Static code analysis
Static code analysis helps identify code vulnerabilities (and performance issues) before code makes it to production. Most ‘code coverage’ tools require the full source code (compilable source code) to run analysis. However, some tools such as FxCop can work against compiled code as well.
Cross Platform – J2EE and .NET Static Code Scan
- SonarQube – Free
HP Fortify – Paid
Leave a Reply