|
489 | 489 | ], |
490 | 490 | "homepage": "https://npo-echelon.ru/en/solutions/appchecker.php", |
491 | 491 | "source": null, |
492 | | - "pricing": null, |
493 | | - "plans": null, |
| 492 | + "pricing": "https://npo-echelon.ru/en/solutions/appchecker.php", |
| 493 | + "plans": { |
| 494 | + "free": false, |
| 495 | + "oss": false |
| 496 | + }, |
494 | 497 | "description": "Static analysis for C/C++/C#, PHP and Java.", |
495 | 498 | "discussion": null, |
496 | 499 | "deprecated": null, |
|
529 | 532 | ], |
530 | 533 | "homepage": "https://www.ptsecurity.com/ww-en/products/ai", |
531 | 534 | "source": null, |
532 | | - "pricing": null, |
533 | | - "plans": null, |
| 535 | + "pricing": "https://global.ptsecurity.com/en/products/ai/", |
| 536 | + "plans": { |
| 537 | + "free": false, |
| 538 | + "oss": false |
| 539 | + }, |
534 | 540 | "description": "Commercial Static Code Analysis which generates exploits to verify vulnerabilities.", |
535 | 541 | "discussion": null, |
536 | 542 | "deprecated": null, |
|
707 | 713 | ], |
708 | 714 | "homepage": "https://www.absint.com/astree/index.htm", |
709 | 715 | "source": null, |
710 | | - "pricing": null, |
711 | | - "plans": null, |
| 716 | + "pricing": "https://www.absint.com/astree/contact.htm", |
| 717 | + "plans": { |
| 718 | + "free": false, |
| 719 | + "oss": false |
| 720 | + }, |
712 | 721 | "description": "Astrée automatically proves the absence of runtime errors and invalid concurrent behavior in C/C++ applications. It is sound for floating-point computations, very fast, and exceptionally precise. The analyzer also checks for MISRA/CERT/CWE/Adaptive Autosar coding rules and supports qualification for ISO 26262, DO-178C level A, and other safety standards. Jenkins and Eclipse plugins are available.", |
713 | 722 | "discussion": null, |
714 | 723 | "deprecated": null, |
|
1348 | 1357 | ], |
1349 | 1358 | "homepage": "https://www.blackducksoftware.com", |
1350 | 1359 | "source": null, |
1351 | | - "pricing": null, |
1352 | | - "plans": null, |
| 1360 | + "pricing": "https://www.synopsys.com/software-integrity/contact-sales.html", |
| 1361 | + "plans": { |
| 1362 | + "free": false, |
| 1363 | + "oss": false |
| 1364 | + }, |
1353 | 1365 | "description": "Tool to analyze source code and binaries for reusable code, necessary licenses and potential security aspects.", |
1354 | 1366 | "discussion": null, |
1355 | 1367 | "deprecated": null, |
|
2368 | 2380 | ], |
2369 | 2381 | "homepage": "https://www.checkmarx.com/products/static-application-security-testing", |
2370 | 2382 | "source": null, |
2371 | | - "pricing": null, |
2372 | | - "plans": null, |
| 2383 | + "pricing": "https://checkmarx.com/packaging/", |
| 2384 | + "plans": { |
| 2385 | + "free": false, |
| 2386 | + "oss": false |
| 2387 | + }, |
2373 | 2388 | "description": "Commercial Static Code Analysis which doesn't require pre-compilation.", |
2374 | 2389 | "discussion": null, |
2375 | 2390 | "deprecated": null, |
|
2999 | 3014 | "homepage": "https://spinroot.com/cobra", |
3000 | 3015 | "source": null, |
3001 | 3016 | "pricing": null, |
3002 | | - "plans": null, |
| 3017 | + "plans": { |
| 3018 | + "free": true, |
| 3019 | + "oss": true |
| 3020 | + }, |
3003 | 3021 | "description": "Structural source code analyzer by NASA's Jet Propulsion Laboratory.", |
3004 | 3022 | "discussion": null, |
3005 | 3023 | "deprecated": null, |
|
3150 | 3168 | ], |
3151 | 3169 | "homepage": "https://www.code-intelligence.com", |
3152 | 3170 | "source": null, |
3153 | | - "pricing": null, |
3154 | | - "plans": null, |
| 3171 | + "pricing": "https://www.code-intelligence.com/product-pricing", |
| 3172 | + "plans": { |
| 3173 | + "free": false, |
| 3174 | + "oss": true |
| 3175 | + }, |
