Source Code Analysis Tools - Java, Javascript, .NET, PHP, Python, Ruby, Flex

 

Java Source Code Analysis Tools

 

Stan - Structure Analysis for Java

STAN encourages developers in visualizing their design, understanding code, measuring quality and reporting design flaws. STAN supports a set of carefully selected metrics, suitable to cover the most important aspects of structural quality. Special focus has been set on visual dependency analysis, a key to structure analysis. STAN provides its own perspective, showing various dependency graphs, ranking metric violations, generating HTML reports, etc.


AgitarOne

The AgitarOne product family helps you work safer, better, and smarter as you develop and maintain your Java applications. AgitarOne JUnit Generator creates thorough JUnit tests on your code. This helps you find regressions and makes it safer and easier to improve your code to reduce the cost to maintain it. AgitarOne Agitator helps developers understand the behavior of their code as they write it. This helps you prevent bugs and prevent code complexity that can become tomorrow's maintenance headache.


Allmon

Allmon is a generic system collecting and storing metrics used for performance and availability monitoring.


CallGraph

CallGraph is a view plugin for Eclipse that enables graphical exploration of call and class hierarchies. Leverages the internal platform Call Hierarchy and Search mechanisms and uses Zest to provide a searchable graphical representation of the caller/callee relations between methods (including constructors and internal classes) and sub/super-class relations between classes. Designed to help understand complex call and class relations in larger scale applications.


Checkstyle

Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard. Checkstyle is highly configurable and can be made to support almost any coding standard.


ckjm

The program ckjm calculates Chidamber and Kemerer object-oriented metrics by processing the bytecode of compiled Java files.


Classycle

Classycle's Analyser analyses the static class and package dependencies in Java applications or libraries. It is especially helpful for finding cyclic dependencies between classes or packages. Classycle's Dependency Checker searchs for unwanted class dependencies described in a dependency definition file. Dependency checking helps to monitor whether certain architectural constrains (e.g. in a layered architecture) are fulfilled or not.


CodePro AnalytiX

CodePro Analytix is a comprehensive set of software analysis tools composed of a collection of native Eclipse plugins. CodePro seamlessly integrates into any Eclipse based Java desktop development environment, adding static code analysis (with nearly 1,000 audit rules), metrics, automated test generation, JUnit test editing, and team collaboration functionality. Extensive security audit rules were recently added to enable developers to automatically detect and address security vulnerabilities as they are writing code, thus closing the opportunities for potential malicious users, and focusing on quality earlier in the software development lifecycle (SDLC). Seamless integration with Eclipse, IBM Rational, JBuilder and MyEclipse.


Coverity Integrity Center

Analyze source code for defects with Coverity Prevent to find and eliminate the root-cause of product delays or costly product recalls. Expose security flaws early in the lifecycle so security audit teams don’t slow you down with rework, and help the rest of your team improve the quality of their code early in the application lifecycle. Coverity supports C/C++/Java and C#.


Daikon

Dynamic invariant detection runs a program, observes the values that the program computes, and then reports properties that were true over the observed executions. Daikon can detect properties in C, C++, Eiffel, IOA, Java, and Perl programs; in spreadsheet files; and in other data sources.


FindBugs

FindBugs is a program which uses static analysis to look for bugs in Java code. FindBugs requires JRE (or JDK) 1.5.0 or later to run. However, it can analyze programs compiled for any version of Java, from 1.0 to 1.8.


Jensor

Jensor is a light-weight, low-overhead Java profiler written entirely in Java. Jensor is built on ByteCode Instrumentation (BCI) technology. Jensor provides innovative analysis techniques that help to detect and eliminate bottlenecks in Java applications.


JRipples

JRipples helps programmers during software change. JRipples is based on the philosophy of “intelligent assistance”, which requires close cooperation between the programmer and the tool. The tool analyzes the program, keeps track of the inconsistencies, and automatically marks the components to be visited by the programmer.


