Alternatives to Helix QAC
Compare Helix QAC alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to Helix QAC in 2024. Compare features, ratings, user reviews, pricing, and more from Helix QAC competitors and alternatives in order to make an informed decision for your business.
-
1
TrustInSoft Analyzer
TrustInSoft
TrustInSoft Analyzer is a C and C++ source code analyzer powered by formal methods, mathematical & logical reasonings that allow for exhaustive analysis of source code. This analysis can be run without false positives or false negatives, so that every real bug in the code is found. Developers receive several benefits: a user-friendly graphical interface that directs developers to the root cause of bugs, and instant utility to expand the coverage of their existing tests. Unlike traditional source code analysis tools, TrustInSoft’s solution is not only the most comprehensive approach on the market but is also progressive, instantly deployable by developers, even if they lack experience with formal methods, from exhaustive analysis up to a functional proof that the software developed meets specifications. Companies who use TrustInSoft Analyzer reduce their verification costs by 4, efforts in bug detection by 40, and obtain an irrefutable proof that their software is safe and secure. -
2
Parasoft
Parasoft
Parasoft helps organizations continuously deliver high-quality software with its AI-powered software testing platform and automated test solutions. Supporting embedded and enterprise markets, Parasoft’s proven technologies reduce the time, effort, and cost of delivering secure, reliable, and compliant software by integrating everything from deep code analysis and unit testing to UI and API testing, plus service virtualization and complete code coverage, into the delivery pipeline. A powerful unified C and C++ test automation solution for static analysis, unit testing and structural code coverage, Parasoft C/C++test helps satisfy compliance with industry functional safety and security requirements for embedded software systems. -
3
VxWorks
Wind River
The World’s Leading Real-Time Operating System for the Intelligent Edge For nearly 35 years, VxWorks has been used to ensure the security, safety, and reliability you need to design and build mission-critical embedded systems that simply must work. VxWorks® is the industry’s most trusted and widely deployed real-time operating system (RTOS) for mission-critical embedded systems that must be secure and safe. It delivers a proven, real-time, and deterministic runtime combined with a modern approach to development. Regardless of industry or device type, companies building intelligent edge systems rely on the VxWorks pedigree of security, safety, high performance, and reliability. VxWorks is a deterministic, priority-based preemptive RTOS with low latency and minimal jitter. It is built on an upgradable, future-proof architecture to help you rapidly respond to changing market requirements and technology advancements.Starting Price: $18,500 / seat -
4
Kiuwan Code Security
Kiuwan
Security Solutions For Your DevOps Process. Automatically scan your code to identify and remediate vulnerabilities. Compliant with the most stringent security standards, such as OWASP and CWE, Kiuwan Code Security covers all important languages and integrates with leading DevOps tools. Effective static application security testing and source code analysis, with affordable solutions for teams of all sizes. Kiuwan includes a variety of essential functionality in a single platform that can be integrated directly into your internal development infrastructure. Fast Vulnerability Detection: Easy and instant setup. Start scanning and get results in just minutes. DevOps Approach To Code Security: Integrate Kiuwan with your Ci/CD/DevOps pipeline to automate your security process. Flexible Licensing Options: Plenty of options, one time scans or continuous scanning. Kiuwan also offers a Saas or On-Premise model. -
5
Visure Requirements
Visure Solutions, Inc.