3155 | 3176 | "description": "CI/CD-agnostic DevSecOps platform which combines industry-leading fuzzing engines for finding bugs and visualizing code coverage", |
3156 | 3177 | "discussion": null, |
3157 | 3178 | "deprecated": null, |
|
3191 | 3212 | ], |
3192 | 3213 | "homepage": "https://www.codeac.io/?ref=awesome-static-analysis", |
3193 | 3214 | "source": null, |
3194 | | - "pricing": null, |
3195 | | - "plans": null, |
| 3215 | + "pricing": "https://www.codeac.io/pricing.html", |
| 3216 | + "plans": { |
| 3217 | + "free": true, |
| 3218 | + "oss": true |
| 3219 | + }, |
3196 | 3220 | "description": "Automated code review tool integrates with GitHub, Bitbucket and GitLab (even self-hosted). Available for JavaScript, TypeScript, Python, Ruby, Go, PHP, Java, Docker, and more. (open-source free)", |
3197 | 3221 | "discussion": null, |
3198 | 3222 | "deprecated": null, |
|
3422 | 3446 | ], |
3423 | 3447 | "homepage": "https://www.getcodeflow.com", |
3424 | 3448 | "source": null, |
3425 | | - "pricing": null, |
3426 | | - "plans": null, |
| 3449 | + "pricing": "https://www.getcodeflow.com", |
| 3450 | + "plans": { |
| 3451 | + "free": false, |
| 3452 | + "oss": true |
| 3453 | + }, |
3427 | 3454 | "description": "Automated code analysis tool to deal with technical depth. Integrates with Bitbucket and Gitlab. (free for Open Source Projects)", |
3428 | 3455 | "discussion": null, |
3429 | 3456 | "deprecated": null, |
|
3450 | 3477 | ], |
3451 | 3478 | "homepage": "https://submain.com/products/codeit.right.aspx", |
3452 | 3479 | "source": null, |
3453 | | - "pricing": null, |
3454 | | - "plans": null, |
| 3480 | + "pricing": "https://submain.com/CodeIt.Right/editions/", |
| 3481 | + "plans": { |
| 3482 | + "free": false, |
| 3483 | + "oss": false |
| 3484 | + }, |
3455 | 3485 | "description": "CodeIt.Right™ provides a fast, automated way to ensure that your source code adheres to (your) predefined design and style guidelines as well as best coding practices.", |
3456 | 3486 | "discussion": null, |
3457 | 3487 | "deprecated": null, |
|
3883 | 3913 | ], |
3884 | 3914 | "homepage": "https://codesecure.com/our-products/codesonar/", |
3885 | 3915 | "source": null, |
3886 | | - "pricing": null, |
3887 | | - "plans": null, |
| 3916 | + "pricing": "https://codesecure.com/trial-request/", |
| 3917 | + "plans": { |
| 3918 | + "free": false, |
| 3919 | + "oss": false |
| 3920 | + }, |
3888 | 3921 | "description": "Advanced, whole program, deep path, static analysis of C, C++, Java and C# with easy-to-understand explanations and code and path visualization.", |
3889 | 3922 | "discussion": null, |
3890 | 3923 | "deprecated": null, |
|
3950 | 3983 | ], |
3951 | 3984 | "homepage": "https://www.codety.io", |
3952 | 3985 | "source": "https://github.com/codetyio/codety-scanner", |
3953 | | - "pricing": null, |
3954 | | - "plans": null, |
| 3986 | + "pricing": "https://www.codety.io", |
| 3987 | + "plans": { |
| 3988 | + "free": true, |
| 3989 | + "oss": true |
| 3990 | + }, |
3955 | 3991 | "description": "Codety Scanner is a comprehensive source code scanner that embeds 5000+ static code analysis rules, which aim to detect code issues for 20+ programming languages and IaC tools.", |
3956 | 3992 | "discussion": null, |
3957 | 3993 | "deprecated": null, |
|
4270 | 4306 | ], |
4271 | 4307 | "homepage": "https://corgea.com/", |
4272 | 4308 | "source": null, |
4273 | | - "pricing": null, |
4274 | | - "plans": null, |
| 4309 | + "pricing": "https://corgea.com/pricing", |
| 4310 | + "plans": { |
| 4311 | + "free": true, |
| 4312 | + "oss": false |
| 4313 | + }, |
4275 | 4314 | "description": "Corgea is an AI-powered SAST scanner that helps developers find and fix insecure code. It finds business logic flaws, broken authentication, API vulnerabilities, and more with little false positives. Additionally, it automatically writes security fixes for them to approve. Corgea integrates with GitHub, GitLab, Azure DevOps, IDEs and CLI. It is free to try it.", |
