Alternatives to Coco Code Coverage
Compare Coco Code Coverage alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to Coco Code Coverage in 2025. Compare features, ratings, user reviews, pricing, and more from Coco Code Coverage competitors and alternatives in order to make an informed decision for your business.
-
1
MuukTest
MuukTest
Are bugs slipping through your QA process and frustrating your customers? Catching issues early shouldn’t mean overwhelming your team with time-consuming tests. With MuukTest’s AI-driven platform, growing engineering teams reach 95% end-to-end test coverage in just 3 months, delivering quality at speed. By leveraging AI, our QA experts rapidly design, manage, and maintain comprehensive E2E tests for web, mobile, and API applications on the MuukTest platform. Within 8 weeks, we deliver full regression coverage, followed by exploratory and negative testing to uncover hidden bugs and expand test scenarios. We also proactively identify and address flaky tests and false results to ensure the reliability of your tests. Testing early and often allows you to detect bugs in the early stages of your development lifecycle, reducing the burden of technical debt down the line. -
2
TrustInSoft Analyzer
TrustInSoft
TrustInSoft Analyzer is a C and C++ source code analyzer powered by formal methods, mathematical & logical reasonings that allow for exhaustive analysis of source code. This analysis can be run without false positives or false negatives, so that every real bug in the code is found. Developers receive several benefits: a user-friendly graphical interface that directs developers to the root cause of bugs, and instant utility to expand the coverage of their existing tests. Unlike traditional source code analysis tools, TrustInSoft’s solution is not only the most comprehensive approach on the market but is also progressive, instantly deployable by developers, even if they lack experience with formal methods, from exhaustive analysis up to a functional proof that the software developed meets specifications. Companies who use TrustInSoft Analyzer reduce their verification costs by 4, efforts in bug detection by 40, and obtain an irrefutable proof that their software is safe and secure. -
3
Parasoft
Parasoft
Parasoft helps organizations continuously deliver high-quality software with its AI-powered software testing platform and automated test solutions. Supporting embedded and enterprise markets, Parasoft’s proven technologies reduce the time, effort, and cost of delivering secure, reliable, and compliant software by integrating everything from deep code analysis and unit testing to UI and API testing, plus service virtualization and complete code coverage, into the delivery pipeline. A powerful unified C and C++ test automation solution for static analysis, unit testing and structural code coverage, Parasoft C/C++test helps satisfy compliance with industry functional safety and security requirements for embedded software systems. -
4
Parasoft dotTEST
Parasoft
Save time and money by finding and fixing defects earlier. Reduce the effort and cost of delivering high-quality software by preventing more complicated and expensive problems down the line. Ensure your C# or VB.NET code complies with a wide range of safety and security industry standards, including the requirement traceability mandated and the documentation required to verify compliance. Parasoft's C# testing tool, Parasoft dotTEST, automates a broad range of software quality practices for your C# and VB.NET development activities. Deep code analysis uncovers reliability and security issues. Code coverage, requirements traceability, and automated compliance reporting helps achieve compliance for security standards and safety-critical industries. -
5
Jtest
Parasoft
Meet Agile development cycles while maintaining high-quality code. Use Jtest’s comprehensive set of Java testing tools to ensure defect-free coding through every stage of software development in the Java environment. Streamline Compliance With Security Standards. Ensure your Java code complies with industry security standards. Have compliance verification documentation automatically generated. Release Quality Software, Faster. Integrate Java testing tools to find defects faster and earlier. Save time and money by mitigating complicated and expensive problems down the line. Increase Your Return From Unit Testing. Achieve code coverage targets by creating a maintainable and optimized suite of JUnit tests. Get faster feedback from CI and within your IDE using smart test execution. Parasoft Jtest integrates tightly into your development ecosystem and CI/CD pipeline for real-time, intelligent feedback on your testing and compliance progress. -
6
CodeRush
DevExpress
Try your first CodeRush feature right now and see instantly just how powerful it is. Refactoring for C#, Visual Basic, and XAML, with the fastest test .NET runner available, next generation debugging, and the most efficient coding experience on the planet. Quickly find symbols and files in your solution and easily navigate to code constructions related to the current context. CodeRush includes the Quick Navigation and Quick File Navigation features, which make it fast and easy to find symbols and open files. Using the Analyze Code Coverage feature, you can discover what parts of your solution are covered by unit tests, and find the at-risk parts of your application. The Code Coverage window shows percentage of statements covered by unit tests for each namespace, type, and member in your solution.Starting Price: $49.99 one time payment -
