Source Code Comparison Tool Free Download

This is a list of tools for static code analysis.

Open Source Comparison Tool
Source Code online, free
Source Code Comparison Tool free download. software
Source Code Comparison Tool free. download full Version
Free Source Code

WinMerge is an Open Source differencing and merging tool for Windows. WinMerge can compare both folders and files, presenting differences in a visual text format that is easy to understand and handle.
Performs a side-by-side comparison of 2 folders, showing which files are only present in one file or the other, as well as file pairs which are identical or different. Windows Explorer Integration. Right-click on any two files in Windows Explorer to diff them immediately.

Code Compare is a free compare tool designed to compare and merge differing files and folders. Code Compare integrates with all popular source control systems: TFS, SVN, Git, Mercurial, and Perforce. Code Compare is shipped both as a standalone file diff tool and a Visual Studio extension. WinMerge is Open Source software under the GNU General Public License. This means everybody can download the source code and improve and modify it. The only thing we ask is that people submit their improvements and modifications back to us so that all WinMerge users may benefit. Jun 18, 2016 Download Open Source Code Compare Tool. Code Compare is a free tool designed to compare. Code Compare integrates with all popular. TFS, SVN, Git, Mercurial, and Perforce. Code Compare is. Shipped both as a standalone file diff tool and a Visual Studio extension. Code Compare Pro edition of the tool is specially adapted for comparing. Tools that help developers to write code, conduct code reviews, compare sources, track the working time, and much more. On this page you can download a trial version of Code Compare for evaluation purposes. 30 days free trial. This is a list of tools for static code analysis. Language Multi-language. Apache Yetus – A collection of build and release tools.Included is the 'precommit' module that is used to execute full and partial/patch CI builds that provides static analysis of code via other open source tools as part of a configurable report.

Language[edit]

Multi-language[edit]

