Open Source Windows Source Code Analysis Tools
Sort By:
Source Code Analysis Tools for Windows
View 1963 business solutionsBrowse free open source Source Code Analysis tools and projects for Windows below. Use the toggles on the left to filter open source Source Code Analysis tools by OS, license, language, programming language, and project status.
-
AI-powered service management for IT and enterprise teamsGive your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.
-
Ship Agents FasterGemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
-
1
Doxygen is a JavaDoc like documentation system for C++, C, Java and IDL.
-
2
PMD
A source code analyzer
PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Salesforce.com Apex, Java, JavaScript, XML, XSL. Additionally it includes CPD, the copy-paste-detector. CPD finds duplicated code in Java, C, C++, C#, PHP, Ruby, Fortran, JavaScript, Matlab, Swift. You can fork us on https://github.com/pmd -
3
cppcheck
Static source code analysis tool for C and C++ code
Static analysis of C/C++ code. Checks for: memory leaks, mismatching allocation-deallocation, buffer overrun, and many more. The goal is 0% false positives. See http://cppcheck.sourceforge.net for more information. -
4
Blockly
The web-based visual programming editor
The Blockly library adds an editor to your app that represents coding concepts as interlocking blocks. It outputs syntactically correct code in the programming language of your choice. Custom blocks may be created to connect to your own application. Blockly in a browser allows web pages to include a visual code editor for any of Blockly's five supported programming languages, or your own. Blockly plugins are self-contained pieces of code that add functionality to Blockly. Blockly codelabs provide step-by-step instructions on how to use and customize Blockly. From a user's perspective, Blockly is an intuitive, visual way to build code. From a developer's perspective, Blockly is a ready-made UI for creating a visual language that emits syntactically correct user-generated code. Blockly can export blocks to many programming languages. -
Streamline Azure Security with Palo Alto Networks VM-SeriesImprove your security posture and reduce incident response time. Use the VM-Series to natively analyze Azure traffic and dynamically drive policy updates based on workload changes.
-
5
A Notepad++ plugin that allows users to run JSLint (The JavaScript Code Quality Tool) against their open JavaScript files (more about JSLint at http://www.jslint.com/lint.html). Also supports JSHint (http://www.jshint.com/).
-
6
SonarQube
Continuous inspection
SonarQube empowers all developers to write cleaner and safer code. Thousands of automated Static Code Analysis rules, protecting your app on multiple fronts, and guiding your team. Catch tricky bugs to prevent undefined behavior from impacting end-users. Fix vulnerabilities that compromise your app, and learn AppSec along the way with Security Hotspots. Make sure your codebase is clean and maintainable, to increase developer velocity! We embrace progress - whether it's multi-language applications, teams composed of different backgrounds or a workflow that's a mix of modern and legacy, SonarQube has you covered. SonarQube fits with your existing tools and pro-actively raises a hand when the quality or security of your codebase is at risk. SonarQube can analyse branches of your repo, and notify you directly in your Pull Requests! -
7
tkdiff
Side-by-side diff viewer, editor and merge preparer
tkdiff is a graphical front end to the diff program. It provides a side-by-side view of the differences between two text files, along with several innovative features such as diff bookmarks, a graphical map of differences for quick navigation, and a facility for slicing diff regions to achieve exactly the merge output desired. -
8
Hack
A typeface designed for source code
Hack includes monospaced regular, bold, italic, and bold italic sets to cover all of your syntax highlighting needs. Over 1500 glyphs that include lovingly tuned extended Latin, modern Greek, and Cyrillic character sets. Powerline glyphs are included in the regular set. Patching is not necessary. Install and go. No frills. No gimmicks. Hack is hand groomed and optically balanced to be your go-to code face. Type design features to improve legibility in the harsh conditions of the screen. A libre typeface with generous licensing that permits modification & commercial use. Hack has deep roots in the libre, open source typeface community and includes the contributions of the Bitstream Vera & DejaVu projects. The face has been re-designed with an expanded glyph set, modifications of the original glyph shapes, and meticulous attention to metrics. -
9
CLOC (Count Lines of Code)
Count lines of code in multiple languages with detailed statistics
cloc (Count Lines of Code) is a command-line tool that analyzes source code and reports the number of lines by language, distinguishing between code, comments, and blank lines. It supports hundreds of programming languages and is highly useful for estimating project size, comparing codebases, or tracking development progress. cloc can analyze entire directories, version control repositories, and even compressed archives. -
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
10
Roslyn
The .NET Compiler Platform
Roslyn provides rich, code analysis APIs to open source C# and Visual Basic compilers. This enables you to access a wealth of information about your code from compilers, which you can then use for code-related tasks in your tools and applications. Roslyn dramatically lowers the barrier to entry for creating code-focused tools and applications, creating many opportunities for innovation. -
11
Sentry
Cross-platform application monitoring and error tracking software
Sentry is a cross-platform, self-hosted error monitoring solution that helps software teams discover, monitor and fix errors in real-time. The most users and logs will have to provide are the clues, and Sentry provides the answers. Sentry offers enhanced application performance monitoring through information-laden stack traces. It lets you build better software faster and more efficiently by showing you all issues in one place and providing the trail of events that lead to errors. It also provides real-time monitoring and data visualization through dashboards. Sentry’s server is in Python, but its API enables for sending events from any language, in any application. More than fifty-thousand companies already ship better software faster thanks to Sentry; let yours be one of them! -
12
VisualCodeGrepper V2.3.2
Code security review tool for C/C++, C#, VB, PHP, Java, PL/SQL, COBOL.
