Search package reports

Search reports for:

Index of tools

Index of tools under evaluation

The following tools are being evaluated, looking for major false positives or bugs, and other issues that may degrade their usefulness. Feedback is appreciated.

pyflakes (bugs in python code) - Debian package

smatch (bugs in C code) - no results available yet - Homepage

Other tools

C/C++ and others: RATS, flawfinder, graudit - noise ratio is too high; integrating their C and C++ checks into cppcheck would be better

CLANG's scan-build - package building infrastructure is needed

Ruby: nitpick, roodi - need packaging

Java: findbugs - needs packaging (and licence issues resolved), Chord, pathfinder

Python: pylint, pychecker, pymetrics

C: splint, coccinelle, cqual, csur (source not available), boon, cca, crest, magic (not DFSG-free: educational only), uno (not DFSG-free: non-commercial), scare (not DFSG-free: non-commercial)

PHP: pixy, securityscanner, RIPS, phpsat

Perl::Critic - standardising on an output format would be useful

ECMA CIL: gendarme - would need to be chrooted (or something similar done) given the amount of dependencies

bddbddb

BLAST

CBMC

Saturn

The following tools are either pending evaluation, proper infrastructure, or they have only been mentioned but not even used once.

Automated Code Analysis helps detect and fix bugs and other issues in source code.

The DACA project aims to give users easy access to a wide set of tools to improve quality, while giving the tool's developers a test bed, more visibility, and more feedback. Check the DACA (development) website and learn how to contribute and join the project.

Individuals

Richard Darst for providing access to multiple servers for running the tools

Companies and institutions