7
Code Climate
Code Climate
Velocity provides in-depth, contextual analytics that equip engineering leaders to support stuck team members, address team roadblocks, and streamline engineering processes. Actionable metrics for engineering leaders. Velocity turns data from commits and pull requests into the insights you need to make lasting improvements to your team’s productivity. Quality: Automated code review for test coverage, maintainability and more so that you can save time and merge with confidence. Receive automated code review comments on your pull requests. Our 10-point technical debt assessment provides real-time feedback, so you can save time and focus on what matters in your code review discussions. Get test coverage right, every time. See coverage line by line within diffs. Never merge code without sufficient tests again. At a glance, identify frequently changed files that have inadequate coverage and maintainability issues. Track your progress against measurable goals, day-by-day. -
8
SonarQube Cloud
SonarSource
Maximize your throughput and only release clean code SonarQube Cloud (formerly SonarCloud) automatically analyzes branches and decorates pull requests. Catch tricky bugs to prevent undefined behavior from impacting end-users. Fix vulnerabilities that compromise your app, and learn AppSec along the way with Security Hotspots. With just a few clicks you're up and running right where your code lives. Immediate access to the latest features and enhancements. Project dashboards keep teams and stakeholders informed on code quality and releasability. Display project badges and show your communities you're all about awesome. Code Quality and Code Security is a concern for your entire stack, from front-end to back-end. That’s why we cover 24 languages including Python, Java, C++, and many others. Transparency makes sense and that's why the trend is growing. Come join the fun, it's entirely free for open-source projects!Starting Price: €10 per month -
9
UndercoverCI
UndercoverCI
Actionable test coverage for Ruby and GitHub. Checks and insights to help your team ship healthy code while saving time on PR reviews. Stop focusing on getting to 100% test coverage. Reduce pull request defects by telling when the changed code is untested before it's deployed to production. The CI server runs tests and uploads coverage data to UndercoverCI. That's the only required post-install setup step! We scan the PR diff and verify local test coverage for each updated class, method, and block because an absolute percentage check is not enough. Reveal untested methods and blocks, find unused code paths, and improve your test suite. Install UndercoverCI's hosted GitHub App or explore the Ruby gems family. Fully-featured GitHub App code review integration with quick setup for your organization. The UndercoverCI project and related Ruby gems are entirely open-source and free to use locally and in your CI/CD workflows.Starting Price: $49 per month -
10
JaCoCo
EclEmma
JaCoCo is a free code coverage library for Java, which has been created by the EclEmma team based on the lessons learned from using and integrating existing libraries for many years. The master branch of JaCoCo is automatically built and published. Due to the test-driven development approach, every build is considered fully functional. See the change history for the latest features and bug fixes. SonarQube code quality metrics of the current JaCoCo implementation are available on SonarCloud.io. Integrate JaCoCo technology with your tools. Use JaCoCo tools out of the box. Improve the implementation and add new features. There are several open-source coverage technologies for Java available. While implementing the Eclipse plug-in EclEmma the observation was that none of them are really designed for integration. Most of them are specifically fit to a particular tool (Ant tasks, command line, IDE plug-in) and do not offer a documented API that allows embedding in different contexts.Starting Price: Free -
11
Codacy
Codacy
Codacy is an automated code review tool that helps identify issues through static code analysis, allowing engineering teams to save time in code reviews and tackle technical debt. Codacy integrates seamlessly into existing workflows on your Git provider, and also with Slack, JIRA, or using Webhooks. Users receive notifications on security issues, code coverage, code duplication, and code complexity in every commit and pull request along with advanced code metrics on the health of a project and team performance. The Codacy CLI enables running Codacy code analysis locally, so teams can see Codacy results without having to check their Git provider or the Codacy app. Codacy supports more than 30 coding languages and is available in free open-source, and enterprise versions (cloud and self-hosted). For more see https://www.codacy.com/Starting Price: $15.00/month/user -
12
DeepSource
DeepSource
