Le PAD pour proposer une amélioration à cette page : https://pad.zenk-security.com/p/merci
🛠 [Astrée](https://www.absint.com/astree/index.htm) :copyright: - Sound static analyzer based on abstract interpretation for C/C++, detecting memory, type and concurrency defects, and MISRA violations.
🛠 [CBMC](http://www.cprover.org/cbmc/) - bounded model-checker for C programs, user-defined assertions, standard assertions, several coverage metric analyses
🛠 [clang-tidy](http://clang.llvm.org/extra/clang-tidy/) - clang static analyser
🛠 [CMetrics](https://github.com/MetricsGrimoire/CMetrics) - Measures size and complexity for C files
🛠 [Codecheker](https://github.com/Ericsson/codechecker) - static analysis of C/C++ code, with web GUI
🛠 [CodeSonar from GrammaTech](https://www.grammatech.com/products/codesonar) :copyright: - Advanced, whole program, deep path, static analysis of C and C++ with easy-to-understand explanations and code and path visualization.
🛠 [Corrode](https://github.com/jameysharp/corrode) - Semi-automatic translation from C to Rust. Could reveal bugs in the original implementation by showing Rust compiler warnings and errors.
🛠 [cppcheck](https://github.com/danmar/cppcheck) - static analysis of C/C++ code
🛠 [CppDepend](https://www.cppdepend.com) :copyright: - Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity.
🛠 [cpplint](https://github.com/google/styleguide/tree/gh-pages/cpplint) - automated C++ checker that follows Google's style guide
🛠 [cqmetrics](https://github.com/dspinellis/cqmetrics) - quality metrics for C code
🛠 [CScout](https://www.spinellis.gr/cscout/) - complexity and quality metrics for for C and C preprocessor code
🛠 [flawfinder](http://www.dwheeler.com/flawfinder/) - finds possible security weaknesses
🛠 [flint++](https://github.com/JossWhittle/FlintPlusPlus) - cross-platform, zero-dependency port of flint, a lint program for C++ developed and used at Facebook.
🛠 [Frama-C](http://frama-c.com/) - a sound and extensible static analyzer for C code
🛠 [Helix QAC](https://www.perforce.com/products/helix-qac) :copyright: - Enterprise-grade static analysis for embedded software. Supports MISRA, CERT, and AUTOSAR coding standards.
🛠 [IKOS](https://github.com/nasa-sw-vnv/ikos) - a sound static analyzer for C/C++ code based on LLVM
🛠 [include-gardener](https://github.com/feddischson/include_gardener) - a static analyzer for C/C++/Obj-C to create a graph (in dot or graphml format) which shows all `#include` relations of a given set of files.
🛠 [LDRA](https://ldra.com/) :copyright: - a tool suite including static analysis (TBVISION) to various standards including MISRA C & C++, JSF++ AV, CWE, CERT C, CERT C++ & Custom Rules.
🛠 [oclint](http://oclint.org/) - static analysis of C/C++ code
🛠 [Phasar](https://github.com/secure-software-engineering/phasar) - A LLVM-based static analysis framework which comes with a taint and type state analysis.
🛠 [Polyspace Bug Finder](https://www.mathworks.com/products/polyspace-bug-finder.html) :copyright: - identifies run-time errors, concurrency issues, security vulnerabilities, and other defects in C and C++ embedded software.
🛠 [Polyspace Code Prover](https://www.mathworks.com/products/polyspace-code-prover.html) :copyright: - provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in C and C++ source code.
🛠 [scan-build](https://clang-analyzer.llvm.org/scan-build.html) - Analyzes C/C++ code using LLVM at compile-time
🛠 [splint](https://github.com/ravenexp/splint) - Annotation-assisted static program checker
🛠 [SVF](https://github.com/SVF-tools/SVF) - a static tool that enables scalable and precise interprocedural dependence analysis for C and C++ programs.
🛠 [vera++](https://bitbucket.org/verateam/vera/wiki/Introduction) - Vera++ is a programmable tool for verification, analysis and transformation of C++ source code.