4276 | 4315 | "discussion": null, |
4277 | 4316 | "deprecated": null, |
|
4348 | 4387 | ], |
4349 | 4388 | "homepage": "https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html", |
4350 | 4389 | "source": null, |
4351 | | - "pricing": null, |
4352 | | - "plans": null, |
| 4390 | + "pricing": "https://www.synopsys.com/software-integrity/contact-sales.html", |
| 4391 | + "plans": { |
| 4392 | + "free": false, |
| 4393 | + "oss": true |
| 4394 | + }, |
4353 | 4395 | "description": "Synopsys Coverity supports 20 languages and over 70 frameworks including Ruby on rails, Scala, PHP, Python, JavaScript, TypeScript, Java, Fortran, C, C++, C#, VB.NET.", |
4354 | 4396 | "discussion": null, |
4355 | 4397 | "deprecated": null, |
|
5281 | 5323 | ], |
5282 | 5324 | "homepage": "https://www.deleaker.com/", |
5283 | 5325 | "source": null, |
5284 | | - "pricing": null, |
5285 | | - "plans": null, |
| 5326 | + "pricing": "https://www.deleaker.com/order.html", |
| 5327 | + "plans": { |
| 5328 | + "free": false, |
| 5329 | + "oss": false |
| 5330 | + }, |
5286 | 5331 | "description": "Deleaker is a memory leak detection tool for C++, .NET, and Delphi, integrating with Visual Studio, Qt Creator, and RAD Studio or running as a standalone application. It helps developers find and fix memory, GDI, and handle leaks efficiently.", |
5287 | 5332 | "discussion": null, |
5288 | 5333 | "deprecated": null, |
|
7593 | 7638 | ], |
7594 | 7639 | "homepage": "https://www.microfocus.com/en-us/cyberres/application-security/static-code-analyzer", |
7595 | 7640 | "source": null, |
7596 | | - "pricing": null, |
7597 | | - "plans": null, |
| 7641 | + "pricing": "https://www.opentext.com/products/fortify-on-demand/trial", |
| 7642 | + "plans": { |
| 7643 | + "free": false, |
| 7644 | + "oss": false |
| 7645 | + }, |
7598 | 7646 | "description": "A commercial static analysis platform that supports the scanning of C/C++, C#, VB.NET, VB6, ABAP/BSP, ActionScript, Apex, ASP.NET, Classic ASP, VB Script, Cobol, ColdFusion, HTML, Java, JS, JSP, MXML/Flex, Objective-C, PHP, PL/SQL, T-SQL, Python (2.6, 2.7), Ruby (1.9.3), Swift, Scala, VB, and XML.", |
7599 | 7647 | "discussion": null, |
7600 | 7648 | "deprecated": null, |
|
9105 | 9153 | ], |
9106 | 9154 | "homepage": "https://www.hcltechsw.com/products/appscan", |
9107 | 9155 | "source": null, |
9108 | | - "pricing": null, |
9109 | | - "plans": null, |
| 9156 | + "pricing": "http://www.hcl-software.com/appscan/contact-us", |
| 9157 | + "plans": { |
| 9158 | + "free": false, |
| 9159 | + "oss": false |
| 9160 | + }, |
9110 | 9161 | "description": "Commercial Static Code Analysis.", |
9111 | 9162 | "discussion": null, |
9112 | 9163 | "deprecated": null, |
|
10326 | 10377 | "homepage": "https://www.kiuwan.com/code-security-sast", |
10327 | 10378 | "source": null, |
10328 | 10379 | "pricing": "https://www.kiuwan.com/pricing", |
10329 | | - "plans": null, |
| 10380 | + "plans": { |
| 10381 | + "free": false, |
| 10382 | + "oss": false |
| 10383 | + }, |
10330 | 10384 | "description": "Identify and remediate cyber threats in a blazingly fast, collaborative environment, with seamless integration in your SDLC. Python, C\\C++, Java, C#, PHP and more.", |
10331 | 10385 | "discussion": null, |
10332 | 10386 | "deprecated": null, |
|
10420 | 10474 | "homepage": "https://www.perforce.com/products/klocwork", |
10421 | 10475 | "source": null, |
10422 | 10476 | "pricing": "https://www.perforce.com/purchase", |
10423 | | - "plans": null, |
| 10477 | + "plans": { |
| 10478 | + "free": false, |
| 10479 | + "oss": false |
| 10480 | + }, |
10424 | 10481 | "description": "Quality and Security Static analysis for C/C++, Java and C#.", |