DeepSource helps you automatically find and fix issues in your code during code reviews, such as bug risks, anti-patterns, performance issues, and security flaws. It takes less than 5 minutes to set up with your Bitbucket, GitHub, or GitLab account. It works for Python, Go, Ruby, and JavaScript. DeepSource covers all major programming languages, Infrastructure-as-Code, secrets detection, code coverage, and more. You won't need any other tool to protect your code. Start building with the most sophisticated static analysis platform for your workflow and prevent bugs before they end up in production. Largest collection of static analysis rules in the industry. Your team's central hub to track and take action on code health. Put code formatting on autopilot. Never let your CI break on style violations. Automatically generates and applies fixes for issues in a couple of clicks.Starting Price: $12 per user per month -
13
PyCharm
JetBrains
All the Python tools in one place. Save time while PyCharm takes care of the routine. Focus on the bigger things and embrace the keyboard-centric approach to get the most of PyCharm's many productivity features. PyCharm knows everything about your code. Rely on it for intelligent code completion, on-the-fly error checking and quick-fixes, easy project navigation, and much more. Write neat and maintainable code while the IDE helps you keep control of the quality with PEP8 checks, testing assistance, smart refactorings, and a host of inspections. PyCharm is designed by programmers, for programmers, to provide all the tools you need for productive Python development. PyCharm provides smart code completion, code inspections, on-the-fly error highlighting and quick-fixes, along with automated code refactorings and rich navigation capabilities.Starting Price: $199 per user per year -
14
BullseyeCoverage
Bullseye Testing Technology
BullseyeCoverage is an advanced C++ code coverage tool used to improve the quality of software in vital systems such as enterprise applications, industrial control, medical, automotive, communications, aerospace and defense. The function coverage metric gives you a quick overview of testing completeness and indicates areas with no coverage at all. Use this metric to broadly raise coverage across all areas of your project. Condition/decision coverage provides detail at the control structure level. Use this metric to attain high coverage in specific areas, for example during unit testing. C/D coverage provides better detail than statement coverage or branch coverage, and provides much better productivity than more complex coverage metrics.Starting Price: $900 one-time payment -
15
NCover
NCover
NCover Desktop is a Windows application that helps you collect code coverage statistics for .NET applications and services. After coverage is collected, Desktop displays charts and coverage metrics in a browser-based GUI that allows you to drill all the way down to your individual lines of source code. Desktop also allows you the option to install a Visual Studio extension called Bolt. Bolt offers built-in code coverage that displays unit test results, timings, branch visualization and source code highlighting right in the Visual Studio IDE. NCover Desktop is a major leap forward in the ease and flexibility of code coverage tools. Code coverage, gathered while testing your .NET code, shows the NCover user what code was exercised during the test and gives a specific measurement of unit test coverage. By tracking these statistics over time, you gain a concrete measurement of code quality during the development cycle.Starting Price: Free -
16
JCov
OpenJDK
The JCov open-source project is used to gather quality metrics associated with the production of test suites. JCov is being opened in order to facilitate the practice of verifying test execution of regression tests in OpenJDK development. The main motivation behind JCov is the transparency of test coverage metrics. The advantage to promoting standard coverage based on JCov is that OpenJDK developers will be able to use a code coverage tool that stays in the 'lock step' with Java language and VM developments. JCov is a pure java implementation of a code coverage tool that provides a means to measure and analyze dynamic code coverage of Java programs. JCov provides functionality to collect method, linear block, and branch coverage, as well as show uncovered execution paths. It is also able to show a program's source code annotated with coverage information. From a testing perspective, JCov is most useful to determine execution paths.Starting Price: Free -
17
Coverlet
Coverlet
It works with .NET Framework on Windows and .NET Core on all supported platforms. Coverlet supports coverage for deterministic builds. The solution at the moment is not optimal and need a workaround. If you want to visualize coverlet output inside Visual Studio while you code, you can use the following addins depending on your platform. Coverlet also integrates with the build system to run code coverage after tests. Enabling code coverage is as simple as setting the CollectCoverage property to true. The coverlet tool is invoked by specifying the path to the assembly that contains the unit tests. You also need to specify the test runner and the arguments to pass to the test runner using the --target and --targetargs options respectively. The invocation of the test runner with the supplied arguments must not involve a recompilation of the unit test assembly or no coverage result will be generated.Starting Price: Free -
18
PHPUnit
PHPUnit
