Search package reports
Index of tools
Index of tools under evaluation
The following tools are being evaluated, looking for major false
positives or bugs, and other issues that may degrade their usefulness.
Feedback is appreciated.
The following tools are either pending evaluation, proper
infrastructure, or they have only been mentioned but not even used
- C/C++ and others: RATS, flawfinder, graudit - noise ratio is too high; integrating their C and C++ checks into cppcheck would be better
- CLANG's scan-build - package building infrastructure is needed
- Ruby: nitpick, roodi - need packaging
- Java: findbugs - needs packaging (and licence issues resolved), Chord, pathfinder
- Python: pylint, pychecker, pymetrics
- C: splint, coccinelle, cqual, csur (source not available), boon, cca, crest, magic (not DFSG-free: educational only), uno (not DFSG-free: non-commercial), scare (not DFSG-free: non-commercial)
- PHP: pixy, securityscanner, RIPS, phpsat
- Perl::Critic - standardising on an output format would be useful
- ECMA CIL: gendarme - would need to be chrooted (or something similar done) given the amount of dependencies
Automated Code Analysis helps detect and fix bugs and other issues in source code.
The DACA project aims to give users easy access to a wide set of tools to improve quality,
while giving the tool's developers a test bed, more visibility, and more feedback.
Check the DACA (development)
website and learn how to contribute and join
- Richard Darst for providing access to multiple servers for running the tools
Companies and institutions