Visure Solutions, Inc. is a leading provider of requirements management tool suites offering a comprehensive collaborative ALM Platform for system engineering industries. Visure’s value proposition is nothing less than the total innovative technology in key functions: standard compliance for safety-critical and business-critical systems. - Requirements and Traceability Management - Test Management - Bug & Issue Tracking - Risk Management - Collaboration Management - Centralized data base, Review/Approval process - Certification Management (Support of many Standard Templates ISO26262, IEC62304, IEC61508, CENELEC50128, DO178/C, FMEA, GAMP5, SPICE, CMMI, etc. + Tool Qualification Package) - Configuration Management, Baselining, History Tracking, Requirements Versioning - Dashboards + Report Customization - Integrated with DOORS, Jama, Siemens Polarion, PTC, Perforce, JIRA, Enterprise Architect, HP ALM, Microfocus ALM, PTC, TFS, Word, Excel, Test RT, RTRT, VectorCAST, LDRA, etc. -
6
DoubleCheck Code Analysis
Green Hills Software
When it comes to ensuring software quality, reliability, and security in today's sophisticated code bases, traditional debugging and testing methods simply fall short. Automated tools such as static source code analyzers are more effective in finding defects that could result in buffer overflows, resource leaks, and other security and reliability issues. This class of defects are often not detected by compilers during standard builds, run-time testing, or typical field operation. While other source code analyzers run as separate tools, DoubleCheck is an integrated static analyzer, built into the Green Hills C/C++ compiler. DoubleCheck leverages accurate and efficient analysis algorithms that have been tuned and field-proven in 30+ years of producing embedded development tools. DoubleCheck can be used as a single integrated tool to perform compilation and defect analysis in the same pass. -
7
Klocwork
Perforce
Klocwork static code analysis and SAST tool for C, C++, C#, Java, and JavaScript identifies software security, quality, and reliability issues helping to enforce compliance with standards. Built for enterprise DevOps and DevSecOps, Klocwork scales to projects of any size, integrates with large complex environments, a wide range of developer tools, and provides control, collaboration, and reporting for the entire enterprise. This has made Klocwork the preferred static analyzer that keeps development velocity high while enforcing continuous compliance for security and quality. Use Klocwork static application security testing (SAST) for DevOps (DevSecOps). Our security standards identify security vulnerabilities, helping to find and fix security issues early and proving compliance to internationally recognized security standards. Klocwork integrates with CI/CD tools, containers, cloud services, and machine provisioning making automated security testing easy. -
8
C-STAT
IAR Systems
Static analysis helps you to find potential issues in your code by doing an analysis on the source code level. C-STAT includes almost 700 checks in total, some comply with rules as defined by MISRA C:2012, MISRA C++:2008 and MISRA C:2004 and more than 250 checks mapping to issues covered by CWE. In addition, it checks compliance with the coding standard CERT C for secure coding. C-STAT executes fast and provides you with comprehensive and detailed error information. You don't need to worry about complex tool setup and struggle with language support and general build issues. C-STAT is completely integrated in the IAR Embedded Workbench IDE and enables you to easy ensure code quality in your daily development flow. It's available for most IAR Embedded Workbench products. Static analysis finds potential issues in code by doing an analysis on the source code level. In addition to raising the code quality, the analysis also aids alignment with industry coding standards. -
9
Parasoft dotTEST
Parasoft
Save time and money by finding and fixing defects earlier. Reduce the effort and cost of delivering high-quality software by preventing more complicated and expensive problems down the line. Ensure your C# or VB.NET code complies with a wide range of safety and security industry standards, including the requirement traceability mandated and the documentation required to verify compliance. Parasoft's C# testing tool, Parasoft dotTEST, automates a broad range of software quality practices for your C# and VB.NET development activities. Deep code analysis uncovers reliability and security issues. Code coverage, requirements traceability, and automated compliance reporting helps achieve compliance for security standards and safety-critical industries. -
10
CodePeer
AdaCore
The Most Comprehensive Static Analysis Toolsuite for Ada. CodePeer helps developers gain a deep understanding of their code and build more reliable and secure software systems. CodePeer is an Ada source code analyzer that detects run-time and logic errors. It assesses potential bugs before program execution, serving as an automated peer reviewer, helping to find errors easily at any stage of the development life-cycle. CodePeer helps you improve the quality of your code and makes it easier for you to perform safety and/or security analysis. CodePeer is a stand-alone tool that runs on Windows and Linux platforms and may be used with any standard Ada compiler or fully integrated into the GNAT Pro development environment. It can detect several of the “Top 25 Most Dangerous Software Errors” in the Common Weakness Enumeration. CodePeer supports all versions of Ada (83, 95, 2005, 2012). CodePeer has been qualified as a Verification Tool under the DO-178B and EN 50128 software standards. -
11
Ansys SCADE Suite
Ansys
