Flawfinder Alternatives

Flawfinder is described as 'Examines C/C++ source code and reports possible security weaknesses ("flaws'') sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public' and is an app in the development category. There are more than 10 alternatives to Flawfinder for a variety of platforms, including Windows, Linux, Web-based, Mac and Visual Studio Code apps. The best Flawfinder alternative is SonarQube, which is both free and Open Source. Other great apps like Flawfinder are Shellcheck, Cppcheck, Coverity Scan and Splint.

More about Flawfinder
Copy a direct link to this comment to your clipboard
Flawfinder alternatives page was last updated

Alternatives list

  1. SonarQube icon

    SonarQube

     27 likes
    Copy a direct link to this comment to your clipboard

    SonarQube is an open source quality management platform, dedicated to continuously analyze and measure source code quality, from the portfolio to the method. Static code analysis is available in the "Community Edition" (free / open source) for:

    28 SonarQube alternatives

    Cost / License

    • Freemium (Subscription)
    • Open Source

    Platforms

    • Mac
    • Windows
    • Linux
    • Online
    SonarQube screenshot 1
     

    • SonarQube is the most popular Web-based, Windows, Mac & Linux alternative to Flawfinder.

    • SonarQube is the most popular Open Source & free alternative to Flawfinder.

    • SonarQube is Freemium and Open SourceFlawfinder is Free and Open Source
  2. Shellcheck icon

    Shellcheck

     5 likes
    Copy a direct link to this comment to your clipboard

    A simple tool for finding bugs in shell scripts.

    Cost / License

    • Free
    • Open Source

    Platforms

    • Online
    • Visual Studio Code
    • Vim
    • Sublime Text
    • GNU Emacs
    • Atom
    Shellcheck screenshot 1
     
  4. Cppcheck icon

    Cppcheck

     23 likes
    Copy a direct link to this comment to your clipboard

    Cppcheck is an static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect.

    Cost / License

    • Free
    • Open Source

    Platforms

    • Windows
    • Linux
    • PortableApps.com
    • Eclipse
    Cppcheck screenshot 1
     

  5. Coverity Scan

     4 likes
    Copy a direct link to this comment to your clipboard

    Coverity Scan Static Analysis allows to find and fix defects in your Java, C/C++ or C# open source project for free.

    17 Coverity Scan alternatives

    Cost / License

    • Freemium (Pay once)
    • Proprietary

    Platforms

    • Mac
    • Windows
    • Linux
    • Online
    • BSD
     

  6. Splint

     2 likes
    Copy a direct link to this comment to your clipboard

    Splint is a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint. If additional effort is invested adding annotations to programs, Splint can perform stronger checking than can be done...

    Cost / License

    • Free
    • Open Source

    Alerts

    • Discontinued

    Platforms

    • Windows
    • Linux
     

  7. EDoC++

     Like
    Copy a direct link to this comment to your clipboard

    EDoC++ is a C++ source analysis tool designed to identify problems associated with the use of exceptions in C++ code. Additionally EDoC++ can be used to generate detailed documentation

    Cost / License

    • Free
    • Open Source

    Platforms

    • Windows
     
  9. Astrée icon

    Astrée

     Like
    Copy a direct link to this comment to your clipboard

    Astrée statically analyzes whether the programming language is used correctly and whether there can be any runtime errors during any execution in any environment. This covers any use of C or C++ that, according to the selected language standard, has undefined behavior or...

    Cost / License

    • Pay once
    • Proprietary

    Platforms

    • Windows
    • Linux
    Astrée comes with comprehensive documentation and a variety of real-world examples.
     

    • Astrée is the most popular commercial alternative to Flawfinder.

    • Astrée is Paid and ProprietaryFlawfinder is Free and Open Source
  10. VisualCodeGrepper icon

    VisualCodeGrepper

     Like
    Copy a direct link to this comment to your clipboard

    VCG is an automated code security review tool that handles C/C++, Java, C#, VB and PL/SQL. It has a few features that should hopefully make it useful to anyone conducting code security reviews, particularly where time is at a premium:

    Cost / License

    • Free
    • Open Source

    Platforms

    • Windows
    VisualCodeGrepper screenshot 1
     
  11. Qodana icon

    Qodana

     Like
    Copy a direct link to this comment to your clipboard

    Qodana is a smart code quality platform by JetBrains best suited for working in teams. It can analyze code written in 60+ languages including Java, JavaScript, TypeScript, PHP, Kotlin, Python, Go, and C#.

    28 Qodana alternatives

    Cost / License

    • Paid
    • Proprietary

    Platforms

    • Visual Studio Code
    • Online
    • Self-Hosted
     

    • Qodana is the most popular Self-Hosted alternative to Flawfinder.

    • Qodana is Paid and ProprietaryFlawfinder is Free and Open Source
  12. Parasoft C/C++test icon

    Parasoft C/C++test

     Like
    Copy a direct link to this comment to your clipboard

    Parasoft’s C/C++test is the fully-integrated software testing solution for embedded safety-critical industries. Its automated software testing capabilities are also made for today’s high-velocity Agile DevOps environments.

    Cost / License

    • Pay once
    • Proprietary

    Platforms

    • Windows
    • Linux
     
  13. Semgrep icon

    Semgrep

     Like
    Copy a direct link to this comment to your clipboard

    Semgrep is a fast, open-source, static analysis tool that excels at expressing code standards — without complicated queries — and surfacing bugs early at editor, commit, and CI time. Precise rules look like the code you’re searching; no more traversing abstract syntax trees or...

    Cost / License

    • Freemium (Subscription)
    • Open Source

    Platforms

    • Mac
    • Windows
    • Linux
     
  14. Opengrep icon

    Opengrep

     Like
    Copy a direct link to this comment to your clipboard

    We’re excited to introduce Opengrep, an open-source static code analysis engine built to ensure code security testing remains truly open and accessible to everyone. 🚀

    Cost / License

    • Free
    • Open Source

    Platforms

    • Mac
    • Linux
    Opengrep screenshot 1
     
12 of 13 Flawfinder alternatives