Apache Yetus – A collection of build and release tools. Included is the 'precommit' module that is used to execute full and partial/patch CI builds that provides static analysis of code via other open source tools as part of a configurable report. Built-in support for C, C++, Java, Perl, Python, Ruby, Shell, and XML. May be extended via a plug-in framework.
Axivion Bauhaus Suite – A static code analysis tool suite for Ada, C, C++, C#, and Java code that performs various analyses such as architecture checking, interface analyses, MISRA checking, and clone detection.
Cigital SecureAsist – A lightweight IDE plugin that points out common security vulnerabilities in real time as the developer is coding. Supports Java, .NET, and PHP.
Code Dx – Software application vulnerability correlation and management system that consolidates and normalizes software vulnerabilities detected by multiple static application security testing (SAST) and dynamic application security testing (DAST) tools, as well as the results of manual code reviews. Supports C, C++, C#, Java, JavaScript, JSP, PHP, Python, Rails, Ruby, Scala, VB.NET and XML/XSL.^[1]
CodeScene – Behavioral code analysis based on revision control data. Can analyse any codebase, and supports X-Ray (or method-level analysis) for C, C++, C#, Java, Groovy, JavaScript, TypeScript, Objective-C, Scala, Python, Swift, Go, Visual Basic .Net, PHP, and Ruby.
Compuware Topaz for Program Analysis – A static code analysis for PL/I and COBOL. Produces visual displays of structure charts and logic/data flow and shows dependencies across programs.
ConQAT – Continuous quality assessment toolkit that allows flexible configuration of quality analyses (architecture conformance, clone detection, quality metrics, etc.) and dashboards. Supports Java, C#, C++, JavaScript, ABAP, Ada and many other languages.
Coverity – A static analysis tool for C, C++, C#, Objective-C, Java, Javascript, node.JS, Ruby, PHP, & Python.
Micro FocusFortify Software Static Code Analyzer – Helps developers identify software security vulnerabilities in more than 30 languages, including C, C++, Java, JSP, .NET, ASP.NET, classic Active Server Pages (ASP), ColdFusion, PHP, Visual Basic 6, VBScript, JavaScript, PL/SQL, T-SQL, Python, Objective-C, ABAP and COBOL and configuration files.
Micro Focus Enterprise Analyzer and COBOL Analyzer. Static code analysis and visualization tools for legacy and mainframe applications. Analyze code in different languages including COBOL, PL/I, Natural, RPG, Java, Assembler, Easytrieve, VB, C/C++, PL/SQL, C#, VB.NET, KornShell, Job schedulers and more.
GrammaTechCodeSonar – Defect detection (buffer overruns, memory leaks, etc.), concurrency and security checks, architecture visualization and software metrics for C, C++, Objective-C, and Java source code.
IBM Security AppScan (formerly known as IBM Rational AppScan) Source Edition – Analyzes source code to identify security vulnerabilities while integrating security testing with software development processes and systems. Supports C, C++, .NET, Java, JSP, JavaScript, ColdFusion, Classic ASP, PHP, Perl, Visual Basic 6, PL/SQL, Python, T-SQL, and COBOL
Facebook Infer – A tool for Java, C, C++, and Objective-C. Targets null pointer problems, leaks, concurrency issues and API usage for Facebook's mobile apps. Available as open source on github.
Imagix 4D – C, C++ and Java. Windows and Linux versions.
Kiuwan – Software Analytics end-to-end platform for static code analysis and automated code review. It covers defect detection, application security & IT Risk Management, with enhanced life cycle and application governance features. Support for over 20 languages, including Objective-C, Java, JSP, JavaScript, PHP, C, C++, ABAP, COBOL, JCL, C#, PL/SQL, Transact-SQL, SQL, Visual Basic, Visual Basic .NET, Android (operating system).
Klocwork – Provides security vulnerability, standards compliance (MISRA, ISO 26262 and others), defect detection and build-over-build trend analysis for C, C++, C#, Java.
Lint, as supplied with the AndroidSDK.
LDRA Testbed – A software analysis and testing tool suite for C, C++, Ada83, Ada95 and Assembler (Intel, Freescale, Texas Instruments).
MALPAS – A software static analysis toolset for a variety of languages including Ada, C, Pascal and Assembler (Intel, PowerPC and Motorola). Used primarily for safety critical applications in Nuclear and Aerospace industries.
Moose – Moose started as a software analysis platform with many tools to manipulate, assess or visualize software. It can evolve to a more generic data analysis platform. Supported languages are C, C++, Java, Smalltalk, .NET, more may be added.
Parasoft – Provides static analysis (pattern-based, flow-based, in-line, metrics) for C, C++, Java, .NET (C#, VB.NET, etc.), JSP, JavaScript, XML, and other languages for standards like MISRA, CWE, OWASP, and CERT. Through a Development Testing Platform, static code analysis functionality is integrated with unit testing, peer code review, runtime error detection and traceability.
Copy/Paste Detector (CPD) – PMDsduplicate code detection for (e.g.) Java, JSP, C, C++, ColdFusion, PHP and JavaScript^[2] code.
Polyspace – Uses abstract interpretation to detect and prove the absence of certain run time errors in source code for C, C++, and Ada
Pretty Diff – A language-specific code comparison tool that features language-specific analysis reporting in addition to language-specific minification and beautification algorithms.
Protecode – Analyzes the composition of software source code and binary files, searches for open source and third party code and their associated licensing obligations. Can also detect security vulnerabilities.
PVS-Studio – A software analysis tool for C, C++, C++/CLI, C++/CX (Component Extensions), C#, Java.
RIPS - A static code analysis solution for PHP, Java and Node.js with many integration options for the automated detection of complex security vulnerabilities.
Rogue Wave Software OpenLogic – Scans source code and binaries to identify open source code and licenses, manages open source policies and approvals, reports security vulnerabilities, and provides open source technical support.
Semmle – Supports C, C++, C#, Java, JavaScript, Objective-C, and Python.
SideCI – Static code analysis based automated code review tool for Ruby, Python, PHP, JavaScript, CoffeeScript and Go. Checks style, quality, dependencies, security and bugs.
SofCheck Inspector – Static detection of logic errors, race conditions, and redundant code for Ada and Java; automatically extracts pre-postconditions from code.
SonarQube – A continuous inspection engine that finds vulnerabilities, bugs and code smells. Also tracks code complexity, unit test coverage and duplication. Supported languages: ABAP, Android (Java), C, C++, CSS, Objective-C, COBOL, C#, Flex, Forms, Groovy, Java, JavaScript, Natural, PHP, PL/SQL, Swift, Visual Basic 6, Web, XML, Python, Ruby, Go, Scala, Kotlin, Apex.
Sotoarc-Sotograph – Architecture and quality in-depth analysis and monitoring for C, C++, C#, Java, ABAP.
SourceMeter - A proprietary platform-independent, command-line static source code analyzer for Java, C, C++, RPG IV (AS/400) and Python.
SQuORE is a multi-purpose and multi-language monitoring tool^[3] for software projects.
Understand – A multi-platform tool for code analysis and comprehension of large code bases. Supported languages include Ada, Cobol, Ansi C, K&R C, Ansi C++, C#, FORTRAN, Java, Jovial, Pascal, PL/M, Python, VHDL, Objective C, Objective C++, HTML, PHP, JavaScript, and XML.
Veracode – Finds security flaws in application binaries and bytecode without requiring source. Supported languages include C, C++, .NET (C#, C++/CLI, VB.NET, ASP.NET), Java, JSP, ColdFusion, PHP, Ruby on Rails, JavaScript and TypeScript (including AngularJS, Node.js and Jquery), Python, Perl, Scala, Objective-C, Swift, Active Server Pages, Visual Basic 6, COBOL, and IBM RPG, including mobile applications on the Android and iOS platforms and written in JavaScript cross platform frameworks.^[4]
Yasca – Yet Another Source Code Analyzer, a plugin-based framework to scan arbitrary file types, with plugins for C, C++, Java, JavaScript, ASP, PHP, HTML-CSS, ColdFusion, COBOL, and other file types. It integrates with other scanners, including FindBugs, PMD, and Pixy.