PHPUnit requires the dom and json extensions, which are normally enabled by default. PHPUnit also requires the pcre, reflection, and spl extensions. These standard extensions are enabled by default and cannot be disabled without patching PHP’s build system and/or C sources. The code coverage report feature requires the Xdebug (2.7.0 or later) and tokenizer extensions. Generating XML reports requires the xmlwriter extension. Unit Tests are primarily written as a good practice to help developers identify and fix bugs, to refactor code and to serve as documentation for a unit of software under test. To achieve these benefits, unit tests ideally should cover all the possible paths in a program. One unit test usually covers one specific path in one function or method. However a test method is not necessarily an encapsulated, independent entity. Often there are implicit dependencies between test methods, hidden in the implementation scenario of a test.Starting Price: Free -
19
Helix QAC
Perforce
For over 30 years, Helix QAC has been the trusted static code analyzer for C and C++ programming languages. With its depth and accuracy of analysis, Helix QAC has been the preferred static code analyzer in tightly regulated and safety-critical industries that need to meet rigorous compliance requirements. Often, this involves verifying compliance with coding standards, such as MISRA and AUTOSAR, and functional safety standards, such as ISO 26262. Helix QAC is certified for functional safety compliance by TÜV-SÜD, including IEC 61508, ISO 26262, EN 50128, IEC 60880, and IEC 62304. In addition, it is also certified in ISO 9001 | TickIT plus Foundation Level, which is one of the most widely adopted standards to ensure that your requirements are not only met but exceeded as well. Prioritize coding issues based on the severity of risk. Helix QAC helps you to target the most critical defects using filters, suppressions, and baselines. -
20
Early
EarlyAI
Early is an AI-driven tool designed to automate the generation and maintenance of unit tests, enhancing code quality and accelerating development processes. By integrating with Visual Studio Code (VSCode), Early enables developers to produce verified and validated unit tests directly from their codebase, covering a wide range of scenarios, including happy paths and edge cases. This approach not only increases code coverage but also helps identify potential issues early in the development cycle. Early supports TypeScript, JavaScript, and Python languages, and is compatible with testing frameworks such as Jest and Mocha. The tool offers a seamless experience by allowing users to quickly access and refine generated tests to meet specific requirements. By automating the testing process, Early aims to reduce the impact of bugs, prevent code regressions, and boost development velocity, ultimately leading to the release of higher-quality software products.Starting Price: $19 per month -
21
Axivion Static Code Analysis
Qt Group
Axivion helps development teams deliver safer, cleaner, and more maintainable C, C++, and CUDA code by automatically detecting coding standard violations, security vulnerabilities, dead code, and code clones. It provides actionable recommendations and detailed analytics, helping teams track, resolve, and prevent defects early in the development process. Axivion also supports architecture verification, enabling teams to maintain modular and scalable codebases. Designed for safety-critical industries like automotive, aerospace, medical devices, and industrial automation, Axivion supports functional safety standards including MISRA, ISO 26262, and IEC 61508. By combining static code analysis with architecture verification, it helps teams maintain long-term code health, accelerate certification readiness, and deliver high-performance software while reducing technical debt and ensuring compliance. -
22
OpenClover
OpenClover
Balance your effort spent on writing applications and test code. Use the most sophisticated code coverage tool for Java and Groovy. OpenClover measures code coverage for Java and Groovy and collects over 20 code metrics. It not only shows you untested areas of your application but also combines coverage and metrics to find the riskiest code. The Test Optimization feature tracks which test cases are related to each class of your application code. Thanks to this OpenClover can run tests relevant to changes made in your application code, significantly reducing test execution time. Do testing getters and setters bring much value? Or machine-generated code? OpenClover outruns other tools in its flexibility to define the scope of coverage measurement. You can exclude packages, files, classes, methods, and even single statements. You can focus on testing important parts of your code. OpenClover not only records test results but also measures individual code coverage for every test.Starting Price: Free -
23
OpenText Static Application Security Testing (SAST) identifies and remediates security vulnerabilities in source code early in the software development lifecycle. It supports extensive language coverage and integrates seamlessly with popular CI/CD tools such as Jenkins, Azure DevOps, Jira, and Visual Studio. The platform uses advanced static code analysis and AI-driven insights to prioritize risks and reduce false positives, enabling developers to focus on fixing critical vulnerabilities efficiently. With its customizable code analysis and rule sets, it helps reduce development time by catching issues early. OpenText SAST complies with industry standards like OWASP and offers flexible deployment options including SaaS, private cloud, and on-premises. This comprehensive approach enhances application security without sacrificing development speed or accuracy.
