I'm working on a project where I'm coding in C in a UNIX environment. I've been using the lint tool to check my source code. Lint has been around a long time (since 1979), can anyone suggest a more recent code analysis tool I could use ? Preferably a tool that is free.
SonarQube SonarQube is one of the more popular static code analysis tools out there. It is an open-source platform for continuous inspection of code quality and performs automatic reviews via static code analysis. In addition, it can detect and report bugs, code smells, and numerous other security vulnerabilities.
Source code analysis tools, also known as Static Application Security Testing (SAST) Tools, can help analyze source code or compiled versions of code to help find security flaws. SAST tools can be added into your IDE. Such tools can help you detect issues during software development.
Don't overlook the compiler itself. Read the compiler's documentation and find all the warnings and errors it can provide, and then enable as many as make sense for you.
Also make sure to tell your compiler to treat warnings like errors so you're forced to fix them right away (-Werror
on gcc). By the way, don't be fooled -Wall
on gcc does not enable all warnings.
You may want to check valgrind
(free!) — it "automatically detect[s] many memory management and threading bugs, and profile[s] your programs in detail." It isn't a static checker, but it's a great tool!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With