Modern automobiles, aircraft, and other complex industrial products are composed of multiple electronic components, perfectly integrated to provide critical functionality. Underlying these advanced systems are millions of lines of embedded software code that ensure their flawless operation under every operating scenario. Ansys SCADE Suite drastically reduces safety certification costs by simplifying critical control application design and automating verification, qualifiable/certified code generation, and documentation generation. In the race to launch new hybrid and electric vehicle models, Ansys SCADE has emerged as a valuable strategic tool for Subaru over the past decade, supporting the automaker’s commitment to uncompromising safety and quality. The time saved during the end-to-end development of the ECU — without sacrificing the accuracy of its control software — has been crucial to Subaru’s ability to introduce innovative new technologies. -
12
Ansys SCADE Architect
Ansys
Ansys SCADE Architect has been specifically developed for system engineers. It provides full support of industrial systems engineering processes, such as ARP 4754A, ISO 26262 and EN 50126. SCADE Architect features functional and architectural system modeling and verification in a SysML-based environment. Ansys SCADE Architect has been specifically developed for system engineers; the underlying SysML™ technology is hidden, making modeling more user-friendly and intuitive. Ansys tools support software development aligned to the FACE Technical Standard at both the model and generated code levels, providing users with an easy workflow that passes the FACE Conformance Test Suite (CTS), a necessary test process included in the FACE Technical Standard. -
13
Snappytick
Snappycode Audit
Snappy Tick Source Edition (SAST) is a source code review tool, it helps to identify the Vulnerability in Source code. We provide - Static Code Analysis tools and Source Code Review tools. Consider an In-line auditing approaches will identify the largest amount of most significant Security issues in your application and it will verify that the proper security controls exist. Snappy Tick Standard Edition (DAST) is Dynamic application security tool, it helps to perform black box and grey box testing. Analyze the requests and responses and find potential vulnerabilities inside an application by trying to access them in variety of ways, while the applications are running. Built with amazing features developed specifically for SnappyTick. Capable of scanning multiple languages. Best reporting that highlights the precise source files, line numbers, and even subsections of lines that are affected.Starting Price: $549 per month -
14
Coverity
Synopsys
Address security and quality defects in code as it's being developed. Coverity® is a fast, accurate, and highly scalable static analysis (SAST) solution that helps development and security teams address security and quality defects early in the software development life cycle (SDLC), track and manage risks across the application portfolio, and ensure compliance with security and coding standards. Coverity works with the Code Sight™ IDE plugin, enabling developers to find and fix security and quality defects as they write code. Fast and accurate incremental analysis runs in the background to minimize disruption, giving developers real-time results, including CWE information, remediation guidance, and relevant security training, directly within the IDE. Fast and accurate incremental analysis runs in the background to minimize disruption, giving developers real-time results, including CWE information, remediation guidance, and relevant security training, directly within the IDE. -
15
Jtest
Parasoft
Meet Agile development cycles while maintaining high-quality code. Use Jtest’s comprehensive set of Java testing tools to ensure defect-free coding through every stage of software development in the Java environment. Streamline Compliance With Security Standards. Ensure your Java code complies with industry security standards. Have compliance verification documentation automatically generated. Release Quality Software, Faster. Integrate Java testing tools to find defects faster and earlier. Save time and money by mitigating complicated and expensive problems down the line. Increase Your Return From Unit Testing. Achieve code coverage targets by creating a maintainable and optimized suite of JUnit tests. Get faster feedback from CI and within your IDE using smart test execution. Parasoft Jtest integrates tightly into your development ecosystem and CI/CD pipeline for real-time, intelligent feedback on your testing and compliance progress. -
16
PyCharm
JetBrains
All the Python tools in one place. Save time while PyCharm takes care of the routine. Focus on the bigger things and embrace the keyboard-centric approach to get the most of PyCharm's many productivity features. PyCharm knows everything about your code. Rely on it for intelligent code completion, on-the-fly error checking and quick-fixes, easy project navigation, and much more. Write neat and maintainable code while the IDE helps you keep control of the quality with PEP8 checks, testing assistance, smart refactorings, and a host of inspections. PyCharm is designed by programmers, for programmers, to provide all the tools you need for productive Python development. PyCharm provides smart code completion, code inspections, on-the-fly error highlighting and quick-fixes, along with automated code refactorings and rich navigation capabilities.Starting Price: $199 per user per year -
17
Green Hills Optimizing Compilers
Green Hills Software
As the pace of microprocessor innovation continues to accelerate, application developers know they can rely on Green Hills Compilers to unlock the hardware's full potential and realize maximum performance and functional safety in their next-generation applications. Green Hills Compilers use the most advanced optimizations to maximize your program's performance even within strict size constraints. For example, our CodeFactor™ optimization speeds your program's execution and reduces its size by removing redundant segments of code via subroutine calls and tail merges. Static basing provides the same benefits (faster speed, smaller size) by grouping data items to significantly reduce the number of load address operations. Every one of our optimizations, whether it's our own innovation or an industry standard, is meticulously implemented. Continuing three decades of engineering excellence, we painstakingly research and then test each one against hundreds of benchmarks. -