-
24
Coveralls
Coveralls
We help you deliver code confidently by showing which parts of your code aren’t covered by your test suite. Free for open-source repositories. Pro accounts for private repositories. Instant sign-up through GitHub, Bitbucket, and Gitlab. Maintaining a well-tested codebase is mission-critical. Figuring out where your tests are lacking can be painful. You're already running your tests on a continuous integration server, so shouldn't it be doing the heavy lifting? Coveralls works with your CI server and sifts through your coverage data to find issues you didn't even know you had before they become a problem. If you're just running your code coverage locally, you won't be able to see changes and trends that occur during your entire development cycle. Coveralls lets you inspect every detail of your coverage with unlimited history. Coveralls takes the pain out of tracking your code coverage. Know where you stand with your untested code. Develop with confidence that your code is covered.Starting Price: $10 per month -
25
Devel::Cover
metacpan
This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered an indirect measure of quality. Devel::Cover is now quite stable and provides many of the features to be expected in a useful coverage tool. Statement, branch, condition, subroutine, and pod coverage information is reported. Statement and subroutine coverage data should be accurate. Branch and condition coverage data should be mostly accurate too, although not always what one might initially expect. Pod coverage comes from Pod::Coverage. If Pod::Coverage::CountParents is available it will be used instead.Starting Price: Free -
26
OpenCppCoverage
OpenCppCoverage
OpenCppCoverage is an open-source code coverage tool for C++ under Windows. The main usage is for unit testing coverage, but you can also use it to know the executed lines in a program for debugging purposes. Support compiler with a program database file (.pdb). Just run your program with OpenCppCoverage, no need to recompile your application. Exclude a line based on a regular expression. Coverage aggregation, to run several code coverages and merge them into a single report. Requires Microsoft Visual Studio 2008 or higher for all editions including the Express edition. It should also work with the previous version of Visual Studio. You can run the tests with the Test Explorer window.Starting Price: Free -
27
Coverage.py
Coverage.py
Coverage.py is a tool for measuring code coverage of Python programs. It monitors your program, noting which parts of the code have been executed, then analyzes the source to identify code that could have been executed but was not. Coverage measurement is typically used to gauge the effectiveness of tests. It can show which parts of your code are being exercised by tests, and which are not. Use coverage run to run your test suite and gather data. However you normally run your test suite, and you can run your test runner under coverage. If your test runner command starts with “python”, just replace the initial “python” with “coverage run”. To limit coverage measurement to code in the current directory, and also find files that weren’t executed at all, add the source argument to your coverage command line. By default, it will measure line (statement) coverage. It can also measure branch coverage. It can tell you what tests ran which lines.Starting Price: Free -
28
HCL OneTest Embedded
HCL Software
Automating the creation and deployment of component test harnesses, test stubs and test drivers is a cinch thanks to OneTest Embedded. With a single click from any development environment, one can profile memory and performance, analyze code coverage and visualize program execution behavior. Additionally, OneTest Embedded helps be more proactive in debugging, while identifying and assisting in fixing code before it breaks. Allows for a virtual cycle of test generation, while executing, reviewing and testing improvement to rapidly achieve full test coverage. One click is all it takes to build, execute on the target, and generate reports. Helps preempt performance issues and program crashes. Additionally, can be adapted to work with custom memory management methods used in embedded software. Provides visibility on thread execution and switching to develop a deep understanding of the behavior of the system under test. -
29
Coverity Static Analysis
Black Duck
Coverity Static Analysis is a comprehensive code scanning solution that enables developers and security teams to deliver high-quality software in compliance with security, functional safety, and industry standards. It effectively uncovers complex defects across extensive codebases, identifying and resolving code quality and security issues that span multiple files and libraries. Coverity supports compliance with a wide range of standards, including OWASP Top 10, CWE Top 25, MISRA, and CERT C/C++/Java, providing built-in reports to track and prioritize issues. With the Code Sight™ IDE plugin, developers receive real-time results, including CWE information and remediation guidance, directly within their development environment, facilitating the integration of security into the software development life cycle without compromising developer velocity. -
30
Testwell CTC++
Testwell
Testwell CTC++ is a powerful instrumentation-based code coverage and dynamic analysis tool for C and C++ code. With certain add-on components CTC++ can be used also on C#, Java and Objective-C code. Further, again with certain add-on components, CTC++ can be used to analyse code basically at any embedded target machines, also in very small ones (limited memory, no operating system). CTC++ provides Line Coverage, Statement Coverage, Function Coverage, Decision Coverage, Multicondition Coverage, Modified Condition/Decision Coverage (MC/DC), Condition Coverage. As a dynamic analysis tool, CTC++ shows the execution counters (how many times executed) in the code, i.e. more than a plain executed/not executed information. You can also use CTC++ to measure function execution costs (normally time) and to enable function entry/exit tracing at test time. CTC++ is easy to use.Starting Price: Free -
