Any open-source software that is similar to Fortify?

jj pan picture jj pan · Aug 17, 2012 · Viewed 17.2k times · Source

I have been using PMD and Findbug for my application but fortify managed to detect some of the security vulnerabilities in my application. I am wondering if there is other open-source software that does the similar job as Fortify?

Answer

h3xStream picture h3xStream · Apr 22, 2013

If your focus is on security, you could benefit from additional security rules. Find Security Bugs is a set of detectors for FindBugs.

Disclaimer : I'm the author of the tool mention

Here is an exhaustive list of static analyzers maintained by the nist : http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html