18
CppDepend
CoderGears
CppDepend is a comprehensive code analysis tool for C and C++ languages, tailored to assist developers in maintaining complex code bases. It offers a broad spectrum of features for ensuring code quality, including static code analysis, which is pivotal in identifying potential code issues such as memory leaks, inefficient algorithms, and deviations from coding standards. A key aspect of CppDepend is its support for widely recognized coding standards like Misra, CWE, CERT, and Autosar. These standards are crucial in various industries, particularly in developing reliable and safe software for automotive, embedded, and high-reliability systems. By aligning with these standards, CppDepend helps in ensuring that the code complies with industry-specific safety and reliability requirements. The tool's integration with popular development environments and its compatibility with continuous integration workflows make it an invaluable asset in agile development. -
19
beSOURCE
Beyond Security (Fortra)
Integrate security into SDLC via potent code analysis. Security must be an integral part of software development. Historically it hasn’t been. Static application security testing (SAST) used to be divorced from Code quality reviews, resulting in limited impact and value. beSOURCE addresses the code security quality of applications and thus integrates SecOps into DevOps. Other SAST offerings look at security as an isolated function. Beyond Security has turned this model upside-down by assuming the SecOps’ perspective in addressing security from all possible angles. Security Standards. beSOURCE adheres to all pertinent standards, guiding static code analysis engine in providing an actionable reference point. -
20
Visual Expert
Novalys
Visual Expert is a static code analyzer for Oracle PL/SQL, SQL Server T-SQL, and PowerBuilder. Identify code dependencies to modify your code without breaking your application. Scan your code to improve the security, performance, and quality. Perform Impact analysis to Identify breaking changes. Automatically scan your code to detect and fix security vulnerabilities, bugs and maintenance Issues. Implement continuous code inspection Understand the inner workings of your code with call graphs, code diagrams, CRUD Matrix and Object Dependency Matrix (ODM). Automatically generate an HTML Source Code documentation. Explore your code exploration with hyperlinks Compare applications, databases or pieces of code. Improve maintainability. Clean up code. Comply with dev standards. Analyze and Improve DB code performance: Find slow objects and SQL queries, Optimize a slow object, a Chain of calls a slow SQL, Get a query Execution Plan. And much more.Starting Price: $495 per year -
21
Appknox
Appknox
Push world-class mobile apps faster into the market without compromising on security Build and deploy world-class mobile apps for your organizations at scale and leave your mobile app security to us. Highest Rated Security solution on Gartner We rejoice when the Appknox system secures our client’s app against all vulnerabilities. At Appknox we’re dedicated to delivering Mobile Application Security to help businesses achieve their objectives today and in the near Future. Static Application Security Testing (SAST). With 36 different test cases, Appknox SAST can detect almost every vulnerability that’s lurking around by analyzing your source code. Our tests cover security compliances like OWASP Top 10, PCI-DSS, HIPAA and other commonly used security threat parameters. Dynamic Application Security Testing (DAST). Detect advanced vulnerabilities while your application is running. -
22
Qodana
JetBrains
Static code analysis by Qodana helps development teams follow agreed quality standards, and deliver readable, maintainable, and secure code. Powered by JetBrains. We’ve been perfecting the code analysis in our IDEs for 20+ years based on feedback from millions of community members. Qodana relies on the lines of JetBrains IDEs and brings their intelligence to the CI side. Just like in our IDEs, Qodana’s analysis is accurate but not overbearing and understands the nuances of your code. Integration with tools developers use daily, including JetBrains IDEs, makes it easy to work with Qodana’s results in whichever tool you're most comfortable with. Qodana doesn’t only report problems; it also suggests automatic fixes. Qodana calculates licenses per active contributor, so it won’t cause unexpected expenses or charge you for growing your project (as we don’t calculate LOCs). It’s also free for open-source projects.Starting Price: $5 per month -
23
Zenity
Zenity
Enterprise copilots and low-code/no-code development platforms make it easier and faster than ever to create powerful business AI applications and bots. Generative AI makes it easier and faster for users of all technical backgrounds to spur innovation, automate mundane processes, and craft efficient business processes. Similar to the public cloud, AI and low-code platforms secure the underlying infrastructure, but not the resources or data built on top. As thousands of apps, automation, and copilots are built, prompt injection, RAG poisoning, and data leakage risks dramatically increase. Unlike traditional application development, copilots and low-code do not incorporate dedicated time for testing, analyzing, and measuring security. Unlock professional and citizen developers to safely create the things they need while meeting security and compliance standards. We’d love to chat with you about how your team can unleash copilots and low-code development. -
24
Sparrow SAST
Sparrow
