Verisec suite: a benchmarking suite of code examples, for for the evaluation of model-checkers and static analysis tools cs.toronto.edu/~tomhart/v…
πŸ‘︎ 11
πŸ’¬︎
πŸ‘€︎ u/galapag0
πŸ“…︎ Jun 03 2013
🚨︎ report
Show /r/Python: Dlint, a static analysis tool for helping ensure Python code is secure github.com/duo-labs/dlint
πŸ‘︎ 9
πŸ’¬︎
πŸ‘€︎ u/Schwag
πŸ“…︎ Jul 17 2019
🚨︎ report
SAP/vulnerability-assessment-tool - Analyses your Java and Python applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://sap.github.io/vulnerability-assessment-tool/ github.com/SAP/vulnerabil…
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/LinkDropper
πŸ“…︎ Jan 15 2020
🚨︎ report
List of Haskell static code analysis software github.com/razvan-flavius…
πŸ‘︎ 35
πŸ’¬︎
πŸ‘€︎ u/razvanpanda
πŸ“…︎ Sep 16 2019
🚨︎ report
Static code analysis tools for TODOS

Hi, I want my Maven build to fail when there are TODOs in my code. The problem is I would only want to fail TODOs, which are not containing a valid issue tracker (like JIRA task) identifier. TODOs with issue ID are ok.

Do you have any suggestions for existing third party tools? I could implement custom Sonar rule, but I would prefer existing solution when available. Also, it would be plus if it works not only with Java code, but also Javascript.

Thanks.

πŸ‘︎ 8
πŸ’¬︎
πŸ‘€︎ u/vojtechruzicka
πŸ“…︎ Jun 20 2017
🚨︎ report
Continuous Integration command line tools for git repositories, file characteristics, syntax errors and static source code analysis. github.com/cytopia/awesom…
πŸ‘︎ 20
πŸ’¬︎
πŸ‘€︎ u/cytopia
πŸ“…︎ Jun 12 2018
🚨︎ report
How To Get An In Depth Insight Of Your .Net Source Code With NDepend static analysis tool doumer.me/how-to-get-an-i…
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/Damien_Doumer
πŸ“…︎ Sep 01 2018
🚨︎ report
How To Get An In Depth Insight Of Your .Net Source Code With NDepend static analysis tool doumer.me/how-to-get-an-i…
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/Damien_Doumer
πŸ“…︎ Sep 02 2018
🚨︎ report
Static Analysis Tools for Android Source Code?

Beyond lint or using static analysis tools for Java server side applications, anything of interest?

πŸ‘︎ 7
πŸ’¬︎
πŸ‘€︎ u/tidderkrow
πŸ“…︎ Jun 24 2014
🚨︎ report
C# Static Analysis Tool Roslynator.Analyzers Now Has over 500 Ways to Improve Code infoq.com/news/2020/01/ro…
πŸ‘︎ 151
πŸ’¬︎
πŸ‘€︎ u/grauenwolf
πŸ“…︎ Feb 02 2020
🚨︎ report
What's a good and free static code analysis tool?

Hi, I'm looking for a fairly comprehensive static code analysis tool. The programming language I'm using is Java on Windows 10 platform.

I've used VisualCodeGrepper but it seems to miss out some obvious vulnerabilities everytime. Is there a better tool out there that I should try out? I can run the analysis on an Ubuntu machine if that'll make my life easier. Thanks in advance!

πŸ‘︎ 16
πŸ’¬︎
πŸ“…︎ Feb 05 2018
🚨︎ report
Fortran Static Code Analysis Tool

Has anyone found a good open source program that does FORTRAN Static Code Analysis for Windows, specifically that will work on windows 10? All my internet searches have yielded ones that require payment and largely look to be for commercial deployment and without knowing anything about them I don’t want to blindly pay for them.

I’ve looking for something similar to the program cppcheck which I’ve used on C/C++ code and it works extremely well.

πŸ‘︎ 6
πŸ’¬︎
πŸ‘€︎ u/buddman014
πŸ“…︎ Jun 21 2019
🚨︎ report
A Golang tool that does static analysis, unit testing, code review and generate code quality report. github.com/360EntSecGroup…
πŸ‘︎ 10
πŸ’¬︎
πŸ‘€︎ u/fiisio
πŸ“…︎ Aug 16 2017
🚨︎ report
Lint your Ruby code with Overcommit and static analysis tools medium.com/@kirill_shevch…
πŸ‘︎ 33
πŸ’¬︎
πŸ‘€︎ u/kirill_shevch
πŸ“…︎ Oct 20 2017
🚨︎ report
Manual code review and static code analysis tools

Hi!

Do you use any manual code review and/or static code analysis tools? Thoughts? If yes, which are the biggest pain points you have?

πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/mfocaraccio
πŸ“…︎ Jan 21 2015
🚨︎ report
Typehint and return type checker. typhp is a simple tool checks whether type hint for arguments or return type declared. Unlike static analysis tools, it doesn't point out possible errors and issues but suggests typehint everything possible. https://github.com/seferov/typhp github.com/seferov/typhp
πŸ‘︎ 39
πŸ’¬︎
πŸ‘€︎ u/MrSafarov
πŸ“…︎ Oct 17 2019
🚨︎ report
Static analysis tools you use in CI for your cpp projects?

Hey everyone, I've been tasked with finding out what kinds of tooling different programming communities use. I have found a similar thread dated 2017 here, but obviously there've been changes over the last three years. As such, people advised the OP to get any static analyzers they can get their hands on and integrate them into their CI β€” yet no many specific namedrops.

So the question is when it comes to CI pipeline in your C++ projects, which checkers do you use? I guess clang-tidy is pretty much a given, but anything else specifically? I know I could just go and google a list of best static analyzers for C++, but what I'm interested in is what tools people actually use for their projects.

Also, why are you using specifically those tools and not the others? Is there anything missing, some needs that weren't covered by your tools just yet? Are there any things you have to integrate over and over again for many projects in order to keep your C++ codebase neat and less error-prone?

πŸ‘︎ 9
πŸ’¬︎
πŸ‘€︎ u/Alena_dev
πŸ“…︎ Mar 09 2020
🚨︎ report
Static analysis of OpenCvSharp wrapper for OpenCV source code habr.com/en/company/pvs-s…
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/atomlib_com
πŸ“…︎ Oct 29 2019
🚨︎ report
recommended C++ tools for linux? (profiler, static analysis, etc)?

Hey guys,

I'm just getting back to C++ after years of not using it. I've always been super fond of it, but the money took me elsewhere for a while. I've always tracked a lot of the new changes, but I'm just now starting to develop in it again in my spare time.

I'm currently using clion in Ubuntu 17.10 and I'm curious about which tools are recommended and how best to use them.

In particular, performance profiling and static analysis. I was looking at cachegrind, but it looks like it tracks instructions rather than time so isn't useful against I/O bound apps. Maybe the gperftools?

As for static analysis, I really have no idea what's out there.

And any other tools you would recommend for keeping C/C++ code safe and performant, etc?

Also, sorry if this is the wrong subreddit. I looked at /r/cpp_questions, but this didn't really seem to fit there based upon what I was seeing in the subreddit.

edit:

thanks for all the info guys, there's a lot here and I'm going to have to sift through it all. So far I've added a ton of -W flags to gcc and gotten cppcheck up and running. Between the cppcheck and squashing the various warnings I've already caught several bugs so I'm super happy with the decision to try and get more tools into my workflow.

πŸ‘︎ 55
πŸ’¬︎
πŸ‘€︎ u/philocto
πŸ“…︎ Dec 19 2017
🚨︎ report
1.0 release of detekt (static analysis tool) arturbosch.github.io/dete…
πŸ‘︎ 58
πŸ’¬︎
πŸ‘€︎ u/puck_man9
πŸ“…︎ Aug 13 2019
🚨︎ report
Static Code analysis for R

Hello Fellow members, I am using RStudio-1.2.5033 and R version 3.3.2 (2016-10-31). I am looking for a tool or a package that does static analysis of ".R" files . I was wondering whether there is a package like there is pylint, pyflakes etc. for python.

I did my research on this and found a Package called ' CodeDepends' but that doesn't support version-3.3.2 and found another one called 'codetools'. Right now I am looking at the 'codetools' package and seeing how that works with a ".r" file.

πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/newpythoncoder
πŸ“…︎ Mar 03 2020
🚨︎ report
You always wanted to automate the verification of your project dart code style ? aka (analysis_options.yaml) But could not find a free tool for that ? Or you wanted to verify that a pull request meet your coding style guide? dbstyleguidechecker package is here to help. pub.dev/packages/dbstyleg…
πŸ‘︎ 4
πŸ’¬︎
πŸ‘€︎ u/bitsydarel
πŸ“…︎ Oct 08 2019
🚨︎ report
A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World cacm.acm.org/magazines/20…
πŸ‘︎ 28
πŸ’¬︎
πŸ‘€︎ u/retardo
πŸ“…︎ Apr 22 2019
🚨︎ report
Any of you guys using the code analyzer built in to VS to do static code analysis?

I'm in charge of setting up a plan to have static code analysis ran every time before we push code (twice a week usually). This could be done either at code review, or once before deployment.

We were wanting to just use the VS built in one, as we're only really doing this per a client request. We've been satisfied with the dynamic scanning tool we have set up.

Is anyone using this, if so, what is your process. If not, what are you using?

πŸ‘︎ 4
πŸ’¬︎
πŸ‘€︎ u/andrewsmd87
πŸ“…︎ Jul 08 2019
🚨︎ report
Static analysis of Apache Dubbo RPC Framework source code habr.com/en/company/pvs-s…
πŸ‘︎ 20
πŸ’¬︎
πŸ‘€︎ u/atomlib_com
πŸ“…︎ Aug 29 2019
🚨︎ report
pyt - Security static analysis tool for Python github.com/python-securit…
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/KevinHock
πŸ“…︎ Apr 21 2017
🚨︎ report
What are some good tools for C++? Static analysis, debugging etc

Hi there,

As the title might hint to I'm looking for some good tools especially for static analysis of C++ code. Also profiling and debugging like valgrind and such. Can anyone point me to some nice tools? I would prefer linux tools.

πŸ‘︎ 6
πŸ’¬︎
πŸ‘€︎ u/ponchedeburro
πŸ“…︎ Jun 12 2014
🚨︎ report
REIL: A platform-independent intermediate representation of disassembled code for static code analysis [PDF, whitepaper] zynamics.com/downloads/cs…
πŸ‘︎ 9
πŸ’¬︎
πŸ‘€︎ u/rolfr
πŸ“…︎ Mar 24 2009
🚨︎ report
Defeating Packers for Static Analysis of Malicious Code syprog.blogspot.com/2012/…
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/quequero
πŸ“…︎ Mar 02 2012
🚨︎ report
which static analysis tool can detect bug like this

It is a very typical bug,

multimap<int,int> test;

test.emplace(1, 3);

test.emplace(3, 3);

test.emplace(3, 4);

auto range = test.equal_range(3);

for (auto i = range.first; i != range.second; ++i) {

if (i->second == some_value) test.erase(i);

}

first of all, the erase(i) part will invalidate i and then ++i is UB. But I tried a couple of tools, like CppCheck, Clang tool, valgrind. None of them report the bug. is there any suggestions? (or maybe I did not use them correctly?)

πŸ‘︎ 10
πŸ’¬︎
πŸ‘€︎ u/cpei2019
πŸ“…︎ Nov 27 2019
🚨︎ report
Are there useful static analysis tools for databases?

I've come into an internal PHP website and database in use by my employer, written ten years ago without substantial documentation, code review, or database documentation. Turnover during the years has left us with few people who know the design. Worse, it's becoming apparent that my undergraduate curriculum in Databases has underprepared me to maintain and improve this ad-hoc and poorly managed system. So I turn to proggit for advice.

In cases like this, I think software analysis tools can help cover some of my shortcomings as an expert. Being the most junior member of the team, I feel an external and automated opinion on the quality of the database would carry more authority, when discussing it with the last remaining person who built the system, who's announced plans to leave.

Is there a tool for examining the configuration and schema of a database for dubious fields, relationships and configuration, similar to how static analysis tools like lint will flag dubious lines of code? I'm aware of terms like normal forms, but I admit I don't remember them and I'm canvassing our library on the subject of database design. But surely there's a class of "likely stupid" schemas that can be identified.

(To prempt the snark: I'm not sure that this is technically static, since it would likely connect to a live database server. And I'm aware of the shortcomings of false positives in static analysis.)

πŸ‘︎ 4
πŸ’¬︎
πŸ‘€︎ u/jldugger
πŸ“…︎ Oct 12 2009
🚨︎ report
TypeScript Compiler API wrapper for static analysis and programmatic code changes github.com/dsherret/ts-mo…
πŸ‘︎ 24
πŸ’¬︎
πŸ‘€︎ u/eatonphil
πŸ“…︎ Apr 18 2019
🚨︎ report
GitHub - liamg/tfsec: Static analysis powered security scanner for your terraform code github.com/liamg/tfsec
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/breach_house
πŸ“…︎ Nov 16 2019
🚨︎ report
Automated code review for GitLab using reviewdog which support any analysis tools regardless of programming language

https://preview.redd.it/1et11vi1h1611.png?width=1154&format=png&auto=webp&s=6816a902f455f48f7512778cef2fcfc4c709794a

reviewdog version 0.9.10 now added support GitLab integration. https://github.com/haya14busa/reviewdog/releases/tag/0.9.10

About reviewdog, see https://github.com/haya14busa/reviewdog for more detail.

πŸ‘︎ 6
πŸ’¬︎
πŸ‘€︎ u/haya14busa
πŸ“…︎ Jun 25 2018
🚨︎ report
Static analysis of Celestia space sim source code habr.com/en/company/pvs-s…
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/atomlib_com
πŸ“…︎ Oct 04 2019
🚨︎ report
Static analysis of Electronic Arts open source code habr.com/en/company/pvs-s…
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/atomlib_com
πŸ“…︎ Jul 31 2019
🚨︎ report
Static analysis of Windows Forms source code habr.com/en/company/pvs-s…
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/atomlib_com
πŸ“…︎ Aug 07 2019
🚨︎ report
Static analysis of Azure PowerShell source code habr.com/en/company/pvs-s…
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/atomlib_com
πŸ“…︎ Oct 09 2019
🚨︎ report
Static analysis of Celestia space sim source code habr.com/en/company/pvs-s…
πŸ‘︎ 2
πŸ’¬︎
πŸ‘€︎ u/atomlib_com
πŸ“…︎ Oct 04 2019
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.