Automated code review tools

Automated code review tools – Open Source

PMD PMD scans Java source code and looks for potential problems like:

Possible bugs – empty try/catch/finally/switch statements
Dead code – unused local variables, parameters and private methods
Suboptimal code – wasteful String/StringBuffer usage
Overcomplicated expressions – unnecessary if statements, for loops that could be while loops
Duplicate code – copied/pasted code means copied/pasted bugs

Checkstyle Checkstyle provides checks that find class design problems, duplicate code, or bug patterns like double checked locking.

Findbugs Uses static analysis to look for bugs in Java code

Sonar Sonar is an open platform to manage code quality.

JNorm JNorm is Java code analysis tool that detects areas of code which could be replaced by functions from existing open source libraries

Splint Splint is a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint. If additional effort is invested adding annotations to programs, Splint can perform stronger checking than can be done by any standard lint.

Automated code review tools – Commercial products

Coverity Prevent – identifies security vulnerabilities and code defects in C, C++, C# and Java code

Fortify Helps developers identify software security vulnerabilities in C/C++, .NET, Java, JSP, ASP.NET, ColdFusion, “Classic” ASP, PHP, VB6, VBScript, JavaScript, PL/SQL, T-SQL, python and COBOL as well as configuration file

Lint Source Code Checker

Automated code review tools

Software

Links