Support over 20 languages including Java, JSP, C/C++, C#, Python, Swift, ASP(.NET), ABAP, Object C, etc. Complies with global security compliances guides and standards. MVC structure analysis, associated file analysis, and analysis of function call relationship in various levels. Incremental analysis: Minimize analysis time by only analyzing newly added, modified files and their associated files. Interact with other Sparrow AST solutions (DAST, RASP) to identify correlation among vulnerabilities and improve search results. Issue navigator to track and follow vulnerabilities from its origin to actual code. Automated real source code correction guide. Automated classification of vulnerabilities. Dashboard for analysis result management and statistics. Centralized rule (Checker) management based on information including risk levels, option and other. -
25
Zulu Embedded
Azul Systems
Zulu Embedded™ is the only fully certified, completely customizable 100% open source Java platform for embedded systems plus IoT and IIoT edge devices, gateways and dedicated applications. Across a wide variety of devices and operating systems. Zulu Embedded™ meets all Java SE standards and requires no coding changes to your application. Leverage industry-standard Java tools for development and profiling. As a pure, 100% open source offering there are no license fees. Every Zulu Embedded support plan offers redistribution-ready downloadable runtimes, access to all security updates, technical troubleshooting, and a wide set of packaging alternatives. We will work with you to determine the bundle requirements, support, and pricing model needed to match your requirements. -
26
Perforce Helix Core
Perforce
Perforce version control — Helix Core — tracks and manages changes to your source code, digital assets, and large binary files. But it does so much more than that. Helix Core helps development teams move faster, even as they develop more complex products. And it provides a single source of truth across development. Contributors can sync their work into Helix Core from the tools they’re already using. Plus, Helix Core can handle everything. 10s of thousands of users. 10s of millions of daily transactions, 100s of terabytes of data. And 10,000+ concurrent commits. It can even deliver files quickly to remote users without the WAN wait. And it can be used on-premises or in the cloud. Spend less time dealing with tools and processes — and more time delivering value. Helix Core ensures that everyone is efficient. You'll get fast feedback, flexibility, and automation for faster builds. Stop wasting your developers’ time with manual workflows — and let them get back to coding. -
27
Helix ALM
Perforce
A good ALM tool helps the application lifecycle management of your product. The best ALM tools give you end-to-end traceability across your lifecycle. That’s why development teams across industries choose Helix ALM. Helix ALM is a modular suite of ALM tools. You can use this application lifecycle management suite to trace requirements, tests, and issues. Helix ALM is the best ALM software for application lifecycle management across the entire lifecycle. Together, this suite of ALM software delivers unparalleled traceability. That means you’ll know if requirements have been tested and met, if test runs have passed (or failed), and if issues have been resolved. Plus, if a requirement changes, you’ll know which test cases and issues will be impacted. Helix ALM makes it easy to create requirements and share requirements documents. You can do requirements reviews and get approvals — all within the software. Plus, you can even reuse requirements across projects. -
28
CodeSonar
GrammaTech
CodeSonar employs a unified dataflow and symbolic execution analysis that examines the computation of the complete application. By not relying on pattern matching or similar approximations, CodeSonar's static analysis engine is extraordinarily deep, finding 3-5 times more defects on average than other static analysis tools. Unlike many software development tools, such as testing tools, compilers, configuration management, etc., SAST tools can be integrated into a team's development process at any time with ease. SAST technologies like CodeSonar simply attach to your existing build environments to add analysis information to your verification process. Like a compiler, CodeSonar does a build of your code using your existing build environment, but instead of creating object code, CodeSonar creates an abstract model of your entire program. From the derived model, CodeSonar’s symbolic execution engine explores program paths, reasoning about program variables and how they relate. -
29
PITSS.CON
PITSS
Our PITSS.CON tool is the all-in-one legacy code analysis and transformation platform. Contact us to learn how you can use PITSS.CON to make the most of your legacy applications. Completely understand your Oracle Forms and Reports applications from the inside out. Oracle Forms and Reports applications of all sizes and levels of complexity can be quickly and accurately analyzed with our static code analysis tool, allowing organizations to take the guesswork and risk out of application development and maintenance. Using Oracle’s own API and the analytical power of its centralized data repository, our static code analysis tool performs a fast, detailed review of even the most complex and comprehensive applications. -
30
Seerene
Seerene
Seerene’s Digital Engineering Platform is a software analytics and process mining technology that analyzes and visualizes the software development processes in your company. It reveals weaknesses and turns your organization into a well-oiled machine, delivering software efficiently, cost-effectively, quickly, and with the highest quality. Seerene provides decision-makers with the information needed to actively drive their organization towards 360° software excellence. Reveal code that frequently contains defects and kills developer productivity. Reveal lighthouse teams and transfer their best-practice processes across the entire workforce. Reveal defect risks in release candidates with a holistic X-ray of code, development hotspots and tests. Reveal features with a mismatch between invested developer time und created user value. Reveal code that is never executed by end-users and produces unnecessary maintenance costs. -
31
Checkov
Bridgecrew