31
dotCover
JetBrains
dotCover is a .NET unit testing and code coverage tool that works right in Visual Studio and in JetBrains Rider, helps you know to what extent your code is covered with unit tests, provides great ways to visualize code coverage, and is Continuous Integration ready. dotCover calculates and reports statement-level code coverage in applications targeting .NET Framework, .NET Core, Mono for Unity, etc. dotCover is a plug-in to Visual Studio and JetBrains Rider, giving you the advantage of analyzing and visualizing code coverage without leaving the code editor. This includes running unit tests and analyzing coverage results right in the IDEs, as well as support for different color themes, new icons and menus. dotCover comes bundled with a unit test runner that it shares with another JetBrains tool for .NET developers, ReSharper. dotCover supports continuous testing, a modern unit testing workflow whereby dotCover figures out on-the-fly which unit tests are affected by your code changes.Starting Price: $399 per user per year -
32
SimpleCov
SimpleCov
SimpleCov is a code coverage analysis tool for Ruby. It uses Ruby's built-in Coverage library to gather code coverage data, but makes processing its results much easier by providing a clean API to filter, group, merge, format, and display those results, giving you a complete code coverage suite that can be set up with just a couple lines of code. SimpleCov/Coverage track covered ruby code, gathering coverage for common templating solutions like erb, slim, and haml is not supported. In most cases, you'll want overall coverage results for your projects, including all types of tests, Cucumber features, etc. SimpleCov automatically takes care of this by caching and merging results when generating reports, so your report actually includes coverage across your test suites and thereby gives you a better picture of blank spots. SimpleCov must be running in the process that you want the code coverage analysis to happen on.Starting Price: Free -
33
LDRA Tool Suite
LDRA
The LDRA tool suite is LDRA’s flagship platform that delivers open and extensible solutions for building quality into software from requirements through to deployment. The tool suite provides a continuum of capabilities including requirements traceability, test management, coding standards compliance, code quality review, code coverage analysis, data-flow and control-flow analysis, unit/integration/target testing, and certification and regulatory support. The core components of the tool suite are available in several configurations that align with common software development needs. A comprehensive set of add-on capabilities are available to tailor the solution for any project. LDRA Testbed together with TBvision provide the foundational static and dynamic analysis engine, and a visualization engine to easily understand and navigate standards compliance, quality metrics, and code coverage analyses. -
34
LuaCov
LuaCov
LuaCov is a simple coverage analyzer for Lua scripts. When a Lua script is run with the luacov module loaded, it generates a stats file with the number of executions of each line of the script and its loaded modules. The luacov command-line script then processes this file generating a report file which allows one to visualize which code paths were not traversed, which is useful for verifying the effectiveness of a test suite. LuaCov includes several configuration options, which have their defaults stored in src/luacov/defaults.lua. These are the global defaults. To use project specific configuration, create a Lua script setting options as globals or returning a table with some options and store it as .luacov in the project directory from where luacov is being run. For example, this config informs LuaCov that only foo module and its submodules should be covered and that they are located inside src directory.Starting Price: Free -
35
Polyspace Code Prover
MathWorks
Polyspace Code Prover is a static analysis tool designed to prove the absence of critical runtime errors in C and C++ code without executing it. By utilizing formal methods, it analyzes all code paths and input scenarios to identify potential issues such as overflows, divide-by-zero errors, and out-of-bounds accesses. It provides insights into variables' ranges and identifies unreachable code, helping developers optimize software performance and ensure quality. Polyspace Code Prover supports safety standards like IEC 61508, ISO 26262, and DO-178C, making it suitable for industries requiring rigorous software certification. -
36
Klocwork
Perforce
Klocwork static code analysis and SAST tool for C, C++, C#, Java, and JavaScript identifies software security, quality, and reliability issues helping to enforce compliance with standards. Built for enterprise DevOps and DevSecOps, Klocwork scales to projects of any size, integrates with large complex environments, a wide range of developer tools, and provides control, collaboration, and reporting for the entire enterprise. This has made Klocwork the preferred static analyzer that keeps development velocity high while enforcing continuous compliance for security and quality. Use Klocwork static application security testing (SAST) for DevOps (DevSecOps). Our security standards identify security vulnerabilities, helping to find and fix security issues early and proving compliance to internationally recognized security standards. Klocwork integrates with CI/CD tools, containers, cloud services, and machine provisioning making automated security testing easy. -
37
Appknox
Appknox
