User:Nickj/List of tools for static code analysis

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Anyone is welcome to constructively update this user-page with new information; However if you wish to delete it please email me first, and I will move it off-site.

This is a list of software tools that perform various kinds of static code analysis, grouped by programming language and in alphabetical order:


Borland Delphi[edit]

  • [1] reverse engineering, code navigation, and metrics tool

C and/or C++[edit]







  • JSLint - An online tool which you can also download and run from command line
  • Javascript Lint - A lint like tool for javascript written in C/C++ and based on JavaScript engine for the Firefox browser.
  • JavaScript Reporter - A static JavaScript analyzer/verifier.
  • CloneDR for JavaScript Detects exact and near-miss duplicate code across large code bases.
  • Fortify [2] - See Fortify Source Code Analysis.
  • jsmeter - Javascript code metrics through static analysis. Includes Cyclomatic Complexity, Halstead Metrics, Maintainability Index, etc...
  • Security Reviewer 100+ Rules Specialized for JavaScript and 100+ of Frameworks covered. OWASP, CWE standards. 200+ Quality Metrics. Best Practices. SQALE dashboard.






  • Tcl Cruncher

Verilog & VHDL[edit]

Visual Basic[edit]

Not language-specific[edit]

  • PAG and PAG/WWW - The Program Analyzer Generator, not for a specific language, but for building analyzers.
  • StackAnalyzer - Stack Usage Analysis.
  • CodeHawk™
  • DMS Software Reengineering Toolkit System for implementing custom static analysis tools, with many industrial strength parsers and flow analysis capabilities. Front ends for many langauges/dialects.

Unknown language[edit]

  • Broadway
  • SLAM
  • BOON
  • Kaylo

External links[edit]