Semgrep Alternatives

SonarQube is an open source quality management platform, dedicated to continuously analyze and measure source code quality, from the portfolio to the method. Static code analysis is available in the "Community Edition" (free / open source) for:

A simple tool for finding bugs in shell scripts.

Automatically reviews code style, security, duplication, complexity, and coverage on every change while tracking code quality throughout your sprints.

Cppcheck is an static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect.

Coverity Scan Static Analysis allows to find and fix defects in your Java, C/C++ or C# open source project for free.

Betterscan is a simple and powerful software to automate thousands of checks (orchestration) and eliminate human errors in Code and Cloud Infrastructure. Our software uses multiple very known and state of the art Open Source components as plugins (in that sense it is a...

Flawfinder examines C/C++ source code and reports possible security weaknesses ("flaws'') sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public.

Code Climate’s engineering process insights and automated code review for GitHub and GitHub Enterprise help you ship better software, faster.

SQuORE is a business intelligence and static code analysis tool for software projects. It gathers information from different artefacts types (e.g. source code, test results, bug tracking system) and tools (reads outputs of Checkstyle, PMD, FindBugs, Polyspace, Coverity or...

ProjectCodeMeter Is a professional software tool for project managers to measure and estimate the Time, Cost, Complexity, Quality Metrics and Maintainability of software projects as well as Development Team Productivity by analyzing their source code.

SensioLabsInsight is a quality assurance tool that analyzes your source code to find problems that degrade the overall quality of your projects. It can analyze any application developed with PHP, but it's specially designed to perform advanced analysis of Symfony2...

Find and fix bug risks, anti-patterns, performance issues, security flaws automatically during code reviews. In addition, DeepSource automatically fixes some of the most commonly occurring issues. It works for Python, Go, Ruby, and JavaScript.