Verify changes to hundreds of supported resource types in all major cloud providers. Scan cloud resources in build-time for misconfigured attributes with a simple Python policy-as-code framework. Analyze relationships between cloud resources using Checkov’s graph-based YAML policies. Execute, test, and modify runner parameters in the context of a subject repository CI/CD and version control integrations. Extend Checkov to define your own custom policies, providers, and suppressions terms. Prevent misconfigurations from being deployed by embedding it into existing developer workflows. Enable automated pull/merge request annotations on your repositories without having to build a CI pipeline or run scheduled checks. The Bridge crew platform will automatically scan new pull requests and annotate them with comments for any policy violations discovered. -
32
COBOL Analyzer
OpenText
COBOL Analyzer provides developers the ability to continuously analyze their code before and after changes are made within their local environment and before committing those changes to the source control management stream. COBOL Analyzer is built on an industry-standard, relational database management system (RDBMS) for centralized storage of application information and artifacts. Intuitive and interactive visualizations ensure that stakeholders have application visibility and developers receive current code change updates. The COBOL Analyzer solution includes a pre-built query library including a set of common queries to locate points of interest within the application code. The COBOL Analyzer solution identifies all code that is affected by the planned code change event. COBOL Analyzer provides developers the ability to continuously analyze their code before and after changes are made within their local environment. -
33
SonarQube
SonarSource
SonarSource builds world-class products for Code Quality and Security. Our open-source and commercial code analyzer - SonarQube - supports 27 programming languages, empowering dev teams of all sizes to solve coding issues within their existing workflows. We embrace progress - whether it's multi-language applications, teams composed of different backgrounds or a workflow that's a mix of modern and legacy, SonarQube has you covered. SonarQube fits with your existing tools and proactively raises a hand when the quality or security of your codebase is at risk. SonarQube can analyze branches of your repo, and notify you directly in your Pull Requests! Our mission is to empower developers first and grow an open community around code quality and code security. Jenkins, Azure DevOps server and many others. Thousands of automated Static Code Analysis rules, protecting your app on multiple fronts, and guiding your team. -
34
Find and fix security issues early with the most accurate results in the industry. OpenText™ Fortify™ Static Code Analyzer pinpoints the root cause of security vulnerabilities in the source code, prioritizes the most serious issues, and provides detailed guidance on how to fix them. Plus, centralized software security management helps developers resolve issues in less time. Gain support for 1,657 vulnerability categories across 33+ languages, spanning more than one million individual APIs. Embed security into application development tools you use, with Fortify’s integration ecosystem. Gain control of the speed and accuracy of SAST by tuning the depth of the scan and minimizing false positives with Audit Assistant. Dynamically scale SAST scans up or down to meet the changing demands of the CI/CD pipeline. Achieve comprehensive shift-left security for cloud-native applications, from IaC to serverless, in a single solution.
-
35
Checkmarx
Checkmarx
The Checkmarx Software Security Platform provides a centralized foundation for operating your suite of software security solutions for Static Application Security Testing (SAST), Interactive Application Security Testing (IAST), Software Composition Analysis (SCA), and application security training and skills development. Built to address every organization’s needs, the Checkmarx Software Security Platform provides the full scope of options: including private cloud and on-premises solutions. Allowing a range of implementation options ensures customers can start securing their code immediately, rather than going through long processes of adapting their infrastructure to a single implementation method. The Checkmarx Software Security Platform transforms the standard for secure application development, providing one powerful resource with industry-leading capabilities. -
36
Sonatype Lift
Sonatype
Find critical performance, reliability, and security bugs when they’re easiest to fix, during code review. Sonatype Lift is a cloud-native, collaborative, code analysis platform built for developers. It analyzes each developer pull request to find and fix security, performance, reliability, and style issues, then reports them as comments in code review, where they are 70x more likely to get fixed. Elevate your development with the first deep code analysis tool focused on code quality. Sonatype Lift participates in the development process by analyzing, reporting, and providing feedback on bugs the same way your teammates do, in peer code review. Made for the development environments your team already uses: GitHub, GitLab, and Bitbucket. The Lift-bot provides you with instant bug and vulnerability reports on every pull request. Go beyond traditional linting and into deeper interprocedural code analysis with one tool. -
37
PT Application Inspector
Positive Technologies
PT Application Inspector is the only source code analyzer providing high-quality analysis and convenient tools to automatically confirm vulnerabilities — significantly speeding up the work with reports and simplifying teamwork between security specialists and developers. The combination of static, dynamic, and interactive application security testing (SAST + DAST + IAST) delivers unparalleled results. PT Application Inspector pinpoints only real vulnerabilities so you can focus on the problems that actually matter. Accurate detection, automatic vulnerability verification, filtering, incremental scanning, and an interactive data flow diagram (DFD) for each vulnerability are special features that make remediation so much quicker. Minimize vulnerabilities in the final product and the costs of fixing them. Perform analysis at the earliest stages of software development. -