.NET[edit]

.NET Compiler Platform (Codename Roslyn) – Open-source compiler framework for C# and Visual Basic .NET developed by Microsoft .NET. Provides an API for analyzing and manipulating syntax.
CodeIt.Right – Combines static code analysis and automatic refactoring to best practices which allows automatic correction of code errors and violations; supports C# and VB.NET.
CodeRush – A plugin for Visual Studio which alerts users to violations of best practices.
FxCop – Free static analysis for Microsoft .NET programs that compiles to CIL. Standalone and integrated in some Microsoft Visual Studio editions; by Microsoft.
NDepend – Simplifies managing a complex .NET code base by analyzing and visualizing code dependencies, by defining design rules, by doing impact analysis, and by comparing different versions of the code. Integrates into Visual Studio.
Parasoft dotTEST – A static analysis, unit testing, and code review plugin for Visual Studio; works with languages for Microsoft .NET Framework and .NET Compact Framework, including C#, VB.NET, ASP.NET and Managed C++.
StyleCop – Analyzes C# source code to enforce a set of style and consistency rules. It can be run from inside of Microsoft Visual Studio or integrated into an MSBuild project.

Ada[edit]

SPARK Toolset – Verification tools for SPARK 2014 – a subset of Ada 2012 that leverages Ada's support for contracts. Designed to offer soundness, depth, modularity and efficiency of verification.
AdaControl – A tool to control occurrences of various entities or programming patterns in Ada code, used for checking coding standards, enforcement of safety related rules, and support for various manual inspections. Features automatic fixing of violations.
CodePeer – An advanced static analysis tool that detects potential run-time logic errors in Ada programs.
Fluctuat – Abstract interpreter for the validation of numerical properties of programs.
LDRA Testbed – A software analysis and testing tool suite for Ada83/95.
Polyspace – Uses abstract interpretation to detect and prove the absence of certain run time errors in source code.
SofCheck Inspector – (Bought by AdaCore) Static detection of logic errors, race conditions, and redundant code for Ada; automatically extracts pre-postconditions from code.

C, C++[edit]

Tool	Latest release	Free software	Cyclomatic Complexity Number	Duplicate code	Notes
Astrée	No; Proprietary	finds all potential runtime errors and data races by abstract interpretation, can prove their absence, and can prove functional assertions; tailored towards safety-critical C code (e.g. avionics and automotive). Includes MISRA checker.
Axivion Bauhaus Suite	No; Proprietary	A static code analysis tool suite for Ada, C, C++, C#, and Java code that performs various analyses such as architecture checking, interface analyses, MISRA checking, and clone detection.
BLAST – (Berkeley Lazy Abstraction Software verification Tool (retired)	2.7.2	Yes	An open-source software model checker for C programs based on lazy abstraction (follow-on project is CPAchecker.^[5]).
Clang	8.0.0	Yes	An open-source compiler that includes a static analyzer.
CLion	2019.1	No; Proprietary	An IDE with a built-in source code analysis.
Coccinelle	1.0.7	Yes	An open-source source code pattern matching and transformation.
Coverity	2019.12^[6]	No; Proprietary	A static analysis tool for C/C++.
CPAchecker	Yes; Apache 2 License	A tool for execution path checking of C.
Cppcheck	1.90	Yes; GPL	No	No	Open-source tool that checks for several types of errors, including use of STL.
Cppdepend	2019.1	No;Proprietary	Simplifies managing a complex C/C++ code base by analyzing and visualizing code dependencies, by defining design rules, by doing impact analysis, and comparing different versions of the code.
cpplint	Yes	An open-source tool that checks for compliance with Google's style guide for C++ coding.
ECLAIR	A platform for the automatic analysis, verification, testing and transformation of C and C++ programs.
Eclipse	Yes	An open-source IDE that includes a static code analyzer.
Fluctuat	Abstract interpreter for the validation of numerical properties of programs.
Frama-C	Yes	An open-source static analysis framework for C.
Goanna	A software analysis tool for C/C++.
Helix QAC	Formerly PRQA QA·C and QA·C++, deep static analysis of C/C++ for quality assurance and guideline/coding standard enforcement with MISRA support.
Infer	Yes	Developed by an engineering team at Facebook with open-source contributors. Targets null pointer and other memory problems. Available as open-source on github.
Lint	The original, from 1978, static code analyzer for C.
LDRA Testbed	v9.8.1 (2019-07-30)	A software analysis and testing tool suite for C/C++, that performs static analysis, standards enforcement (eg MISRA C/C++) , dynamic analysis, unit testing and requirements traceability.
Parasoft C/C++test	10.4.2	No; Proprietary	A C/C++ tool that does static analysis, unit testing, code review, and runtime error detection; plugins available for Visual Studio and Eclipse-based IDEs.
PC-Lint	No	A software analysis tool for C with partial support for C++2011.
Polyspace	No	Uses abstract interpretation to detect and prove the absence of run time errors, Dead Code in source code as well as used to check all MISRA (2004, 2012) rules (directives, non directives).
SLAM project	a project of Microsoft Research for checking that software satisfies critical behavioral properties of the interfaces it uses.
Sparse	Yes	An open-source tool designed to find faults in the Linux kernel.
SonarQube	8.1	No	Yes	Yes	An open-source tool which offers C/C++ support via a commercial license
Splint	3.1.2	Yes	An open-source tool statically checking C programs for security vulnerabilities and coding mistakes.
Visual Studio	Yes	An IDE that provides static code analysis for C/C++ both in the editor environment and from the compiler command line.

