SonarQube is an open source quality management platform, dedicated to continuously analyze and measure source code quality, from the portfolio to the method. Static code analysis is available in the "Community Edition" (free / open source) for:
Codacy automates code reviews and monitors code quality on every commit and pull request reporting back the impact of every commit or pull request, issues concerning code style, best practices, security, and many others.
Teamscale analyzes the quality of your code. Analyze your code with a variety of static and dynamic analyses to identify specific maintainability constraints and avoid unexpected maintenance costs in the future.
Semgrep is a fast, open-source, static analysis tool that excels at expressing code standards — without complicated queries — and surfacing bugs early at editor, commit, and CI time. Precise rules look like the code you’re searching; no more traversing abstract syntax trees or...
Improve quality, reduce risk, and ship with confidence. GrammaTech's static analysis SAST tool as part of your secure SDLC identifies bugs that can result in system crashes, unexpected behavior, and security breaches.