Integrates Checkstye into the Eclipse IDE
The Eclipse Checkstyle plug-in integrates the Checkstyle Java code auditor into the Eclipse IDE. The plug-in provides real-time feedback to the user about violations of rules that check for coding style and possible error prone code constructs.
A source code analyzer
Doxygen is a JavaDoc like documentation system for C++, C, Java and IDL.
Static source code analysis tool for C and C++ code
Static analysis of C/C++ code. Checks for: memory leaks, mismatching allocation-deallocation, buffer overrun, and many more. The goal is 0% false positives. See http://cppcheck.sourceforge.net for more information.
Code coverage tool for .NET 2 and above
OpenCover is a free and open source code coverage tool for .NET 2 and above (Windows OSs only - no MONO), with support for 32 and 64 processes and covers both branch and sequence points. It uses the profiler API that is currently only available to .NET Frameworks running on the Windows platform. OpenCover is an attempt at building a code coverage utility that addresses certain issues in maintaining PartCover support for 64-bit processes.
ILSpy is a portable version of ILSpy
ILSpy Portable is the ILSpy packaged with a PortableApps.com launcher as a portable app, so you can browse in privacy on your iPod, USB flash drive, portable hard drive, etc. It has all the same features as ILSpy, plus, it leaves no personal information behind on the machine you run it on, so you can take it with you wherever you go.
Code security review tool for C/C++, C#, VB, PHP, Java, PL/SQL, COBOL.
VCG is an automated code security review tool for C++, C#, VB, PHP, Java, PL/SQL and COBOL, which is intended to speed up the code review process by identifying bad/insecure code. It has a few features that should make it useful. In addition to performing some more complex checks it also has a config file for each language that basically allows you to add any bad functions (or other text) that you want to search for. It attempts to find phrases within comments that can indicate broken code and it provides stats and a pie chart (for the entire codebase and for individual files) showing relative proportions of code, whitespace, comments, 'ToDo'-style comments and bad code. I've tried to produce something which searches intelligently for buffer overflows and signed/unsigned comparison in C, violations of OWASP recommendations in Java code, etc. Current version: 2.2.0
Source Navigator NG is a source code analysis tool. With it, you can edit your source code, display relationships between classes and functions and members, and display call trees. You can navigate your source code and easily get to declarations or implementations of functions, variables and macros (commonly called "symbols") which helps you discovering and mapping unknown source code for enhancement or maintenance tasks.
Eclipse Plugin to find unused Java code
UCDetector (Unnecessary Code Detector) is a Open Source Eclipse Plugin Tool. UCDetector finds unnecessary (dead) public Java code. It suggests to make code final, protected or private.
Tool to detect and correct vulnerabilities in PHP web applications
WAP automatic detects and corrects input validation vulnerabilities in web applications written in PHP Language (version 4.0 or higher) and with a low rate of false positives. WAP detects the following vulnerabilities: - SQL injection using MySQL, PostgreSQL and DB2 DBMS - Reflected cross-site scripting (XSS) - Stored XSS - Remote file inclusion - Local file inclusion - Directory traversal - Source code disclosure - OS command injection - PHP code injection WAP is a static analysis tool that performs taint analysis to detect vulnerabilities, tracking malicious users inputs and checking if they reach calls of sensitive functions. It has a low rate of false positives because has implemented a data mining module to predict false positives when detects vulnerabilities. The output of the tool is: - shows the vulnerabilities found and how they are corrected - new files with the corrections
QtCreator plugin for some command line tools over a Qt (.pro) project.
qpt (Qt Project Tool) understands Qt C++ projects (.pro) and allows to pass this information to command line tools as "Code Counters" and "Static Analysis tools". It also can used inside QtCreator to act as a plugin for "Static Analysis tools" putting reported issues into QtCreator issues pane.
A general purpose source code indexer and cross-referencer that provides web-based browsing of source code with links to the definition and usage of any identifier. Supports multiple languages. Up-to-date information in http://lxr.sourceforge.net
Ada source code controller
A tool that detects the use of many constructs in Ada programs. Use it to control style or programming rules, but also as a powerful tool to search for use (or non-use) of various forms of programming styles or design patterns.
A drop-in replacement for the src.zip shipped with Oracle Java 7, that contains sources to all Java classes that are shipped or generated by the OpenJDK project (the official src.zip only covers public classes), plus tools to generate it.
A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.
Qt Creator Cppcheck integration plugin
Allows to use Cppcheck static analyzer tool in Qt Creator IDE. Sources can be obtained here: https://github.com/OneMoreGres/qtc-cppcheck IMPORTANT: plugin's version must match Qt Creator's version (difference in last digit is acceptable) Then plugin must be enabled in Help->Modules menu.
"The C preprocessor chainsaw"
Coan is a software engineering tool for analysing preprocessor-based configurations of C or C++ source code. Its principal use is to simplify a body of source code by eliminating any parts that are redundant with respect to a specified configuration.
This tool helps you to reverse engineer UML Sequence Diagram for your java program at runtime. It works well with both complex java programs (that have multiple threads) and J2EE applications deployed on Application Servers.
This project has moved to GitHub ! The version here at SourceForge will remain for historic purpose. Koopa is a parser generator, made for COBOL. It can handle source files in isolation (no preprocessing required) and doesn't mind the presence of CICS/SQL fragments. The grammar is easily extensible in a way which minimizes the impact on the overall code.
Diff-ext is an extension for filemanagers such as Windows Explorer and Nautilus that allows to launch diff/merge tools on selected files.
Hexjector is an Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.
A very powerful java bytecode viewer and decompiler which makes use of the javassist open source library.
Direct C++ to C# translator, translates one of the languages to another without compiling. Has academic aim only!!!
Provide metrics calculation and dependency analyzer plugin for the Eclipse platform. Measure metrics with avg and std deviation and detect cycles in package and type dependencies. Continuation of work from http://sourceforge.net/projects/metrics.