38
froglogic Coco
froglogic
Coco® is a multi-language code coverage tool. Automatic source code instrumentation is used to measure test coverage of statements, branches and conditions. Executing a test suite against an instrumented application produces data that can later be analyzed. This analysis can be used to understand how much of the source code has been hit by tests, which additional tests need to be written, how the test coverage changed over time and more. Identify redundant tests, untested or dead code. Identify the impact of a patch on the code and code coverage & your testing. Coco supports statement coverage, branch coverage, MC/DC and other levels. Linux, Windows, RTOS and others. Using GCC, Visual Studio, embedded compilers and more. Choice of different report formats (text, HTML, XML, JUnit, Cobertura). Coco can also be integrated with various build, test and CI frameworks like JUnit, Jenkins and SonarQube.Starting Price: €124.17 per month -
39
IDA Pro
Hex-Rays
IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). Advanced techniques have been implemented into IDA Pro so that it can generate assembly language source code from machine-executable code and make this complex code more human-readable. The debugging feature augmented IDA with the dynamic analysis. It supports multiple debugging targets and can handle remote applications. Its cross-platform debugging capability enables instant debugging, easy connection to both local and remote processes and support for 64-bit systems and new connection possibilities. IDA Pro allows the human analyst to override its decisions or to provide hints so that the analyst can work seamlessly and quickly with the disassembler and analyze binary code more intuitively. -
40
bugScout
bugScout
Platform for detecting security vulnerabilities and analyzing code quality of applications. bugScout was born in 2010, with the objective of promoting global application security through audit and DevOps processes. Our purpose is to promote a culture of safe development and thus provide protection for your company’s information, assets and reputation. Designed by ethical hackers and reputable security auditors, bugScout® follows international security rules and standards and is at the forefront of cybercrime techniques to keep our customers’ applications safe and secure. We combine security with quality, offering the lowest false positive rate on the market and the fastest analysis. Lightest platform on the market, 100% integrated with SonarQube. A platform that unites SAST and IAST, promoting the most complete and versatile source code audit on the market for the detection of Application Security Vulnerabilities. -
41
MATLAB
The MathWorks
MATLAB® combines a desktop environment tuned for iterative analysis and design processes with a programming language that expresses matrix and array mathematics directly. It includes the Live Editor for creating scripts that combine code, output, and formatted text in an executable notebook. MATLAB toolboxes are professionally developed, rigorously tested, and fully documented. MATLAB apps let you see how different algorithms work with your data. Iterate until you’ve got the results you want, then automatically generate a MATLAB program to reproduce or automate your work. Scale your analyses to run on clusters, GPUs, and clouds with only minor code changes. There’s no need to rewrite your code or learn big data programming and out-of-memory techniques. Automatically convert MATLAB algorithms to C/C++, HDL, and CUDA code to run on your embedded processor or FPGA/ASIC. MATLAB works with Simulink to support Model-Based Design. -
42
TASKING
TASKING
The quality of your code is valued by its efficiency and ability to execute flawlessly. Is your current development environment providing you with the tools you need to create clean, efficient, and correct code? You’re responsible for developing solutions that impact human longevity and safety, and the last thing you can afford to compromise on is your integrated development environment. The TASKING Embedded Software Development solutions provide an industry-leading ecosystem for your entire software development process. Each TASKING compiler is developed for a specific architecture and meets the unique needs of your specialized industry requirements including automotive, industrial, telecom, and datacom. A complete integrated development environment allows you to create error-free and efficient code with compilers, debuggers, embedded internet, and RTOS support for industry-leading microprocessors and microcontrollers. -
43
CLion
JetBrains
Who wouldn’t like to code at the speed of thought while the IDE does all the mundane development tasks for them? But is that really possible for a tricky language like C++, what with its modern standards and heavily templated libraries? Why, yes, yes it is! See it to believe it. Generate tons of boilerplate code instantly. Override and implement functions with simple shortcuts. Generate constructors and destructors, getters and setters, and equality, relational, and stream output operators. Wrap a block of code with a statement, or generate a declaration from a usage. Create custom live templates to reuse typical code blocks across your code base to save time and maintain a consistent style. Rename symbols; inline a function, variable, or macro; move members through the hierarchy; change function signatures; and extract functions, variables, parameters, or a typedef.Starting Price: $8.90 per month -
44
Sourcery CodeBench
Siemens
