代码静态检查工具汇总 c静态代码检查工具

工具名 静态扫描语言 开源/付费 厂商 介绍 主页网址 ounec5.0 VB.Net、C、C++和C#,

还支持Java。 付 费 Ounce Labs http://www.ouncelabs.com/

Coverity Prevent C/C++,C#,JAVA 付费 Coverity 还有其他辅助工具:

1.Coverity Thread Analyzer for Java

2.Coverity Software Readiness Manager for Java

3.Coverity Architecture Analyzer http://www.coverity.com/index.html

@stake SmartRisk?

Analyzer C/C++,Java 付费 Symantec

Corporation @stake SmartRisk? Analyzer harnesses the power of

static analysis of binary executables (C, C++, and Java) to

identify, categorize and prioritize security。

注:在Symantec没有搜到此产品?! http://www.symantec.com/business/index.jsp

Rational Purify C/C++,Java 付费 IBM Provides memory leak and memory corruption detection for

Windows,Runtime?! http://www-01.ibm.com/software/awdtools/purify/

PREfix microsoft 微软用的静态分析工具,但暂时没有找到下载,

现在好像在考虑发布中!

Jtext Java 付费 parasoft 同时还有其他静态分析代码的产品,如:C++Test...

详细请查询官网 http://www.parasoft.com/jsp/cn/support.jsp

flawfinder C/C++ 开源 用Python编写的c、c++程序安全审核工具,

可以检查潜在的安全风险。 http://www.dwheeler.com/flawfinder/

Static Code

Analyzer C/C++,C#,JAVA 付费 Fortify http://www.fortify.com/

Klocwork Insight C/C++ ,Java 付费 Klocwork http://www.klocwork.com/products/insight.asp

PolySpace

Client/Server C/C++、Ada语言 付费 MathWorks http://www.mathworks.cn/

rats C/C++, Python,

Perl,

PHP代码进行安全审核的工具 开源 http://www.fortify.com/security-resources/rats.jsp

LAPSE Java 开源 LAPSE stands for a Lightweight Analysis for Program

Security in Eclipse. LAPSE is designed to help with

the task of auditing Java J2EE applications for common

types of security vulnerabilities found in Web applications.

LAPSE was developed by Benjamin Livshits as part of the

Griffin Software Security Project. http://www.owasp.org/index.php/Category:OWASP_LAPSE_Project

Fluid java 开源 We have explored properties including:

* race conditions and locking policies,

* unique references and other programmer-significant

aliasing properties,

* effects,

* appropriate typing,

* realtime threading policies, and

* single-threading policies. http://www.fluid.cs.cmu.edu:8080/Fluid

Splint C 开源 University of

Virginia,

Department of

Computer

Science 静态检测针对C语言的安全工具和漏洞检测。 http://www.splint.org/

cqual C/C++ 开源 马里兰大学 轻量级的静态扫描器,在类Linux系统下运行。 http://www.cs.umd.edu/~jfoster/cqual/

MOPS C 开源 berkeley大学 MOPS is a tool for finding security bugs in C programs

and for verifying conformance to rules of defensive programming http://www.cs.berkeley.edu/~daw/mops/

BOON C 开源 berkeley大学 BOON is a tool for automatically finding buffer overrun

vulnerabilities in C source code. Buffer overruns are one

of the most common types of security holes, and we hope

that BOON will enable software developers and code auditors

to improve the quality of security-critical programs. http://www.cs.berkeley.edu/~daw/boon/

BLAST C 开源 The BLAST

2.0 Team BLAST is a software model checker for C programs.

The goal of BLAST is to be able to check that software

satisfies behavioral properties of the interfaces it uses.

BLAST uses counterexample-driven automatic abstraction

refinement to construct an abstract model which is model

checked for safety properties. The abstraction is constructed

on-the-fly, and only to the required precision. http://mtc.epfl.ch/software-tools/blast/

SpikeWAMP Php 开源 for analyzing PHP programs http://developer.spikesource.com/wiki/index.php/SpikeWAMP

Pixy Php 开源 Finding XSS and SQLI vulnerabilities http://pixybox.seclab.tuwien.ac.at/pixy/

Mike Java 开源 Java source code security scanner built on top of Orizon.

