infer
A static analyzer for Java, C, C++, and Objective-C (by facebook)
SonarQube
Continuous Inspection (by SonarSource)
Our great sponsors
| infer | SonarQube | |
|---|---|---|
| 24 | 45 | |
| 13,291 | 6,824 | |
| 1.2% | 2.6% | |
| 9.7 | 9.9 | |
| 6 days ago | about 16 hours ago | |
| OCaml | Java | |
| MIT License | GNU Lesser General Public License v3.0 only |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
infer
Posts with mentions or reviews of infer.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-03-28.
-
How to use Coq and C in practical software development for "verified C"?
Also, a much more realistic approach would be to use static analyzers, such as fbinfer: https://fbinfer.com/
-
How to make develop C application easier?
There are also static analyzers, for example PVS-Studio which is commercial and solid: https://pvs-studio.com/en/ The GCC compiler, starting with version 10, has a static analyzer that you activate with the “-fanalyzer” option. It’s still quite limited but I use it. Be sure the get GCC version 11.2 or later because the analyzer got much better after version 10. Facebook has a no-cost analyzer, but I haven’t tried it yet: https://fbinfer.com/
-
Meta Open-Sources A Compositional Deadlock Detector for Android Java
The research team at Meta has developed a new static analyzer that catches deadlocks in Java code for Android without ever running the app. What distinguished this work from past efforts is its ability to analyze revisions within large software libraries with hundreds of millions of lines–enough time and space so problems can be found before they manifest themselves as bugs or crashes. The proposed analyzer is open-sourced and forms part of the Infer static analysis framework.
- infer - A static analyzer for Java, C, C++, and Objective-C open-sourced by Facebook
-
Hacker News top posts: Mar 5, 2022
A tool to detect bugs in Java and C/C++/Objective-C code before it ships\ (22 comments)
SonarQube
Posts with mentions or reviews of SonarQube.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-04-18.
-
Do I need to hire someone to look over my Django project for security problems before launching it to production?
And run a security scan like Sonarqube: https://www.sonarqube.org
-
The Engineer's Guide to Creating a Technical Debt Proposal🗺🧭
2. Static analyser tools such as SonarQube are used to analyse source code in search of technical debt.
-
Seriously who cares about the warnings
Never had anything like that though for four years my life revolved around getting PMD, checkstyle and Sonar rules to pass so my pull request would merge.
-
Starting new role as senior manager - I want to change the way how team builds software - I need your feedback.
Love it and have a suggestion: Use SonarQube. We set up the free version and use open-source plugins where needed. Set clear expectations for metrics like Cyclomatic complexity, code duplication, no critical/high vulnerabilities, % of test coverage. Leave no doubt what the expecations are, track progress over time, and if you do need to make resource changes, you will have objective data to use to make your decisions.
- Estabelecendo um processo fundamental de revisão de código
-
Modern StyleCop alternative? Advice appreciated.
I'm surprised none mentioned it, but check out https://www.sonarqube.org/
-
Measuring code quality in an app?
I recommend https://www.sonarqube.org/ in a heartbeat. I used it in my last two jobs and never looked back
-
A simple terminal Wordle in pure go
Check out SonarCube to see how much “cognitive load” your code puts devs through. Use Docker for a quick setup.
-
What is your CI/CD pipeline like?
SonarQube (formerly Sonar) looks for code smells, security no-no's and common bugs. It also shows you all kinds of statistics and breakdowns by project / file / contributor / whatever. It's a pretty nifty tool; it's also pretty effective at keeping egos in check.
-
Review Pull Requests 3x faster, ... then 10x faster
SonarQube
What are some alternatives?
When comparing infer and SonarQube you can also consider the following projects:
Spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
Checkstyle - Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
Error Prone - Catch common Java mistakes as compile-time errors
PMD - An extensible multilanguage static code analyzer.
FindBugs - The new home of the FindBugs project
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities.
Zed - The OWASP ZAP core project
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
swagger-ui - Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.