Coverity Scan!

More..

All users who are experiencing build issues should upgrade to this version; a number of bugs have been fixed with this release. **WARNING:** Linux users on kernel version 4.8.x and newer will need to apply a sysctl parameter to support our binaries. Without this parameter, our binaries will not work on your platform. This is a known issue which we will address with a future release. # sysctl vsyscall emulate **Version 7.6.0.x is no longer supported.** The current supported versions are: * **7.7.0.x (to be retired July 2017** * **8.5.0.x** * **8.7.0.x** Users are encouraged to download the latest tools in Downloads https://scan.coverity.com/download.
Going forward, only the latest three releases will be supported. This means projects should be expected to update the

Coverity Scan alternatives

  • Cppcheck

  • Cppcheck is an static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to detect only real errors in the code (i.e. have zero false positives).

    tags: Portable analysis-tool bugs c++check c-plus-plus

  • PVS-Studio

  • PVS-Studio is a static analyzer that detects errors in source code of C, C++ and C# applications. The PVS-Studio tool is intended for developers of contemporary applications and it integrates into the Visual Studio 2005/2008/2010/2012/2013 environment. PVS-Studio for Linux: http://www.viva64.com/en/b/0441/

    tags: bugs c-plus-plus c-sharp cpp-development developer-tools

  • Clang Static Analyzer

  • The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C programs.

    tags: c-plus-plus source-code-analysis static-code-analysis xcode

  • Infer

  • Facebook Infer is a static analysis tool - if you give Infer some Objective-C, Java, or C code, it produces a list of potential bugs.

    tags: analysis-tool bugs debugger memory-leak-detection memory-leaks

  • Flawfinder

  • Flawfinder examines source code and reports possible security weaknesses (``flaws'') sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public. Flawfinder works on Unix-like systems today (it's been tested on GNU/Linux), and it should be easy to port to Windows systems. It requires Python 1.5 or greater to run (Python 1.3 or earlier won't work).

    tags: programming python

  • EDoC++

  • EDoC++ is a C++ source analysis tool designed to identify problems associated with the use of exceptions in C++ code. Additionally EDoC++ can be used to generate detailed documentation

    tags: analysis-tool c-plus-plus documentation

  • VisualCodeGrepper

  • VCG is an automated code security review tool that handles C/C++, Java, C#, VB and PL/SQL. It has a few features that should hopefully make it useful to anyone conducting code security reviews, particularly where time is at a premium:1. In addition to performing some more complex checks it also has a config file for each language that basically allows you to add any bad functions (or other text) that you want to search for2. It attempts to find a range of around 20 phrases within comments that can indicate broken code (“ToDo”, “FixMe”, “Kludge”, etc.)3. It provides a nice pie chart (for the entire codebase and for individual files) showing relative proportions of code, whitespace, comments, ‘ToDo’ style comments and bad code »

    tags: c-sharp security-auditing source-code-analysis