静态代码分析、测试工具汇总静态代码扫描，借用一段网上的原文解释一下 ( 这里叫静态检查 ) ：“静态测试包括代码检查、静态结构分析、代码质量度量等。

它可以由人工进行，充分发挥人的逻辑思维优势，也可以借助软件工具自动进行。

代码检查代码检查包括代码走查、桌面检查、代码审查等，主要检查代码和设计的一致性，代码对标准的遵循、可读性，代码的逻辑表达的正确性，代码结构的合理性等方面；可以发现违背程序编写标准的问题，程序中不安全、不明确和模糊的部分，找出程序中不可移植部分、违背程序编程风格的问题，包括变量检查、命名和类型审查、程序逻辑审查、程序语法检查和程序结构检查等内容。

”。

我看了一系列的静态代码扫描或者叫静态代码分析工具后，总结对工具的看法：静态代码扫描工具，和编译器的某些功能其实是很相似的，他们也需要词法分析，语法分析，语意分析 ...但和编译器不一样的是他们可以自定义各种各样的复杂的规则去对代码进行分析。

以下将会列出的静态代码扫描工具，会由于实现方法，算法，分析的层次不同，功能上会差异很大。

有的可以做 SQL注入的检查，有的则不能 ( 当然，由于时间问题还没有对规则进行研究，但要检查复杂的代码安全漏洞，是需要更高深分析算法的，所以有的东西应该不是设置规则库就可以检查到的，但在安全方面的检查，一定程度上也是可以通过设置规则进行检查的 )。

主工具名静态扫描语言开源 /厂商介绍页付费网址、C、ounec5.0 C++和 C#，付Ounce Labs \还支持费Java。

还有其他辅助工具：1.Coverity ThreadCoverity C/C++,C#,JAVAnalyzer for Java 付费Coverity 2.Coverity SoftwarePrevent A Readiness Managerfor Java3.CoverityArchitectureAnalyzer@stake SmartRisk?Analyzer harnessesthe power ofstatic analysis ofbinary executables@stake Symantec (C, C++, and Java) SmartRisk? C/C++,Java 付费Corporatio toAnalyzer n identify,categorize andprioritizesecurity 。

注：在 Symantec 没有搜到此产品？！Provides memory Rationalleak and memoryC/C++,Java 付费IBM corruptionPurifydetection forWindows，Runtime?!微软用的静态分析工具，但暂时没有找到PREfix \ \ microsoft 下载 , \现在好像在考虑发布中!同时还有其他静态分Jtext Java 付费parasoft 析代码的产品，如:C++Test...详细请查询官网用 Python 编写的 c、c++程序安全审核工flawfinder C/C++ 开源\ 具，可以检查潜在的安全风险。

StaticC/C++,C#,JAVCode 付费Fortify \Analyzer AKlocworkC/C++ ,Java 付费Klocwork \InsightPolySpace C/C++、 Ada 付费MathWorks \Client/Serve 语言rC/C++,Python,rats Perl,开源\ \PHP代码进行安全审核的工具LAPSE stands for aLightweightAnalysis forProgramSecurity inEclipse. LAPSE isdesigned to helpwiththe task ofauditing Java J2EELAPSE Java 开源\ applications for commontypes of security vulnerabilitiesfound in Web applications.LAPSE was developed by BenjaminLivshits as part oftheGriffin Software Security Project.We have explored properties including:* raceFluid java 开源\ conditions and locking policies,* unique references and other programmer- significant aliasingproperties,* effects,*appropriate typing,* realtimethreading policies,and* single-threading policies.UniversityofVirginia, 静态检测针对 C语言Splint C 开源Department 的安全工具和漏洞检of 测。

ComputerScience轻量级的静态扫描cqual C/C++ 开源马里兰大学器，在类 Linux 系统下运行。

MOPS is a tool forfinding securitybugs in CMOPS C 开源berkeley 大 programs学and for verifyingconformance torules of defensiveprogrammingBOON is a tool forautomaticallyfinding bufferoverrunvulnerabilities inC source code.BOON C 开源berkeley 大 Buffer overruns areone学of the most commontypes of securityholes, and wehopethat BOON willenable softwaredevelopers and codeauditorsto improve the quality ofsecurity-critical programs.BLAST is a software model checker for C programs.The goal of BLAST is to be able to check that software satisfies behavioral properties of the interfaces it uses. BLAST usesThe BLAST counterexample-BLAST C 开源driven automatic2.0 Teamabstractionrefinement toconstruct anabstract modelwhich is modelchecked for safetyproperties. Theabstraction isconstructedon-the-fly, andonly to therequired precision.SpikeWAMP Php 开源\ for analyzing PHP programs Finding XSS andPixy Php 开源\ SQLIvulnerabilitiesJava source codesecurity scannerMike Java 开源\ built on top of Orizon.They are connected to OWASP.Smatch C 开源\ \Oink C++ 开源\ C++ Static Analysis ToolsFrama-C C 开源\ static analyzersfor the C language.RTL-check is an extensible and powerful abstract interpretationRTL-check \ 开源\ framework for static analysis of programs from a safety andsecurity perspectivePMD scans Java source code and looks for potential problems like:* Possible bugs - emptytry/catch/finally/ switch statements* Dead code - unused local variables, parametersPMD Java 开源\ and private methods* Suboptimalcode - wastefulString/StringBufferusage*Overcomplicatedexpressions -unnecessary ifstatements,for loops thatcould be whileloops* Duplicatecode -copied/pasted code means copied/pasted bugsuses staticanalysis to lookFindBugs Java 开源马里兰大学for bugs in Java code.注意：提供 Eclipse 插件。

Cigital developed ITS4 to helpITS4 C\C++ 开源\ automate source codereview for security.QJ-Pro is a comprehensive software inspection tool targeted towards the software developer.QJ-Pro checks:* conformance to coding standards,QJ-Pro Java 开源\* misuse of the Java language,* best practice conformence* code structure and* potential bugs at theearliest stages of development.注意：提供各种 IDE 插件！Jint Java 开源\ Jlint will check your Java code andfind bugs,inconsistenciesand synchronizationproblems by doingdata flow analysisandbuilding the lockgraph.code review systemcaptures codingbest practices anddeliversthem to developers'fingertips. It alsogenerates Hammurapi Java 开源\ consolidatedreports for leaddevelopers,architects, andmanagers tomonitor codebasequality andevolution.Among what itdetects:* misspelledwords* parameterand exceptionnames:o missingDoctorJ Java 开源\o misorderedo misspelled* Javadoctags:o invalido misorderedo missing expectedargumentso invalid argumentso missingdescriptions*undocumentedclasses, methods,fields,parametersDependency Finderis a suite of toolsfor analyzingcompiled Java code.At the core is apowerful dependencyanalysisapplication thatextracts dependencygraphs andmines them foruseful information.This application DependencyJava 开源\ comesFinderin many forms foryour ease of use,including command-linetools, a Swing-based application,a web applicationreadyto be deployed inan applicationserver, and a setof Anttasks.Checkstyle is a Checkstyle Java 开源\ development tool tohelp programmerswrite Java codethat adheres to acoding standard.It automates theprocess of checkingJava code to sparehumans of thisboring (butimportant) task.This makesit ideal forprojects that wantto enforce a codingstandard.注意：提供多种 IDE的插件。