Push world-class mobile apps faster into the market without compromising on security Build and deploy world-class mobile apps for your organizations at scale and leave your mobile app security to us. Highest Rated Security solution on Gartner We rejoice when the Appknox system secures our client’s app against all vulnerabilities. At Appknox we’re dedicated to delivering Mobile Application Security to help businesses achieve their objectives today and in the near Future. Static Application Security Testing (SAST). With 36 different test cases, Appknox SAST can detect almost every vulnerability that’s lurking around by analyzing your source code. Our tests cover security compliances like OWASP Top 10, PCI-DSS, HIPAA and other commonly used security threat parameters. Dynamic Application Security Testing (DAST). Detect advanced vulnerabilities while your application is running. -
38
Checkov
Prisma Cloud
Verify changes to hundreds of supported resource types in all major cloud providers. Scan cloud resources in build-time for misconfigured attributes with a simple Python policy-as-code framework. Analyze relationships between cloud resources using Checkov’s graph-based YAML policies. Execute, test, and modify runner parameters in the context of a subject repository CI/CD and version control integrations. Extend Checkov to define your own custom policies, providers, and suppressions terms. Prevent misconfigurations from being deployed by embedding it into existing developer workflows. Enable automated pull/merge request annotations on your repositories without having to build a CI pipeline or run scheduled checks. The Bridge crew platform will automatically scan new pull requests and annotate them with comments for any policy violations discovered.Starting Price: Free -
39
blanket.js
Blanket.js
A seamless JavaScript code coverage library. Blanket.js is a code coverage tool for JavaScript that aims to be easy to install, easy to use, and easy to understand. Blanket.js can be run seamlessly or can be customized for your needs. JavaScript code coverage compliments your existing JavaScript tests by adding code coverage statistics (which lines of your source code are covered by your tests). Parsing the code using Esprima and node-falafel, and instrumenting the file by adding code tracking lines. Connecting to hooks in the test runner to output the coverage details after the tests have been completed. A Grunt plugin has been created to allow you to use Blanket like a "traditional" code coverage tool (creating instrumented copies of physical files, as opposed to live-instrumenting). Runs the QUnit-based Blanket report headlessly using PhantomJS. Results are displayed on the console, and the task will cause Grunt to fail if any of your configured coverage thresholds are not met.Starting Price: Free -
40
DeepCover
DeepCover
Deep Cover aims to be the best coverage tool for Ruby code. More accurate line coverage, and branch coverage. It can be used as a drop-in replacement for the built-in Coverage library. It reports a more accurate picture of your code usage. In particular, a line is considered covered if and only if it is entirely executed. Optionally, branch coverage will detect if some branches are never taken. MRI considers every method defined, including methods defined on objects or via define_method, class_eval, etc. For Istanbul output, DeepCover has a different approach and covers all def and all blocks. DeepCover doesn't consider loops to be branches, but it's easy to support them if needed. Even after DeepCover is required and configured, only a very minimal amount of code is actually loaded and coverage is not started. To make it easier to transition for projects already using the builtin Coverage library deep-cover can inject itself into those tools.Starting Price: Free -
41
NCrunch
NCrunch
NCrunch tracks your code coverage in real-time, showing this in markers next to your code. This makes it easy to track where your coverage is heavy or light. NCrunch was designed with big complex projects in mind. We've spent the last 12 years optimising and scaling the NCrunch system to meet the needs of real-world systems consisting of millions of lines of code and many thousands of tests. NCrunch tracks all sorts of test related data, and it uses it to give you the most important feedback as fast as possible. Tests that you have recently impacted with your code changes are prioritised for execution using sophisticated and high performance IL-based change mapping. NCrunch can offload build and test work to other computers for processing. Farm tasks out to connected machines or scale into the cloud. Processing resources can be shared between developers allowing teams to pool their testing resources.Starting Price: $159 per year -
42
Typemock
Typemock
The easiest way to unit test. Write tests without changing your code! Even legacy code. Static methods, private methods, non-virtual methods, out parameters and even members and fields. Our professional edition is free for developers around the world. We also have paid support package. Improve your code integrity and deliver quality code. Fake entire object models with a single statement. Mock statics, private, constructors, events, linq, ref args, live, future, static constructors. Our suggest feature creates automated test suggestions suitable for your code. Our smart runner will run only your impact tests and get you super fast feedback. Our coverage feature displays your code coverage in your editor while you code.Starting Price: $479 per license per year -
43
PCOV
PCOV
A self-contained CodeCoverage compatible driver for PHP. When PCOV is left unset, PCOV will attempt to find src, lib or, app in the current working directory, in that order; If none are found the current directory will be used, which may waste resources storing coverage information for the test suite. If PCOV contains test code, it's recommended to set the exclude command to avoid wasting resources. To avoid unnecessary allocation of additional arenas for traces and control flow graphs, PCOV should be set according to the memory required by the test suite. To avoid reallocation of tables, PCOV should be set to a number higher than the number of files that will be loaded during testing, inclusive of test files. interoperability with Xdebug is not possible. At an internal level, the executor function is overridden by PCOV, so any extension or SAPI which does the same will be broken. PCOV is zero cost, code runs at full speed.Starting Price: Free -