McCabe IQ

McCabe IQ Developers Edition objectively measures software quality through advanced static analysis and visualizes the architecture, highlighting the most complex areas of the code base to identify bugs and security vulnerabilities. McCabe IQ Test Team Edition provides comprehensive test / code coverage to focus, monitor, and document software testing processes. McCabe IQ Test Team Edition accurately assesses the thoroughness of your testing and aids in gauging the time and resources needed to ensure a well-tested application. McCabe IQ Enterprise Edition provides all the functionality of the Developers and Test Team Editions. In addition, it provides the robust enterprise reporting, advanced reengineering capabilities, change analysis, and secure web-enabled test data collection.


MetricsAnalytics Sonar

MetricsAnalytics Sonar is a Sonar plugin. MetricsAnalytics calculates the Total Quality of a java project. The Total Quality is composed from an architecture, design, code and test indicator. To calculate the architecture and design indicator, MetricsAnalytics is based on JDepend and Ckjm.


PMD

PMD scans Java source code and looks for potential problems like:
* Possible bugs - empty try/catch/finally/switch statements
* Dead code - unused local variables, parameters and private methods
* Suboptimal code - wasteful String/StringBuffer usage
* Overcomplicated expressions - unnecessary if statements, for loops that could be while loops
* Duplicate code - copied/pasted code means copied/pasted bugs


Software Change Management "Where Used" Scanner

FindItEZ ( pronounced "find it easy" ) is a "where used" developer tool for improved change management on large software projects. It cuts impact analysis time, improves change estimate accuracy and aids in preemptive quality assurance by quickly scanning all common source code files & database objects in a single tool.


Solid TA Software Evolution Trend Analyzer

The Solid Trend Analyzer is a standalone, non-intrusive solution for monitoring and investigating software trends. SolidTA uses a number of proprietary and standard metric analyses to assess the evolution of software quality indicators for industry-size code versioning repositories. SolidTA presents the analyses results in an intuitive way to enable users to discover trend correlations and make fact-based informed decisions. Overviews of team activity or system metrics can be produced in minutes. No repository management expertise is required.


SolidSDD - Software Duplication Detector

The Software Duplication Detector (SolidSDD) is a standalone application for detecting and managing source code duplication (i.e., code clones) in software. It can be used to analyze large projects and detect code that has been cloned (e.g., via cut-n-paste operations) during development. The currently supported programming languages are C, C++, C# and Java. In addition to identifying the code clone fragments, SolidSDD offers an intuitive graphical interface for assessing the code duplication characteristics and the location of the duplicated fragments in the code stack. This interface enables developers, architects and software managers to better manage the process of refactoring by assessing the required effort and establishing refactoring priorities.


Soot

Soot is a Java optimization framework. It provides four intermediate representations for analyzing and transforming Java bytecode. Soot can be used as a stand alone tool to optimize or inspect class files, as well as a framework to develop optimizations or transformations on Java bytecode.


Squale

Squale is a qualimetry platform that allows to analyze multi-language software applications in order to give a sharp and comprehensive picture of their quality.


Tattletale

Tattletale is a tool that can help you get an overview of the project you are working on or a product that you depend on.


Testability-explorer

Testability-explorer is a tool which analyzes java byte-codes and computes how difficult it will be to write unit-test. It attempts to help you quantitatively determine how hard your code is to test and, where to focus to make it more testable.


UCDetector

UCDetector (Unnecessary Code Detector - pronounced "You See Detector") is a eclipse PlugIn tool to find unnecessary (dead) public java code. For example public classes, methods or fields which have no references. UCDetector creates markers for the following problems, which appear in the eclipse problem view.


Usus

The goal of Usus is to provide Eclipse Plug-Ins that help to integrate common compiler and formatter settings in the Eclipse workspace, support Checkstyle, EclEmma and other tools, and apply some OO design metrics to analyse weak spots in the code.


Yasca

Yasca consists of two components: a framework for conducting source code analyses, and an implementation of that framework, leveraging custom plugins, FindBugs, PMD, and Jlint