10425 | 10482 | "discussion": null, |
10426 | 10483 | "deprecated": null, |
|
10901 | 10958 | "homepage": "https://ldra.com", |
10902 | 10959 | "source": null, |
10903 | 10960 | "pricing": "https://ldra.com/register/", |
10904 | | - "plans": null, |
| 10961 | + "plans": { |
| 10962 | + "free": false, |
| 10963 | + "oss": false |
| 10964 | + }, |
10905 | 10965 | "description": "A tool suite including static analysis (TBVISION) to various standards including MISRA C & C++, JSF++ AV, CWE, CERT C, CERT C++ & Custom Rules.", |
10906 | 10966 | "discussion": null, |
10907 | 10967 | "deprecated": null, |
|
12986 | 13046 | ], |
12987 | 13047 | "homepage": "https://www.parasoft.com/", |
12988 | 13048 | "source": null, |
12989 | | - "pricing": null, |
12990 | | - "plans": null, |
| 13049 | + "pricing": "https://www.parasoft.com/contact/", |
| 13050 | + "plans": { |
| 13051 | + "free": false, |
| 13052 | + "oss": false |
| 13053 | + }, |
12991 | 13054 | "description": "Automated Software Testing Solutions for unit-, API-, and web UI testing. Complies with MISRA, OWASP, and others.", |
12992 | 13055 | "discussion": null, |
12993 | 13056 | "deprecated": null, |
|
17924 | 17987 | ], |
17925 | 17988 | "homepage": "https://snyk.io", |
17926 | 17989 | "source": null, |
17927 | | - "pricing": null, |
17928 | | - "plans": null, |
17929 | | - "description": "Snyk Code finds security vulnerabilities based on AI. Its speed of analysis allow us to analyse your code in real time and deliver results when you hit the save button in your IDE. Supported languages are Java, JavaScript, Python, PHP, C#, Go and TypeScript. Integrations with GitHub, BitBucket and Gitlab. It is free to try and part of the Snyk platform also covering SCA, containers and IaC.", |
| 17990 | + "pricing": "https://snyk.io/plans/", |
| 17991 | + "plans": { |
| 17992 | + "free": true, |
| 17993 | + "oss": true |
| 17994 | + }, |
| 17995 | + "description": "Snyk Code finds security vulnerabilities based on AI. Its speed of analysis allow us to analyse your code in real time and deliver results when you hit the save button in your IDE. Supported languages are Java, JavaScript, Python, PHP, C#, Go and TypeScript. Integrations with GitHub, BitBucket and Gitlab. It is free to try and part of the Snyk platform also covering SCA, containers and IaC.", |
17930 | 17996 | "discussion": null, |
17931 | 17997 | "deprecated": null, |
17932 | 17998 | "resources": [ |
|
19499 | 19565 | ], |
19500 | 19566 | "homepage": "https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html", |
19501 | 19567 | "source": null, |
19502 | | - "pricing": null, |
19503 | | - "plans": null, |
| 19568 | + "pricing": "https://www.blackduck.com/static-analysis-tools-sast/coverity/get-pricing.html", |
| 19569 | + "plans": { |
| 19570 | + "free": false, |
| 19571 | + "oss": true |
| 19572 | + }, |
19504 | 19573 | "description": "A commercial static analysis platform that allows for scanning of multiple languages (C/C++, Android, C#, Java, JS, PHP, Python, Node.JS, Ruby, Fortran, and Swift).", |
19505 | 19574 | "discussion": null, |
19506 | 19575 | "deprecated": null, |
|
20891 | 20960 | ], |
20892 | 20961 | "homepage": "https://www.veracode.com/security/static-code-analysis", |
20893 | 20962 | "source": null, |
20894 | | - "pricing": null, |
20895 | | - "plans": null, |
| 20963 | + "pricing": "https://info.veracode.com/request-quote.html", |
| 20964 | + "plans": { |
| 20965 | + "free": false, |
| 20966 | + "oss": false |
| 20967 | + }, |
20896 | 20968 | "description": "Find flaws in binaries and bytecode without requiring source. Support all major programming languages: Java, .NET, JavaScript, Swift, Objective-C, C, C++ and more.", |
20897 | 20969 | "discussion": null, |
20898 | 20970 | "deprecated": null, |
|
0 commit comments