VCG is an automated code security review tool for C++, C#, VB, PHP, Java, PL/SQL and COBOL, which is intended to speed up the code review process by identifying bad/insecure code. New beta functionality has been added for R. It has a few features that should make it useful. In addition to performing some more complex checks it also has a config file for each language that basically allows you to add any bad functions (or other text) that you want to search for. It attempts to find phrases within comments that can indicate broken code and it provides stats and a pie chart (for the entire codebase and for individual files) showing relative proportions of code, whitespace, comments, 'ToDo'-style comments and bad code. I've tried to produce something which searches intelligently for buffer overflows and signed/unsigned comparison in C, violations of OWASP recommendations in Java code, etc. Current version: 2.3.2 -
13
Joern
Open-source code analysis platform for C/C++/Java/Binary/Javascript
Joern is a platform for analyzing source code, bytecode, and binary executables. It generates code property graphs (CPGs), a graph representation of code for cross-language code analysis. Code property graphs are stored in a custom graph database. This allows code to be mined using search queries formulated in a Scala-based domain-specific query language. Joern is developed with the goal of providing a useful tool for vulnerability discovery and research in static program analysis. -
14
OpenRewrite
Automated mass refactoring of source code
The OpenRewrite project is a mass source code refactoring ecosystem. Reduce 1000s of hours of static code analysis fixes to minutes. Turn a four-month migration project into four hours of work. Patch security vulnerabilities across 100s of repositories at once. OpenRewrite automates code refactoring and remediation tasks for you, enabling developers to deliver more business value. OpenRewrite's refactoring engine and recipes will always be open-source. Build tool plugins like OpenRewrite Gradle Plugin and OpenRewrite Maven Plugin help you run these recipes on one repository at a time. Moderne is a complementary product that executes OpenRewrite recipes at scale on hundreds of millions of lines of code and enables mass-committing of results. Moderne freely runs a public service for the benefit of thousands of open-source projects. -
15
Eclipse Checkstyle Plug-in
Integrates Checkstye into the Eclipse IDE
The Eclipse Checkstyle plug-in integrates the Checkstyle Java code auditor into the Eclipse IDE. The plug-in provides real-time feedback to the user about violations of rules that check for coding style and possible error prone code constructs. -
16
Iosevka
Versatile typeface for code, from code
Iosevka is an open-source, sans-serif + slab-serif, monospace + quasi‑proportional typeface family, designed for writing code, using in terminals, and preparing technical documents. The Iosevka’s monospace family is provided in a slender outfit by default: glyphs are exactly 1/2em wide. Compared to the competitors, you could fit more columns within the same screen width. Iosevka provides two widths, Normal and Extended. If you prefer more breeze between the character, choose Extended and enjoy. Terminal emulators have a stricter compatibility requirements for fonts. Therefore, Iosevka and Iosevka Slab all contain two specialized families, Term and Fixed, targeting terminal users. In these families, the symbols will be narrower to follow terminals’ ideology of column count. In the Fixed families, the ligation will be disabled to ensure better compatibility in certain environments. -
17
coan
"The C preprocessor chainsaw"
Coan is a software engineering tool for analysing preprocessor-based configurations of C or C++ source code. Its principal use is to simplify a body of source code by eliminating any parts that are redundant with respect to a specified configuration. -
18
Pulumi
Developer-first infrastructure as code. Your cloud, your language
Pulumi's Infrastructure as Code SDK is the easiest way to create and deploy cloud software that use containers, serverless functions, hosted services, and infrastructure, on any cloud. Simply write code in your favorite language and Pulumi automatically provisions and manages your AWS, Azure, Google Cloud Platform, and/or Kubernetes resources, using an infrastructure-as-code approach. Skip the YAML, and use standard language features like loops, functions, classes, and package management that you already know and love. Pulumi is open source under the Apache 2.0 license, supports many languages and clouds, and is easy to extend. This repo contains the pulumi CLI, language SDKs, and core Pulumi engine, and individual libraries are in their own repos. Walk through end-to-end workflows for creating containers, serverless functions, and other cloud services and infrastructure. -
19
codeium-chrome
Free, ultrafast code autocomplete for Chrome
Free, ultrafast code autocomplete for Chrome. Codeium autocompletes your code with AI in all major IDEs. This includes web editors as well. The content attribute accepts a comma-separated list of supported editors. These currently include: "monaco" and "codemirror5". -
20
MoarVM
