Flawfinder Alternatives
Flawfinder is described as 'examines source code and reports possible security weaknesses (``flaws'') sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public' and is an app in the development category. There are more than 10 alternatives to Flawfinder for a variety of platforms, including Windows, Linux, Online / Web-based, Mac and BSD. The best alternative is SonarQube, which is both free and Open Source. Other great apps like Flawfinder are Cppcheck, Shellcheck, Coverity Scan and Splint.
- Freemium • Open Source
- Mac
- Windows
- Linux
- Online
SonarQube is an open source quality management platform, dedicated to continuously analyze and measure source code quality, from the portfolio to the method. Static code analysis is available in the "Community Edition" (free / open source) for:
Cppcheck is an static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect.
- Free • Open Source
- Online
- GNU Emacs
- Vim
- Sublime Text
- Atom
- Code - OSS (vscode)
- Visual Studio Code
A simple tool for finding bugs in shell scripts.
Coverity Scan Static Analysis allows to find and fix defects in your Java, C/C++ or C# open source project for free.
No screenshots yetSplint is a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint.
Discontinued
Last version 3.1.2 is from August 2007.
No screenshots yetlgtm.com is a platform for code analytics. It's free to use for open source software; results for over 55k projects are readily available (add your own!), has automatic code review pull request integration (GitHub, Bitbucket, GitLab), and much more.
No screenshots yetEDoC++ is a C++ source analysis tool designed to identify problems associated with the use of exceptions in C++ code. Additionally EDoC++ can be used to generate detailed documentation
No screenshots yetVCG is an automated code security review tool that handles C/C++, Java, C#, VB and PL/SQL. It has a few features that should hopefully make it useful to anyone conducting code security reviews, particularly where time is at a premium:
- Paid • Proprietary
- Windows
- Linux
Parasoft’s C/C++test is the fully-integrated software testing solution for embedded safety-critical industries. Its automated software testing capabilities are also made for today’s high-velocity Agile DevOps environments.
No screenshots yetSemgrep is a fast, open-source, static analysis tool that excels at expressing code standards — without complicated queries — and surfacing bugs early at editor, commit, and CI time.
No screenshots yet