Sourcery CodeBench delivers a powerful toolset that helps embedded software engineers to efficiently develop and optimize software for a variety of targets and various domains including Automotive, Connectivity, Graphics, and Video applications. Sourcery CodeBench goes beyond just the compiler to provide developers with powerful open source, embedded C/C++ development tools to build, debug, analyze and optimize embedded software in complex heterogeneous architectures including Arm, IA32, MIPS and Power Architectures. Eclipse based IDE enabling workspace customization and project management. Enhanced source code editor with syntax highlighting. Custom board support through Board Builder, a tool for automatically generating linker scripts, debug configuration files, and start-up code based on a board’s memory map. -
45
IAR Embedded Workbench
IAR Systems
Complete development environment for Arm, generating fast, compact code and enabling you to take full control of your code. One Integrated Development Environment with project management tools and editor. Included is 8,400 example projects containing configuration files, code examples and project templates, giving every project a quick start. The IAR C/C++ Compiler is built by our compiler experts and supports C and C++. It offers advanced global and target-specific optimizations, and supports a wide range of industry-standard debug and image formats, compatible with most popular debuggers and emulators, including ELF/DWARF where applicable. Coupled with the complete linker and assembler, it enables powerful building of embedded applications. Support for all 32-bit Arm core from all major vendors and selected 64-bit Arm cores. Our tools are available in a flexible license model to suit your company needs. -
46
HCL OneTest Embedded
HCL Software
Automating the creation and deployment of component test harnesses, test stubs and test drivers is a cinch thanks to OneTest Embedded. With a single click from any development environment, one can profile memory and performance, analyze code coverage and visualize program execution behavior. Additionally, OneTest Embedded helps be more proactive in debugging, while identifying and assisting in fixing code before it breaks. Allows for a virtual cycle of test generation, while executing, reviewing and testing improvement to rapidly achieve full test coverage. One click is all it takes to build, execute on the target, and generate reports. Helps preempt performance issues and program crashes. Additionally, can be adapted to work with custom memory management methods used in embedded software. Provides visibility on thread execution and switching to develop a deep understanding of the behavior of the system under test. -
47
Embunit
Embunit
Embunit is a unit testing tool for programmers and testers developing software in C or C++. It is aimed at embedded software development, but can be used to create unit tests for any software written in C or C++. Embunit eliminates the mundane, repetitive aspects of writing unit tests, leaving you free to concentrate on defining the test behaviour. This is achieved by specifying a sequence of actions as shown in the example screenshot below. Embunit generates the unit test source code automatically. Embunit has been developed with flexibility in mind, and can be customised to create unit tests for virtually any hardware platform; even the smallest microcontrollers. It is not tied to any specific toolset and is designed to accommodate the common limitations of embedded C++ compilers.Starting Price: $131.19 per user -
48
MPLAB Data Visualizer
Microchip
Troubleshooting your code's run-time behavior has never been easier. MPLAB® Data Visualizer is a free debugging tool that graphically displays run-time variables in an embedded application. Available as a plug-in for MPLAB X Integrated Development Environment (IDE) or a stand-alone debugging tool, it can receive data from various sources such as the Embedded Debugger Data Gateway Interface (DGI) and COM ports. You can also track your application's run-time behavior using a terminal or graph. To get started with visualizing data, check out the Curiosity Nano Development Platform and Xplained Pro Evaluation Kits. Capture data streamed from a running embedded target via serial port (CDC) or the Data Gateway Interface (DGI). Concurrently stream data and debug target code using MPLAB® X IDE. Decode data fields at runtime using the Data Stream Protocol format. Visualize the raw or decoded data in a graph as a time series or display the data in a terminal. -
49
Atmel START
Microchip
Atmel START is an innovative online tool for intuitive, graphical configuration of embedded software projects. It lets you select and configure software components, drivers and middleware, as well as complete example projects specifically tailored to the needs of your application. The configuration stage lets you review dependencies between software components, conflicts and hardware constraints. In the case of a conflict, Atmel START will automatically suggest solutions that fit your specific setup. With graphical pin-mux and clock configuration, you can easily match your software and drivers with your own hardware layout. The tool also provides automated assistance for retargeting projects and applications for different devices. Getting that sample code to run on your board has never been easier. When you are done with your configuration, you can download it for use together with your preferred integrated development environment (IDE). -
50
TimeMachine
Green Hills Software
The TimeMachine debugging suite extends the range of Green Hills Software’s popular MULTI integrated development environment (IDE) by providing a window into the complex interactions in software that can result in bugs, performance problems, and testing nightmares. By presenting this information in easy-to-understand displays, TimeMachine enables developers to quickly navigate through trace data and produce better code in less time. With TimeMachine you can debug both forward and backward in time, making it easier to find even the hardest time. Make your software run faster than you thought possible by examining program execution history to find previously unknown bottlenecks. Accelerate debugging by stepping backward a single step at a time into functions you've already stepped over. Leverage gigabytes of execution history to verify that your program has been fully tested.