Open-source application from SEI CERT, SCALe, uses multiple static analysis tools to find security flaws in source code.

When it needed a static code analysis tool for Python, OpenStack found no commercial products. Necessity being the mother of invention, OpenStack developed its own open source tool.

To help demonstrate the types of coding errors that can be efficiently detected and prevented using static source code analysis, we consider a case study of three popular, security-critical open ...

The open-source static application security testing tool provides static code analysis, duplicate code and vulnerability detection, multi-language support and automation via CI/CD integration.

A Russian company behind the PVS-Studio static code analyzer claims to have used the tool to discover more than 10,000 bugs in various open source projects, including well-known offerings such as the ...

Static application security testing (SAST) is the most cost-effective way to secure code. It’s implemented during the software development life cycle, so developers and stakeholders know of security ...

For static analysis tools, more sophisticated examples tend to follow and build-in a similar approach to compiler toolsets by building in dependency-based incremental analysis capabilities.

About Checkov Checkov is an open-source static analysis and policy-as-code engine for Terraform, CloudFormation, Kubernetes, Azure Resource Manager, and Serverless Framework.

It also includes other open source plugins -- such as Cobertura -- along with a good deal of custom code, to provide a static code analysis tool dashboard. SonarQube adds a number of reporting ...

About CheckovCheckov is an open-source static analysis and policy-as-code engine for Terraform, CloudFormation, Kubernetes, Azure Resource Manager, and Serverless Framework.