What's the best free security scan tool for C/C++ files?

This page summarizes the projects mentioned and recommended in the original post on /r/AskNetsec
Static Analysis static-code-analysis Sast static-analyzers Linter

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • semgrep

    Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

    • Or alternatively an upcoming yet experimental one is semgrep https://semgrep.dev/

  • static-analysis

    ⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

    • There's a bunch on https://github.com/analysis-tools-dev/static-analysis

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts