compiler JavaScript optimizer that rewrites code to be faster and smaller, and checks use of native JavaScript functions. * JSHint A community driven fork of JSLint. * JSLint JavaScript syntax checker and validator. * Semgrep A static analysis tool that helps expressing code standards and surfacing bugs early. A CI service and a rule library is also available. Julia JET.jl*StaticLint.jl(a li ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Manual Of Style/Stand-alone Lists
Manual may refer to: Instructions * User guide * Owner's manual * Instruction manual (gaming) * Online help Other uses * Manual (music), a keyboard, as for an organ * Manual (band) * Manual transmission * Manual, a bicycle technique similar to a wheelie, but without the use of pedal torque * Manual, balancing on two wheels in freestyle skateboarding tricks * '' The Manual (How to Have a Number One the Easy Way)'' is a 1988 book by Bill Drummond and Jimmy Cauty See also * Instructions (other) * Tutorial A tutorial, in education, is a method of transferring knowledge and may be used as a part of a learning process. More interactive and specific than a book or a lecture, a tutorial seeks to teach by example and supply the information to complete ...
{{disambiguation ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Python (programming Language)
Python is a high-level, general-purpose programming language. Its design philosophy emphasizes code readability with the use of significant indentation. Python is dynamically-typed and garbage-collected. It supports multiple programming paradigms, including structured (particularly procedural), object-oriented and functional programming. It is often described as a "batteries included" language due to its comprehensive standard library. Guido van Rossum began working on Python in the late 1980s as a successor to the ABC programming language and first released it in 1991 as Python 0.9.0. Python 2.0 was released in 2000 and introduced new features such as list comprehensions, cycle-detecting garbage collection, reference counting, and Unicode support. Python 3.0, released in 2008, was a major revision that is not completely backward-compatible with earlier versions. Python 2 was discontinued with version 2.7.18 in 2020. Python consistently ranks as ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Dynamic Application Security Testing
A dynamic application security testing (DAST) is a non functional testing process where one can assess an application using certain techniques and the end result of such testing process covers security weaknesses and vulnerabilities present in an application. This testing process can be carried out either in manual way or by using automated tools. Manual assessment of an application involves a more human intervention to identify the security flaws which might slip from an automated tool. Usually business logic errors, race condition checks, and certain zero day vulnerabilities can only be identified using manual assessments. On the other side, a DAST tool is a program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. It performs a black-box test. Unlike static application security testing tools, DAST tools do not have access to the source code and therefore d ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Static Application Security Testing
Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash. Unlike dynamic application security testing (DAST) tools for black-box testing of application functionality, SAST tools focus on the code content of the application, white-box testing. A SAST tool scans the source code of applications and its components to identify potential security vulnerabilities in their software and architecture. Static analysis tools can detect an estimated 50% of existing security vulnerabilities. In SDLC, SAST is performed early in the development process and at code level, and also when all pieces of code and componen ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  




Code Dx
Code Dx refers to both a software company (Code Dx, Inc.) and its flagship product, a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools. Overview Code Dx, Inc. is a software technology company that produces tools designed for software developers and cybersecurity analysts to help them identify and manage security vulnerabilities in the software that they write. It was spun off from its parent companyApplied Visions, Inc. in 2015. History Applied Visions, Inc. has a divisionSecure Decisions that specializes in conducting cyber security research for the U.S. government. Secure Decisions was granted funding by the Department of Homeland Security (DHS) Science and Technology Directorate through the Small Business Innovation Research (SBIR) program to research and develop software in order to ensure that application code is secure and compliant with regulations and industry best practices in ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Coccinelle (software)
Coccinelle ( French for ''ladybug'') is an open-source utility for matching and transforming the source code of programs written in the C programming language. Utility Coccinelle was initially used to aid the evolution of the Linux kernel, providing support for changes to library application programming interfaces (APIs) such as renaming a function, adding a function argument whose value is somehow context-dependent, and reorganizing a data structure. It can also be used to find defective programming patterns in code (i.e., pieces of code that are erroneous with high probability such as possible NULL pointer dereference) without transforming them. Then ''coccinelles role is close to that of static analysis tools. Examples of such use are provided by the applications of the herodotos' tool, which keeps track of warnings generated by ''coccinelle''. Support for Coccinelle is provided by IRILL. Funding for the development has been provided by the Agence Nationale de la Rec ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Xcode
Xcode is Apple's integrated development environment (IDE) for macOS, used to develop software for macOS, iOS, iPadOS, watchOS, and tvOS. It was initially released in late 2003; the latest stable release is version 14.2, released on December 13, 2022, via the Mac App Store with macOS Monterey. The software suite is offered free of charge. Registered developers can download preview releases and prior versions of the suite through the Apple Developer website. Xcode includes command-line tools which enable UNIX-style development via the Terminal app in macOS. They can also be downloaded and installed without the GUI. Major features Xcode supports source code for the programming languages: C, C++, Objective-C, Objective-C++, Java, AppleScript, Python, Ruby, ResEdit (Rez), and Swift, with a variety of programming models, including but not limited to Cocoa, Carbon, and Java. Third parties have added support for GNU Pascal, Free Pascal, Ada, C#, Go, Perl, and D. Xcode can build ' ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Clang
Clang is a compiler front end for the C, C++, Objective-C, and Objective-C++ programming languages, as well as the OpenMP, OpenCL, RenderScript, CUDA, and HIP frameworks. It acts as a drop-in replacement for the GNU Compiler Collection (GCC), supporting most of its compilation flags and unofficial language extensions. It includes a static analyzer, and several code analysis tools. Clang operates in tandem with the LLVM compiler back end and has been a subproject of LLVM 2.6 and later. As with LLVM, it is free and open-source software under the Apache License 2.0 software license. Its contributors include Apple, Microsoft, Google, ARM, Sony, Intel, and AMD. Clang 14, the latest major version of Clang as of March 2022, has full support for all published C++ standards up to C++17, implements most features of C++20, and has initial support for the upcoming C++23 standard. Since v6.0.0, Clang compiles C++ using the GNU++14 dialect by default, which includes features from the C+ ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


BLAST Model Checker
The Berkeley Lazy Abstraction Software verification Tool (BLAST) is a software model checking tool for C programs. The task addressed by BLAST is the need to check whether software satisfies the behavioral requirements of its associated interfaces. BLAST employs counterexample A counterexample is any exception to a generalization. In logic a counterexample disproves the generalization, and does so rigorously in the fields of mathematics and philosophy. For example, the fact that "John Smith is not a lazy student" is a ...-driven automatic abstraction refinement to construct an abstract model that is then model-checked for safety properties. The abstraction is constructed on the fly, and only to the requested precision (arithmetic), precision. Achievements BLAST came first in the category DeviceDrivers64 in the 1st Competition on Software Verification (2012) that was held at TACAS 2012 in Tallinn. BLAST came third (category DeviceDrivers64) in the 2nd Competition on Software V ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  




Axivion Bauhaus Suite
The Bauhaus project is a software research project collaboration among the University of Stuttgart, the University of Bremen, and a commercial spin-off company Axivion formerly called Bauhaus Software Technologies. The Bauhaus project serves the fields of software maintenance and software reengineering. Created in response to the problem of software rot, the project aims to analyze and recover the means and methods developed for legacy software by understanding the software's architecture. As part of its research, the project develops software tools (such as the Bauhaus Toolkit) for software architecture, software maintenance and reengineering and program understanding.Quigley, Aaron J. Large Scale Relational Information Visualization, Clustering, and Abstraction'', pp. 155-159. Doctoral dissertation. Department of Computer Science and Software Engineering, University of Newcastle, August, 2001. The project derives its name from the former Bauhaus art school. History The Bauha ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Motor Industry Software Reliability Association
Motor Industry Software Reliability Association (MISRA) is an organization that produces guidelines for the software developed for electronic components used in the automotive industry.http://www.misra.org.uk The MISRA web site. It is a collaboration between vehicle manufacturers, component suppliers and engineering consultancies. In 2021, the loose consortium restructured as The MISRA Consortium Limited. Aim The aim of this organization is to provide important advice to the automotive industry for the creation and application of safe, reliable software within vehicles. The safety requirements of the software used in Automobiles is different from that of other areas such as healthcare, industrial automation, aerospace etc. The mission statement of MISRA is "To provide assistance to the automotive industry in the application and creation within vehicle systems of safe and reliable software". Formation MISRA was formed by a consortium of organizations formed in response to the UK S ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Astrée (static Analysis)
Astrée ("Analyseur statique de logiciels temps-réel embarqués") is a static analysis, static analyzer based on abstract interpretation. It analyzes programs written in C (programming language), the C programming language and outputs an exhaustive list of possible runtime errors and assertion (programming), assertion violations. The defect classes covered include division by zero, divisions by zero, buffer overflows, dereferences of null pointer, null or dangling pointers, data races, deadlocks, etc. Astrée includes a static taint checking, taint checker and helps finding Vulnerability (computing), cybersecurity vulnerabilities, such as Spectre (security vulnerability), Spectre. The tool is tailored towards safety-critical embedded code: specific analysis techniques are used for common control theory constructs (finite state machines, digital filters, rate limiters...) and floating-point numbers. Concurrent code is analyzed with a sound interleaving semantics that is aware of the ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]