Static code analyzers
Introduction
Source code analysis tools help analyzing source code or compiled versions of this code. The primary goal is to detect security flaws. This category of tools is also referred to as SAST tools, short for Static Application Security Testing.
Implementing analysis tools into the build process can help with discovery unexpected behavior and security flaws. Detecting these security issues early in the development phase can reduce costs greatly. Besides reducing the time that otherwise would be spent on releasing new software, it can also avoid public embarrassment.
Most of the tools in this category are focused on a particular programming language. So select the tools based on the language that they support. Also, some of the tools can be perfectly combined to increase the coverage of the code inspection. Hopefully more secure code is released by using the tools listed in this category. Happy coding!
Usage
Static code analyzers are typically used for safe software development and software testing.
Users for these tools include developers and security professionals.
Tools
Popular static code analyzers
Bandit (Python static code analyzer)
code analysis
Bandit is a tool that can be used during development or afterward. Typically this is used by developers to find common security issues in Python code before putting the code in production. Another use-case would be to use this tool to analyze existing projects and find possible flaws.
Cppcheck (static code analyzer)
code analysis
Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.
PyT (static code analyzer for Python)
code analysis
Python Taint (or PyT) is a static code analyzer for Python scripts and applications. It tries to discover vulnerabilities or other possible weaknesses.
Shellharden (linting tool for shell scripts)
code analysis
Shellharden helps to detect flaws in shell scripts that may result in vulnerabilities. While being similar to Shellcheck, this tool can apply the suggested changes to a shell script.
WPSploit (scanner for WP themes and plugins)
code analysis
WPSploit helps developers and penetration testers to perform a code audit of WordPress themes and plugins. The tool runs a static code analysis on the systems itself for possible security flaws.
angr (binary analysis framework)
binary analysis, malware analysis
Tools like angr are great for performing in-depth analysis of binaries. This could be the analysis of an unknown binary, like a collected malware sample.
gosec (Golang security checker)
code analysis, safe software development
Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. The scan is performed on the so-called abstract syntax tree (AST). Gosec checks for common flaws that may be part of the selected project.
graudit (static code analysis tool)
code analysis
Analysis of source code helps to find programming flaws including those that can lead to software vulnerabilities. Graudit helps to uncover these by searching through the files and discover possible flaws. The tool supports languages like ASP, C, Perl, PHP, Python, and others.
yasca (source code analysis)
code analysis
Yasca is a tool to perform code analysis and linting. It can be used by developers and security professionals to evaluate the code quality.
Other related categories: code security testing tools, dynamic code analyzers
Missing a favorite tool in this list? Share a tool suggestion and we will review it.