Coverity Scan is described as 'Static Analysis allows to find and fix defects in your Java, C/C++ or C# open source project for free' and is an app in the development category. There are more than 10 alternatives to Coverity Scan for a variety of platforms, including Linux, Windows, Mac, Web-based and Visual Studio Code apps. The best Coverity Scan alternative is SonarQube, which is both free and Open Source. Other great apps like Coverity Scan are Shellcheck, Cppcheck, Axivion Suite and PVS-Studio.
DefenseCode ThunderScan® is a SAST (Static Application Security Testing, WhiteBox Testing) solution for performing deep and extensive security analysis of application source code.
DefenseCode ThunderScan® is the most popular SaaS alternative to Coverity Scan.
Qodana is a smart code quality platform by JetBrains best suited for working in teams. It can analyze code written in 60+ languages including Java, JavaScript, TypeScript, PHP, Kotlin, Python, Go, and C#.
Qodana is the most popular Self-Hosted alternative to Coverity Scan.
We’re excited to introduce Opengrep, an open-source static code analysis engine built to ensure code security testing remains truly open and accessible to everyone. 🚀
Apache Yetus is a collection of libraries and tools that enable contribution and release processes for software projects.
VCG is an automated code security review tool that handles C/C++, Java, C#, VB and PL/SQL. It has a few features that should hopefully make it useful to anyone conducting code security reviews, particularly where time is at a premium:
United Kingdom
Czechia
EU
United States