Static code analysis for vulnerabilities

This page summarizes the projects mentioned and recommended in the original post on

Our great sponsors
  • SonarLint - Deliver Cleaner and Safer Code - Right in Your IDE of Choice!
  • Scout APM - Less time debugging, more time building
  • SaaSHub - Software Alternatives and Reviews
  • infer

    A static analyzer for Java, C, C++, and Objective-C

    Which kind of vulnerabilities ? There's frama-C (free and open source) and Astree (commercial) used in the aerospace industry (,, FB is also developing an open source static analyzer (

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts