|
Astrée |
AbsInt Angewandte Informatik GmbH |
Static Analysis Tool and Coding Rules Checker |
Germany |
Coverage
Output
Searchable
|
|
BigLook |
Evenstar |
Code verification tool for ensuring source code compliance with domestic and international code seucrity guidelines. |
Korea |
Coverage
Output
Searchable
|
|
BinSearch |
ValiantSec Technology Co.,Ltd |
SCA |
China |
Coverage
Output
Searchable
|
|
C/C++test |
Parasoft Corporation |
Static Code Analysis |
United States |
Coverage
Output
Searchable
|
|
CAST Application Intelligence Platform |
CAST |
Automated Application Assessment Platform |
France |
Output
Searchable
Coverage
|
|
Checkmarx Static application security testing (SAST) |
Checkmarx |
Static application security testing engine - available both as an on-premises application or in the cloud as part of the Checkmarx
One application security suite.
|
Israel |
Coverage
Output
Searchable
|
|
COBOT |
Beijing Beida Software Engineering Development Co., Ltd. |
Program Static Analysis Tool |
P.R. China |
Coverage
Output
Searchable
|
|
COBOT-SCA |
Beijing Beida Software Engineering Development Co., Ltd. |
Software Composition And Vulnerability Analysis |
P.R. China |
Coverage
Output
Searchable
|
|
CODE-RAY |
TRINITYSOFT Co., Ltd |
Source Code Security weakness analysis tool |
Korea |
Coverage
Output
Searchable
|
|
CodeAnt |
ValiantSec Technology Co.,Ltd |
SCA and Development security |
China |
Coverage
Output
Searchable
|
|
CodeArts Check |
Hangzhou Huawei Cloud Computing Technologies Co., Ltd |
CodeArts Check/Code static analysis/SAST(Static Application Security Testing) |
China |
Coverage
Output
Searchable
|
|
CodePeer |
AdaCore |
Automated Code Review and Validation Tool |
United States |
Coverage
Output
Searchable
|
|
CodeScroll Code Inspector |
Suresoft Technologies Inc. |
Code-Based Auto Inspection Tool |
Korea |
Coverage
Output
Searchable
|
|
CodeScroll SNIPER |
Suresoft Technologies Inc. |
Static Code Analysis Tool |
Korea |
Coverage
Output
Searchable
|
|
CodeScroll STATIC |
Suresoft Technologies Inc. |
Web-based Static Code Analysis Tool |
Korea |
Coverage
Output
Searchable
|
|
CodeSec |
SecZone |
Statically Apply Security Tool |
China |
Coverage
Output
Searchable
|
|
CodeSense |
ValiantSec Technology Co.,Ltd |
SAST |
China |
Coverage
Output
Searchable
|
|
CodeSonar |
GrammaTech, Inc. |
Static Analysis Tool |
United States |
Output
Searchable
Coverage
|
|
Conviso Security Compliance (CSC) |
Conviso Application Security |
Vulnerability Identification and Management |
Brazil |
Output
Searchable
Coverage
|
|
Corax |
Shanghai Feiyu Technology Co.,Ltd. |
Static Application Security Testing |
China |
Coverage
Output
Searchable
|
|
Coverity |
Synopsys Inc. |
Static Application Security Testing |
United States |
Coverage
Output
Searchable
|
|
Cr0security Penetration Testing and Consultant Services |
Cr0security |
Network Penetration Testing and Vulnerability Assessment Services |
Indonesia |
Coverage
Output
Searchable
|
|
Cybellum Product Security Platform |
Cybellum |
Engine that can detect violation of CWEs in dinary files, on the assembly level. |
Israel |
Coverage
Output
Searchable
|
|
DerScanner |
DerSecur Ltd. |
SAST tool |
Israel |
Coverage
Output
Searchable
|
|
dotTEST |
Parasoft Corporation |
Static Code Analysis |
United States |
Coverage
Output
Searchable
|
|
Flawfinder |
David A. Wheeler |
Assessment Tool |
United States |
Coverage
Output
Searchable
|
|
FOSSCheck |
Suzhou Lengjingqicai Information Technology Co.,Ltd |
Software Composition Analysis Tool |
China |
Coverage
Output
Searchable
|
|
FossEye |
Suzhou Lengjingqicai Information Technology Co.,Ltd |
Open source security and compliance governance Tool |
China |
Coverage
Output
Searchable
|
|
IBM Security AppScan Standard |
IBM Security Systems |
Web Application Security Assessment Scanner |
United States |
Output
Searchable
Coverage
|
|
Imagix 4D, with Checklist for CWE |
Imagix Corporation |
Static Analysis and Change Review Tool |
United States |
Coverage
Output
Searchable
|
|
Jtest |
Parasoft Corporation |
Static Code Analysis |
United States |
Coverage
Output
Searchable
|
|
Julia |
Julia S.R.L. |
Static Program Analysis Tool |
Italy |
Coverage
Output
Searchable
|
|
Kiuwan Application Security platform |
Kiuwan Software S.L |
SaaS Enterprise Software Analytics Platform - Local Static Code Analysis with Emphasis on Security |
Spain |
Coverage
Output
Searchable
|
|
Klocwork Insight |
Klocwork, Inc. |
Assessment and Remediation Tool |
Canada |
Output
Searchable
Coverage
|
|
LDRA Testbed |
LDRA |
Static and Dynamic Software Analysis Tool Suite |
United Kingdom |
Output
Searchable
Coverage
|
|
LDRArules |
LDRA |
Static Analysis Tool and Coding Rules Checker |
United Kingdom |
Coverage
Output
Searchable
|
|
Lucent Sky Application Vulnerability Mitigation (AVM) |
Lucent Sky Corporation |
Application Vulnerability Mitigation |
United States |
Coverage
Output
Searchable
|
|
Micro Focus Application Defender |
Micro Focus Fortify |
Real-Time Detection and Prevention of Attacks |
United States |
Output
Searchable
Coverage
|
|
Micro Focus Fortify On Demand |
Micro Focus Fortify |
Static and Dynamic Analysis and Results Reporting Service |
United States |
Output
Searchable
Coverage
|
|
Micro Focus Software Security Center |
Micro Focus Fortify |
Results Reporting |
United States |
Output
Searchable
Coverage
|
|
Micro Focus Static Code Analyzer |
Micro Focus Fortify |
Static Analysis and Results Reporting |
United States |
Output
Searchable
Coverage
|
|
Micro Focus WebInspect |
Micro Focus Fortify |
Dynamic Analysis Web Application Security Assessment Tool |
United States |
Output
Searchable
Coverage
|
|
NaiveSystems Analyze |
Naive Systems Ltd. |
Static Analysis Tool and Coding Rules Checker |
China |
Coverage
Output
Searchable
|
|
Oversecured |
Oversecured Inc |
A SaaS-based mobile app vulnerability scanner |
United States |
Coverage
Output
Searchable
|
|
PC-lint Plus |
Vector Informatik GmbH |
C/C++ Static Code Analysis |
Germany |
Coverage
Output
Searchable
|
|
Polyspace Bug Finder |
MathWorks, Inc. |
Static Analysis Tool and Coding Rules Checker |
France |
Coverage
Output
Searchable
|
|
QA*C - CWE Compliance Module for C Programming Language |
Programming Research, Inc. |
Static Analysis of C code with advanced Data-flow/Control-flow/Cross-project and Multilanguage capabilities |
United States |
Coverage
Output
Searchable
|
|
QI-ANXIN Codesafe |
QI-ANXIN Technology Group Inc. |
Assessment Tool |
China |
Coverage
Output
Searchable
|
|
QI-ANXIN OSS Security |
QI-ANXIN Technology Group Inc. |
Assessment Tool |
China |
Coverage
Output
Searchable
|
|
RedRocket SAST |
Beijing RedRocket Technology Co., Ltd |
Static Analysis Tool |
China |
Coverage
Output
Searchable
|
|
RedRocket SCA |
Beijing RedRocket Technology Co., Ltd |
Software Composition Analysis Tool |
China |
Coverage
Output
Searchable
|
|
RESORT Code Analysis |
Soft4Soft Co., Ltd. |
Static Analysis Tool and Coding Rules Checker |
Korea |
Coverage
Output
Searchable
|
|
Secidea SCAP2000 |
Shenzhen Secidea Network Security Technology Co., Ltd |
Static Application Security Testing |
China |
Coverage
Output
Searchable
|
|
SecurityPrism |
GTONE Co., Ltd. |
Semantic Based Static Application Security Testing Tool |
Korea |
Coverage
Output
Searchable
|
|
Seeker Interactive Application Security Testing (IAST) |
Synopsys Inc. |
Interactive Application Security Testing |
United States |
Coverage
Output
Searchable
|
|
SFuzz |
SecZone |
SFuzz |
China |
Coverage
Output
Searchable
|
|
Software Assurance Reference Dataset (SARD) |
National Institute of Standards and Technology (NIST) |
Web-based Software Security Assurance Application |
United States |
Output
Searchable
Coverage
|
|
SonarQube platform with C/C++ plugin |
SonarSource SA |
Continuous Inspection, Trending, and Code Quality Management Platform |
Switzerland |
Coverage
Output
Searchable
|
|
SonarQube platform with Java plugin |
SonarSource SA |
Continuous Inspection, Trending, and Code Quality Management Platform |
Switzerland |
Coverage
Output
Searchable
|
|
SonarQube platform with Objective-C plugin |
SonarSource SA |
Continuous Inspection, Trending, and Code Quality Management Platform |
Switzerland |
Coverage
Output
Searchable
|
|
SourceCheck |
SecZone |
Open Source Component Security and Compliance Management Platform |
China |
Coverage
Output
Searchable
|
|
SPARK Pro |
AdaCore |
Product |
United States |
Coverage
Output
Searchable
|
|
SPARROW |
Sparrow Co., Ltd. |
Semantic-Based Static Program Analysis Tool |
Korea |
Output
Searchable
Coverage
|
|
Static Reviewer |
Security Reviewer |
Static Application Security Testing (SAST)- Security, Dead Code & Best Practices |
Italy |
Coverage
Output
Searchable
|
|
Swift Fuzzer Testing Tool |
GYSecurity Technology Co., Ltd |
Assessment and Remediation Tool |
China |
Coverage
Output
Searchable
|
|
TBvision |
LDRA |
Static Analysis Tool and Coding Rules Checker |
United Kingdom |
Output
Searchable
Coverage
|
|
ThreadFix |
Denim Group, Ltd |
Open Source Vulnerability Management Tool |
United States |
Output
Searchable
Coverage
|
|
Tsmart Static Analyzer |
School of Software, Tsinghua University |
Static Analysis Tool |
P.R. China |
Coverage
Output
Searchable
|
|
UniSCA |
ValiantSec Technology Co.,Ltd |
SCA and Development security |
China |
Coverage
Output
Searchable
|
|
USTCHCS high confidence software analysis tool suite |
Anhui USTC-Guochuang High-Confidence Software Co.,Ltd |
Static Analysis Tool and Coding Rules Checker |
China |
Coverage
Output
Searchable
|
|
Vackbot |
Beijing Moyunsec Technology Co.,Ltd |
CART (Continuous Automated Red Teaming) + BAS (Breach and Attack Simulation) |
China |
Coverage
Output
Searchable
|
|
vFeed API and Vulnerability Database Community |
ToolsWatch |
Open Source Correlated and Cross-Linked Vulnerability XML Vulnerability Database |
France |
Coverage
Output
Searchable
|
|
VulHunter |
SecZone |
Interactive Application Security Testing Platform |
China |
Coverage
Output
Searchable
|
|
WebLayers Center Security Policy Library |
WebLayers, Inc. |
Software Development Lifecycle (SDLC) Governance |
United States |
Output
Searchable
Coverage
|
|
WuKong SAST |
Beijing ZHONGKE TIANQI Information Technology Co.,Ltd. |
SAST(Static Application Security Testing) |
China |
Coverage
Output
Searchable
|
|
Xcheck OSS threat management platform |
Beijing Anpro Information Technology Co. LTD |
Assessment and Remediation Tool |
China |
Coverage
Output
Searchable
|
|
Xcheck Software Composition Analysis Platform |
Beijing Anpro Information Technology Co. LTD |
Assessment and Remediation Tool |
China |
Coverage
Output
Searchable
|
|
Xmaze AI Pen-Testing Extension |
Beijing Anpro Information Technology Co. LTD |
Assessment and Remediation Tool |
China |
Coverage
Output
Searchable
|
|
Xmaze Breach and Attack Simulation Platform |
Beijing Anpro Information Technology Co. LTD |
Assessment and Remediation Tool |
China |
Coverage
Output
Searchable
|
|
Xmaze IAST security testing platform |
Beijing Anpro Information Technology Co. LTD |
Assessment and Remediation Tool |
China |
Coverage
Output
Searchable
|
|
Xmaze Static Application Security Testing Platform |
Beijing Anpro Information Technology Co. LTD |
Assessment and Remediation Tool |
China |
Coverage
Output
Searchable
|
|
Xmaze Threat Modeling Automation Platform |
Beijing Anpro Information Technology Co. LTD |
Assessment and Remediation Tool |
China |
Coverage
Output
Searchable
|
|
Yishi Firmware Supply Chain Security Management System |
Anban Information Technology Co., Ltd |
TOOL |
China |
Coverage
Output
Searchable
|
|
ZBG-SAST |
CodeForce(Beijing)Software Technology Co., Ltd |
Static Application Security Testing |
China |
Coverage
Output
Searchable
|
|
ZBG-SCA |
CodeForce(Beijing)Software Technology Co., Ltd |
Software Composition Analysis |
China |
Coverage
Output
Searchable
|
|
|
Cenzic Hailstorm Enterprise ARC |
Cenzic, Inc. |
Web Application Security Risk Management Platform |
United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
Cenzic Hailstorm Professional |
Cenzic, Inc. |
Web Application Penetration Testing and Vulnerability Management
System
|
United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
Code Dx Enterprise Edition |
Code Dx, Inc. |
Software Vulnerability Assessment Tool |
United States |
Output
Searchable
Coverage
|
Available
Available
Planned
|
Code Dx Standard Edition |
Code Dx, Inc. |
Software Vulnerability Assessment Tool |
United States |
Output
Searchable
Coverage
|
Available
Available
Planned
|
CodeSecure Enterprise |
Armorize Technologies, Inc. |
Web Application Source Code Analysis Tool |
United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
CodeSecure Verifier |
Armorize Technologies, Inc. |
Web Application Source Code Analysis Suite |
United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
CodeSecure Workbench |
Armorize Technologies, Inc. |
Web Application Source Code Analysis Tool |
United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
COREvidence |
NETpeas, SA |
Cloud-Based, Multi-Engines Vulnerability Management Service |
France |
Output
Coverage
Searchable
|
Available
Available
Planned
|
Cppcheck |
CppCheck Development Team |
A tool for static C/C++ code analysis |
Ireland |
Output
Searchable
Coverage
|
Available
Available
Planned
|
CxCloud |
Checkmarx |
Static Code Analysis On Demand |
Israel |
Output
Searchable
Coverage
|
Available
Available
Available
|
CxEnteprise |
Checkmarx |
Static Code Analysis On Premise |
Israel |
Output
Searchable
Coverage
|
Available
Available
Available
|
CxSuite |
Checkmarx |
Static Application Security Testing/Application Security Code Review |
Israel |
Output
Searchable
Coverage
|
Available
Available
Available
|
DEFENSICS X |
Codenomicon Ltd. |
Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and
Descriptions for Found Vulnerabilities
|
Finland |
Output
Searchable
Coverage
|
Available
Available
Planned
|
IBM Security AppScan Enterprise |
IBM Security Systems |
Enterprise Web Application Security Assessment Tool |
United States |
Output
Searchable
Coverage
|
Planned
Planned
Planned
|
IBM Security AppScan Source |
IBM Security Systems |
Source Code Testing Tool |
United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
MyJVN |
Information-technology Promotion Agency, Japan (IPA) |
Filtered Vulnerability Countermeasure Information Tool |
Japan |
Output
Searchable
Coverage
|
Available
Available
Available
|
PVS-Studio C/C++/C# static code analyzer |
OOO "Program Verification Systems" (Co Ltd) |
Static code analyzer |
Russia |
Output
Searchable
Coverage
|
Available
Available
Planned
|
SofCheck Inspector for Ada |
SofCheck Inc. |
Static Analysis and Fault Detection Tool |
United States |
Searchable
Output
Coverage
|
Available
Planned
Planned
|
Zed Attack Proxy (ZAP) |
Open Web Application Security Project (OWASP) |
Integrated Penetration Testing Tool for Finding Vulnerabilities in Web
Applications
|
United Kingdom |
Coverage
Output
Searchable
|
Available
Available
Planned
|
|
QA*CPP - CWE Compliance Module for C++ Programming Language |
Programming Research, Inc. |
Source Code Static Analysis Product Suite |
United States |
Output
Searchable
Coverage
|
Planned
Planned
Planned
|
Rational AppScan Tester Edition |
IBM Rational |
Development-Time Web Application Security Testing Tool |
United States |
Output
Searchable
Coverage
|
Planned
Planned
Planned
|