Cppcheck

Cppcheck is an static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect.

Free Open Source Windows Linux

PVS-Studio

PVS-Studio is a static analyzer that detects errors in source code of C, C++ and C# applications.

Commercial Windows Linux Microsoft Visual Studio MinGW GCC C Preprocessor (cpp) clang

Flawfinder

Flawfinder examines source code and reports possible security weaknesses (``flaws'') sorted by risk level. It's very useful for quickly finding and removing...

Free Open Source Windows Linux

Splint

Splint is a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint. If...

Free Open Source Windows Linux

EDoC++

EDoC++ is a C++ source analysis tool designed to identify problems associated with the use of exceptions in C++ code. Additionally EDoC++ can be used to generate...

Free Open Source Windows

lgtm.com

lgtm.com is a platform for code analytics. It's free to use for open source software; results for over 55k projects are readily available (add your own!), has...

Free Web

Clang Static Analyzer

The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C programs.

Free Open Source Mac OS X Xcode

Infer

Facebook Infer is a static analysis tool - if you give Infer some Objective-C, Java, or C code, it produces a list of potential bugs.

Free Open Source Linux

VisualCodeGrepper

VCG is an automated code security review tool that handles C/C++, Java, C#, VB and PL/SQL.

Free Open Source Windows