44
Codecov
Codecov
Develop healthier code. Improve your code review workflow and quality. Codecov provides highly integrated tools to group, merge, archive, and compare coverage reports. Free for open source. Plans starting at $10/user per month. Ruby, Python, C++, Javascript, and more. Plug and play into any CI product and workflow. No setup required. Automatic report merging for all CI and languages into a single report. Get custom statuses on any group of coverage metrics. Review coverage reports by project, folder and type test (unit tests vs integration tests). Detailed report commented directly into your pull request. Codecov is SOC 2 Type II certified, which means a third-party audits and attests to our practices to secure our systems and your data.Starting Price: $10 per user per month -
45
Code Intelligence
Code Intelligence
Our platform uses various security techniques, including coverage-guided and feedback-based fuzz testing, to automatically generate millions of test cases that trigger hard-to-find bugs deep within your application. This white-box approach protects against edge cases and speeds up development. Advanced fuzzing engines generate inputs that maximize code coverage. Powerful bug detectors check for errors during code execution. Uncover true vulnerabilities only. Get the input and stack trace as proof, so you can reliably reproduce errors every time. AI white-box testing uses data from all previous test runs to continuously learn the inner-workings of your application, triggering security-critical bugs with increasingly high precision. -
46
Istanbul
Istanbul
JavaScript test coverage made simple. Istanbul instruments your ES5 and ES2015+ JavaScript code with line counters, so that you can track how well your unit-tests exercise your codebase. The nyc command-line-client for Istanbul works well with most JavaScript testing frameworks, tap, mocha, AVA, etc. First-class support of ES6/ES2015+ using babel-plugin-Istanbul. Support for the most popular JavaScript testing frameworks. Support for instrumenting subprocesses, using the nyc command-line interface. Adding coverage to your mocha tests could not be easier. Now, simply place the command nyc in front of your existing test command. nyc's instrument command can be used to instrument source files outside of the context of your unit tests. nyc is able to show you all Node processes that are spawned when running a test script under it. By default, nyc uses Istanbul's text reporter. However, you may specify an alternative reporter.Starting Price: Free -
47
Cobertura
Cobertura
Cobertura is a free Java tool that calculates the percentage of code accessed by tests. It can be used to identify which parts of your Java program are lacking test coverage. It is based on jcoverage. Cobertura is free software. Most of it is licensed under the GNU GPL, and you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Please review the file LICENSE.txt included in this distribution for further details.Starting Price: Free -
48
Mayhem
ForAllSecure
Advanced fuzzing solution that combines guided fuzzing with symbolic execution, a patented technology from CMU. Mayhem is an advanced fuzz testing solution that dramatically reduces manual testing efforts with autonomous defect detection and validation. Deliver safe, secure, reliable software with less time, cost, and effort. Mayhem’s unique advantage is in its ability to acquire intelligence of its targets over time. As Mayhem’s knowledge grows, it deepens its analysis and maximizes its code coverage. All reported vulnerabilities are exploitable, confirmed risks. Mayhem guides remediation efforts with in-depth system level information, such as backtraces, memory logs, and register state, expediting issue diagnosis and fixes. Mayhem utilizes target feedback to custom generate test cases on the fly -- meaning no manual test case generation required. Mayhem offers access to all of its test cases to make regression testing effortless and continuous. -
49
BMC Compuware Xpediter
BMC Software
BMC Compuware Xpediter is a family of debuggers and interactive analysis tools for COBOL, Assembler, PL/I, and C programs that helps developers quickly understand applications, make changes, and fix problems in a secure environment—even if they’re unfamiliar with the source code. Xpediter enables developers to get into an interactive test session with minimal effort and quickly move applications into production with greater confidence. See line-by-line code execution and control all aspects of program execution and data. Use Code Coverage to see proof of execution and view metrics on multi-platform applications. Access Abend-AID diagnostic capabilities from within a debugging session. See a graphical view of source code through an integration with Topaz for Program Analysis. Leverage Topaz for Total Test for building a comprehensive portfolio of automated virtualized test cases. Intercept and debug mainframe transactions initiated remotely. -
50
Appvance
Appvance.ai
Appvance IQ (AIQ) delivers transformational productivity gains and lower costs in both test creation and execution. For test creation, it offers both AI-driven (fully machine-generated tests) and also 3rd-generation, codeless scripting. It then executes those scripts through data-driven functional, performance, app-pen and API testing — for both web and mobile apps. AIQ’s self-healing technology gives you complete code coverage with just 10% the effort of traditional testing systems. Most importantly, AIQ finds important bugs autonomously, with little effort. No coding, scripting, logs or recording required. AIQ is easy to integrate with your current DevOps tools and processes. Appvance IQ was developed by a pioneering team who envisioned a better way to test. Their innovative vision has been made possible by applying differentiated, patented AI methods to test creation while leveraging today’s high-availability compute resources for massive levels of parallel execution.