源代码审计

               

开源和非商业公司
2.3.1.1 .NET (C#, VB.NET and all .NET compatible languages)
• Reflector.CodeMetrics — (an add-in for the essential Reflector)
• CCMetrics
• CRPlugin (plugin for DxCore)
• FxCop — Free static analysis for Microsoft .NET programs that compile to CIL. Standalone and integrated in some Microsoft Visual Studio editions. From Microsoft.
• Source Monitor
• vil
2.3.1.2 Java
• Bandera — analyzer for Java
• Checkstyle — analyze Java and apply coding standard
• Classycle — analyze Java class cycles and class and package dependencies (Layers)
• FindBugs — an open-source static bytecode analyzer for Java (based on Jakarta BCEL).
• Jlint — for Java
• PMD (software) — a static ruleset based Java source code analyzer that identifies potential problems.
• Soot — A Java program analysis and compiler optimization framework
• Hammurapi — Customizable static code analysis tool for java (based on coding standards) that can also generate metrics report
2.3.1.3 C
• CQual — A tool for adding type qualifiers in C.
• SNav — Red Hat Source Navigator.
• Sparse — a tool designed to find faults in the Linux kernel.
• Splint — an open source evolved version of Lint (C language).
• Frama-C — Frama-C is a suite of tools dedicated to the analysis of the source code of software written in C.
• Deputy - Deputy is a C compiler that is capable of preventing common C programming errors, including out-of-bounds memory accesses as well as many other common type-safety errors.
• CCured - CCured is a source-to-source translator for C. It analyzes the C program to determine the smallest number of run-time checks that must be inserted in the program to prevent all memory safety violations.
• RATS - RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions.
• LLVM/Clang Static Analyzer - standalone tool that find bugs in C and Objective-C programs.
• MOPS - MOPS is a to