They are connected to OWASP. http://milk.sourceforge.net/download.html

Smatch C 开源 http://smatch.sourceforge.net/

Oink C++ 开源 C++ Static Analysis Tools http://www.cubewano.org/oink

Frama-C C 开源 static analyzers for the C language. http://frama-c.cea.fr/

RTL-check 开源 RTL-check is an extensible and powerful abstract interpretation

framework for static analysis of programs from a safety and

security perspective http://rtlcheck.sourceforge.net/

PMD Java 开源 PMD scans Java source code and looks for potential problems like:

* Possible bugs - empty try/catch/finally/

switch statements

* Dead code - unused local variables, parameters

and private methods

* Suboptimal code - wasteful String/StringBuffer usage

* Overcomplicated expressions - unnecessary if statements,

for loops that could be while loops

* Duplicate code - copied/pasted code means copied/pasted bugs http://pmd.sourceforge.net/

FindBugs Java 开源 马里兰大学 uses static analysis to look for bugs in Java code.

注意:提供Eclipse插件。 http://findbugs.sourceforge.net/

ITS4 CC++ 开源 Cigital developed ITS4 to help automate source code
代码静态检查工具汇总 c静态代码检查工具

review for security. http://www.cigital.com/its4/

QJ-Pro Java 开源 QJ-Pro is a comprehensive software inspection tool targeted

towards the software developer.

QJ-Pro checks:

* conformance to coding standards,

* misuse of the Java language,

* best practice conformence

* code structure and

* potential bugs at the earliest stages of development.

注意:提供各种IDE插件! http://qjpro.sourceforge.net/

Jint Java 开源 Jlint will check your Java code and find bugs, inconsistencies

and synchronization problems by doing data flow analysis and

building the lock graph. http://artho.com/jlint/

Hammurapi Java 开源 code review system captures coding best practices and delivers

them to developers' fingertips. It also generates consolidated

reports for lead developers, architects, and managers to

monitor codebase quality and evolution. http://www.hammurapi.biz/hammurapi-biz/ef/xmenu/hammurapi-group/index.html

DoctorJ Java 开源 Among what it detects:

* misspelled words

* parameter and exception names:

o missing

o misordered

o misspelled

* Javadoc tags:

o invalid

o misordered

o missing expected arguments

o invalid arguments

o missing descriptions

* undocumented classes, methods, fields,

parameters http://www.incava.org/projects/java/doctorj/index.html

Dependency Finder Java 开源 Dependency Finder is a suite of tools for analyzing

compiled Java code. At the core is a powerful dependency

analysis application that extracts dependency graphs and

mines them for useful information. This application comes

in many forms for your ease of use, including command-line

tools, a Swing-based application, a web application ready

to be deployed in an application server, and a set of Ant

tasks. http://depfind.sourceforge.net/

Checkstyle Java 开源 Checkstyle is a development tool to help programmers

write Java code that adheres to a coding standard.

It automates the process of checking Java code to spare

humans of this boring (but important) task. This makes

it ideal for projects that want to enforce a coding standard.

注意:提供多种IDE的插件。 http://checkstyle.sourceforge.net/

Classycle Java 开源 Classycle's Analyser analyses the static class and package

dependencies in Java applications or libraries. http://classycle.sourceforge.net/

JDepend Java 开源 JDepend traverses Java class file directories and generates

design quality metrics for each Java package.

JDepend allows you to automatically measure the quality

of a design in terms of its extensibility, reusability,

and maintainability to manage package dependencies effectively. http://www.clarkware.com/software/JDepend.html

JCSC Java 开源 JCSC is a powerful tool to check source code against a highly

definable coding standard and potential bad code. http://jcsc.sourceforge.net/

  

爱华网本文地址 » http://www.413yy.cn/a/25101013/182670.html

更多阅读

C语言--静态变量和动态变量初始化区别 c语言局部变量初始化

补充:c里等号的意义是分两种情况,一种是在表达式里,而另一种是在变量声明中。 在变量声明中的等号不可以看作是赋值,它只是初始化,也就是说它的意义只是告诉编译器如何初始化这个内存空间。而表达式中的 =就是赋值的意思了。 自动变量和

多旺旺代码在哪里? 旺旺号在哪里看

第一步:打开官方多旺旺代码生成器:http://www.alibaba.com/help/atm-url-generator.html第二步:选择头像风格(静态和动态各两个风格可选)=> 填写账号相关信息=> 生成代码=> 复制代码。

VBS代码格式化工具的源码 代码格式化 源代码

VBS代码格式化工具的源码:━━━━━━━━━━━━━━━━━━━━━━━━━OptionExplicitIfWScript.Arguments.Count=0ThenMsgBox"请将要格式化的代码文件拖动到这个文件上",vbInformation,"使用方法"WScript.QuitEndIf '作者:D

声明:《代码静态检查工具汇总 c静态代码检查工具》为网友木朵分享!如侵犯到您的合法权益请联系我们删除