Talk:List of tools for static code analysis

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search


Table overview[edit]

Hey, is there anyone with experience with Wikipedia that could convert the Multi-Language tools to a table view? This would be handy to a tool that works across Java, C# and Scala for example. --EmileSonneveld (talk) 14:02, 22 February 2019 (UTC)Reply[reply]

I've done the Ada table as a first task... Andrew D Banks (talk) 15:09, 29 May 2020 (UTC)Reply[reply]

OK... got carried away, and did the rest! Given the overlap between the tables, there is some merit in combining them into one, with "Ada", "C/C++" etc columns. Note: I do not want to do that, given that I'm connected with one of the Companies! Andrew D Banks (talk) 08:07, 16 June 2020 (UTC)Reply[reply]

Some good work by other editors to adapt my suggesion... can we now combine the separate C/C++ and Ada tables (and the other lists?) into the main one, and delete the separate sections? Andrew D Banks (talk) 05:59, 8 June 2021 (UTC)Reply[reply]

Inclusion criteria[edit]

What are the inclusion criteria for this list? The talk page states 'Before adding products to the list, make sure they are notable by having their own article.' Does the product need to have its own page? Or can tools be added by linking to their company's page? In the edit history, there have been a handful of tools removed for which a company page exists. However, there are many examples in this list that link only to company pages, not a standalone article for the tool itself. Having some clarity on the inclusion criteria is needed here. @MrOllie: pinging you since you are very active in removing non-notable tools from the list. Thank you! Cloudorcus (talk) 15:29, 12 November 2020 (UTC)Reply[reply]

It is the tool that must be notable, not the company. See WP:NOTINHERITED. If I haven't noticed some that aren't linked properly, feel free to fix it. - MrOllie (talk) 16:07, 12 November 2020 (UTC)Reply[reply]
@MrOllie: Got it, thank you for the clarification and appreciate your input. I don't feel comfortable making the call to remove tools from this list, so I'll include them below and let you review. Thanks. Cloudorcus (talk) 20:51, 12 November 2020 (UTC)Reply[reply]

Multilanguage

.NET

C, C++

Java

I work for one of the companies on the list, but I find the logic about how notability is established odd. Are we saying that only tools that have their own wiki pages can be listed on this page, or can we establish notability in other ways as well? Seems odd that the list as it stands now excludes static analysis tools from market leading appsec vendors as defined by Gartner, as well as the static analyzer built into GitHub (Semmle/CodeQL). -Tjarrett (talk) 14:16, 9 December 2020 (UTC)Reply[reply]
In particular, Veracode is on the list that is identified as a reference for the article, as well as the list of binary code scanners. (I'd suggest using the binary code scanners and code scanners page as references as well as the source code page that is currently used). The following tools are also listed on those pages from the list above:
  • Micro Focus Fortify Software -- on the WASC page as "HP Fortify Source Code Analyzer by HP"
  • Parasoft and Parasoft dotTEST -- on the WASC page as "Development Testing Platform by Parasoft", on the SAMATE source code scanners list as "dotTEST"
- Tjarrett (talk) 14:33, 9 December 2020 (UTC)Reply[reply]

Is Moose a static code analysis tool?[edit]

I'm not sure if Moose should stay in this list or not. It seems more of a visualizer than an analysis tool. I found one publication showing that it can be used for static analysis but it seems like an edge-case and not the main purpose of the tool. Can someone elaborate on this? It should be removed otherwise. ~ Boro (talk) 23:31, 2 February 2021 (UTC)Reply[reply]

Actuality of list[edit]

I find this table difficult to maintain. Some tools are cross-language and have to be listed several times. Criteria such as 'Duplicate code' might vary strongly, e.g. if one tool is adding the feature or removing it. The free-software tag is tricky, some vendors have free versions, e.g. SonarLint by SonarQube--𝔏92934923525 (talk) 16:04, 15 February 2021 (UTC)Reply[reply]