Semgrep is described as 'Fast, open-source, static analysis tool that excels at expressing code standards — without complicated queries — and surfacing bugs early at editor, commit, and CI time. Precise rules look like the code you’re searching; no more traversing abstract syntax trees or' and is an app in the security & privacy category. There are more than 25 alternatives to Semgrep for a variety of platforms, including Windows, Web-based, Linux, SaaS and Mac apps. The best Semgrep alternative is SonarQube, which is both free and Open Source. Other great apps like Semgrep are Codacy, Shellcheck, Cppcheck and Coverity Scan.
Find and fix bug risks, anti-patterns, performance issues, security flaws automatically during code reviews. In addition, DeepSource automatically fixes some of the most commonly occurring issues. It works for Python, Go, Ruby, and JavaScript.
Teamscale analyzes the quality of your code. Analyze your code with a variety of static and dynamic analyses to identify specific maintainability constraints and avoid unexpected maintenance costs in the future.
Code analysis tool, including breakdown of developer contributions, and a clear breakdown of different types of problems with trends over time.
VCG is an automated code security review tool that handles C/C++, Java, C#, VB and PL/SQL. It has a few features that should hopefully make it useful to anyone conducting code security reviews, particularly where time is at a premium:
Codegrip is an automated code review SaaS platform that helps developers to save time in code reviews and to tackle technical debt efficiently.
We’re excited to introduce Opengrep, an open-source static code analysis engine built to ensure code security testing remains truly open and accessible to everyone. 🚀
Exlint is a an open source project that enables developers to centralize their open source coding standards and policies, so that configuring repositories becomes as easy as typing one command.
Kiuwan Application Security is an end-to-end Appsec platform. Monitoring, action plans and seamless integration within unlocalized teams are but a few of the features offered by Kiuwan.
DefenseCode ThunderScan® is a SAST (Static Application Security Testing, WhiteBox Testing) solution for performing deep and extensive security analysis of application source code.
Qodana is a smart code quality platform by JetBrains best suited for working in teams. It can analyze code written in 60+ languages including Java, JavaScript, TypeScript, PHP, Kotlin, Python, Go, and C#.
Improve quality, reduce risk, and ship with confidence. GrammaTech's static analysis SAST tool as part of your secure SDLC identifies bugs that can result in system crashes, unexpected behavior, and security breaches.
Code Inspector is a platform that helps developers and managers to deliver better code. Main features:
Germany
EU
Israel
United Kingdom
Czechia
United States