Coverity Scan Alternatives

    Coverity Scan is described as 'Static Analysis allows to find and fix defects in your Java, C/C++ or C# open source project for free' and is an app in the Development category. There are more than 10 alternatives to Coverity Scan for a variety of platforms, including Windows, Linux, the Web, Mac and Xcode. The most liked alternative is SonarQube, which is both free and Open Source. Other great apps like Coverity Scan are Cppcheck (Free, Open Source), PVS-Studio (Paid), Flawfinder (Free, Open Source) and Clang Static Analyzer (Free, Open Source).

    The list of alternatives was last updated Dec 9, 2020

    • SonarQube is an open source quality management platform, dedicated to continuously analyze and measure source code quality, from the portfolio to the method.
      • Freemium • Open Source
      • Mac
      • Windows
      • Linux
      • Online
    • Cppcheck is an static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code.
      No screenshots yet
      • Free • Open Source
      • Windows
      • Linux
      • PortableApps.com
      • Eclipse


    • PVS-Studio is a static analyzer that detects errors in source code of C, C++ and C# applications.
      No screenshots yet
      • Windows
      • Linux
      • MinGW
      • GCC C Preprocessor (cpp)
      • Microsoft Visual Studio
      • clang
    • Flawfinder examines source code and reports possible security weaknesses (``flaws'') sorted by risk level.
      No screenshots yet
      • Free • Open Source
      • Windows
      • Linux
    • The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C programs.
      • Free • Open Source
      • Mac
      • Xcode
    • lgtm.com is a platform for code analytics. It's free to use for open source software; results for over 55k projects are readily available (add your own!), has automatic code review pull request integration (GitHub, Bitbucket, GitLab), and much more.
    • Splint is a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint.

      Discontinued

      Last version 3.1.2 is from August 2007.

      No screenshots yet
      • Free • Open Source
      • Windows
      • Linux
    • Facebook Infer is a static analysis tool - if you give Infer some Objective-C, Java, or C code, it produces a list of potential bugs.
      No screenshots yet
      • Free • Open Source
      • Linux
    • EDoC++ is a C++ source analysis tool designed to identify problems associated with the use of exceptions in C++ code.
      No screenshots yet
      • Free • Open Source
      • Windows
    • DefenseCode ThunderScan® is a SAST (Static Application Security Testing, WhiteBox Testing) solution for performing deep and extensive security analysis of application source code.
      • Windows
      • Linux
      • Online
      • Software as a Service (SaaS)