Talk:List of tools for static code analysis

Table overview
Hey, is there anyone with experience with Wikipedia that could convert the Multi-Language tools to a table view? This would be handy to a tool that works across Java, C# and Scala for example. --EmileSonneveld (talk) 14:02, 22 February 2019 (UTC)

I've done the Ada table as a first task... Andrew D Banks (talk) 15:09, 29 May 2020 (UTC)

OK... got carried away, and did the rest! Given the overlap between the tables, there is some merit in combining them into one, with "Ada", "C/C++" etc columns. Note: I do not want to do that, given that I'm connected with one of the Companies! Andrew D Banks (talk) 08:07, 16 June 2020 (UTC)

Some good work by other editors to adapt my suggesion... can we now combine the separate C/C++ and Ada tables (and the other lists?) into the main one, and delete the separate sections? Andrew D Banks (talk) 05:59, 8 June 2021 (UTC)

Actuality of list
I find this table difficult to maintain. Some tools are cross-language and have to be listed several times. Criteria such as 'Duplicate code' might vary strongly, e.g. if one tool is adding the feature or removing it. The free-software tag is tricky, some vendors have free versions, e.g. SonarLint by SonarQube--𝔏92934923525 (talk) 16:04, 15 February 2021 (UTC)

IKOS
Hi,

I noticed that there is no link to IKOS. It's a static analyzer built by NASA.

I don't feel comfortable adding it myself: I didn't create IKOS, but I recently became the maintainer. And I fully understand that this is not a link farm. So, I prefer to let someone else decide.


 * The tool is available at: https://github.com/NASA-SW-VnV/ikos


 * It's a formal methods tool based on abstract interpretation.


 * It has 1.9K stars on github.


 * It's actively developed.


 * It's been recommended in Ubuntu for security analysis: https://ubuntu.com/blog/getting-started-with-ros-security-scanning


 * It's part of Space ROS: https://space-ros.github.io/docs/rolling/Related-Projects/IKOS.html

Perhaps someone else can review it and determine if it should be listed.

IvanPerez (talk) 01:04, 18 December 2023 (UTC)


 * This is a list of tools with a preexisting Wikipedia article of their own. MrOllie (talk) 01:28, 18 December 2023 (UTC)
 * I see. Thanks for the clarification. Some of the comments above were also referring to how notable the tool is, which made it sound like an article was not a requirement -- hence my confusion.
 * I do want to bring up that, if you look through the list, you'll see that some tools were added by the creators of the tools themselves. For example, at first glance I just saw that Yasca's article was added by Michael Scovetta, one of the creators. Is that allowed? Also, the tool is retired, archived, and has seen no changes in more than 6 years.
 * I don't have anything against that tool or the creator. I didn't even know the tool existed until know. It was just the first one I noticed. But perhaps a review of either the tools, or the criteria to include them, is warranted. IvanPerez (talk) 02:48, 18 December 2023 (UTC)
 * Those edits would not be in keeping with Wikipedia's conflict of interest guidelines, though standards were more lax back in 2008 when the Yasca article was created. MrOllie (talk) 03:07, 18 December 2023 (UTC)

Fortify SAST tool
This is a major tool used across DOD for all major languages - it is missing entirely from this article. There is also a separate Wiki article on Fortify Software (SAST and DAST), which references this page. 65.127.122.221 (talk) 23:19, 22 March 2024 (UTC)


 * This is a list of tools with preexisting Wikipedia articles. An article on a software company isn't the same as an article on the tool. See WP:NOTINHERITED. MrOllie (talk) 23:21, 22 March 2024 (UTC)