A runtime built for the 6model object system
Short for "Metamodel On A Runtime", MoarVM is a modern virtual machine built for the Rakudo Perl 6 compiler and the NQP Compiler Toolchain. MoarVM is used by the majority of Perl 6 programmers. Highlights include: Great Unicode support, with strings represented at grapheme level, dynamic analysis of running code to identify hot functions and loops, and perform a range of optimizations, including type specialization and inlining, support for threads, a range of concurrency control constructs, and asynchronous sockets, timers, processes, and more, generational, parallel, garbage collection, support for numerous language features, including first class functions, exceptions, continuations, runtime loading of code, big integers and interfacing with native libraries. MoarVM provides very little directly - and that's a good thing. It is not tied to a particular way of doing inheritance, roles, mixins, method resolution, type-checking, and so forth. -
21
Semgrep
Lightweight static analysis for many languages
Static analysis at ludicrous speed. Find bugs and enforce code standards. Find and prevent security issues in Terraform, Docker, Kubernetes, nginx, and AWS configs before they go into production. Go beyond application code and protect the entire stack with a breadth of scanning capabilities. Don't leak secrets, scan every commit and ensure secrets don't make it to production. Protect the privileged CI/CD environment from malicious activity that could result in access to source code, secrets, and more. Run with registry rules or your own. Code is analyzed locally (not uploaded). Get results at ludicrous speed with diff-aware scans, review findings in MR and PR comments, and deploy Semgrep across your organization’s projects. Go beyond the registry with rules specific to your organization. Write rules to enforce your own code guardrails. -
22
Cinder
Community-developed library for professional-quality creative coding
Cinder is a free and open source library for professional-quality creative coding in C++. Cinder is available under the BSD License for macOS and Windows. The latest version is 0.9.2. To keep up-to-date with Cinder’s development, consider working from the github repository directly. Cinder is a C++ library for programming with aesthetic intent - the sort of development often called creative coding. This includes domains like graphics, audio, video, and computational geometry. Cinder is cross-platform, with official support for macOS, Windows, Linux, iOS, and Windows UWP. Cinder is production-proven, powerful enough to be the primary tool for professionals, but still suitable for learning and experimentation. Full keyboard, mouse (including scroll wheel), window, and file drag and drop. -
23
GrumPHP
A PHP code-quality tool
Sick and tired of defending code quality over and over again? GrumPHP will do it for you! This composer plugin will register some git hooks in your package repository. When somebody commits changes, GrumPHP will run some tests on the committed code. If the tests fail, you won't be able to commit your changes. This handy tool will not only improve your codebase, it will also teach your co-workers to write better code following the best practices you've determined as a team. GrumPHP has a set of common tasks built in. You will be able to use GrumPHP with a minimum of configuration. We don't want to bore you with all the details, so quick: install it yourself and unleash the power of GrumPHP! -
24
Luacheck
A tool for linting and static analysis of Lua code
Luacheck is a static analyzer and a linter for Lua. Luacheck detects various issues such as usage of undefined global variables, unused variables and values, accessing uninitialized variables, unreachable code and more. Most aspects of checking are configurable: there are options for defining custom project-related globals, for selecting set of standard globals (version of Lua standard library), for filtering warnings by type and name of related variable, etc. The options can be used on the command line, put into a config or directly into checked files as Lua comments. Luacheck supports checking Lua files using the syntax of Lua 5.1, Lua 5.2, Lua 5.3, and LuaJIT. Luacheck itself is written in Lua and runs on all of the mentioned Lua versions. -
25
BAT
A cat(1) clone with syntax highlighting and Git integration
A cat(1) clone with syntax highlighting and Git integration. By default, bat pipes its own output to a pager (e.g. less) if the output is too large for one screen. If you would rather bat work like cat all the time (never page output), you can set --paging=never as an option, either on the command line or in your configuration file. If you intend to alias cat to bat in your shell configuration, you can use alias cat='bat --paging=never' to preserve the default behavior. Even with a pager set, you can still use bat to concatenate files. Whenever bat detects a non-interactive terminal (i.e. when you pipe into another process or into a file), bat will act as a drop-in replacement for cat and fall back to printing the plain file contents, regardless of the --pager option's value. Use bat --list-themes to get a list of all available themes for syntax highlighting.