Java[edit]

Tool	Latest release	Free software	Duplicate code	Notes
Checkstyle	2020-01-26	Yes; LGPL	No	Besides some static code analysis, it can be used to show violations of a configured coding standard. Duplicate code detection was removed^[7] from Checkstyle.
Coverity	2017-01-19	No; Proprietary	Coverity is a static analysis and Static Application Security Testing (SAST) platform that finds critical defects and security weaknesses in code as it’s written before they become vulnerabilities, crashes, or maintenance headaches.
Eclipse	2017-06-28	Yes; EPL	No	Cross-platform IDE with own set of several hundred code inspections available for analyzing code on-the-fly in the editor and bulk analysis of the whole project. Plugins for Checkstyle, FindBugs, and PMD.
FindBugs	2015-03-06	Yes; LGPL	Based on JakartaBCEL from the University of Maryland. SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community.
Infer	2017-10-19	Yes; BSD with additio- nal patent clause	Developed by an engineering team at Facebook with open-source contributors. Targets null pointer exceptions, leaks, and thread safety issues.
IntelliJ IDEA	2017-11-30	Yes; ASL 2	Yes	A leading Java IDE with built-in code inspection and analysis. Plugins for Checkstyle, FindBugs, and PMD.
JArchitect	2017-06-11	No; Proprietary	Simplifies managing a complex code base by analyzing and visualizing code dependencies, defining design rules, doing impact analysis, and by comparing different versions of the code.
Jtest	2019-05-21	No; Proprietary	Yes	Testing and static code analysis product by Parasoft.
LDRA Testbed	No; Proprietary	Analysis and testing tool suite.
PMD	2019-06-30	Yes; BSD, ASL 2, LGPL	Yes	A static ruleset based source code analyzer that identifies potential problems.
RIPS	2019-01-07	No; Proprietary	Language-specific source code analysis solution with many integration options for accurate detection of complex security and quality issues.
SemmleCode	No; Proprietary	Object oriented code queries for static program analysis.
Soot	Yes; LGPL	A language manipulation and optimization framework consisting of intermediate languages.
SpotBugs	2020-02-16	Yes; LGPL	Based on FindBugs and BCEL from the University of Maryland.
Squale	2011-05-26	Yes; LGPL	A platform to manage software quality.
SourceMeter	2016-02-01	No; Proprietary	Yes	A platform-independent, command-line static source code analyzer.
ThreadSafe	2014-03-28	No; Proprietary	A static analysis tool focused on finding concurrency bugs.

JavaScript[edit]

ESLint – JavaScript syntax checker and formatter.
Google's Closure Compiler – JavaScript optimizer that rewrites code to be faster and smaller, and checks use of native JavaScript functions.
JSHint – A community driven fork of JSLint.
JSLint – JavaScript syntax checker and validator.

Objective-C, Objective-C++[edit]

Clang – The free Clang project includes a static analyzer. As of version 3.2, this analyzer is included in Xcode.^[8]
Infer – Developed by an engineering team at Facebook with open-source contributors. Targets null pointers, leaks, API usage and other lint checks. Available as open source on github.
GrammaTech CodeSonar – A static program analysis tool for C,C++, Objective-C..., see above.

Opa[edit]

Opa includes its own static analyzer. As the language is intended for web application development, the strongly statically typed compiler checks the validity of high-level types for web data, and prevents by default many vulnerabilities such as XSS attacks and database code injections.

Packaging[edit]

Lintian – Checks Debian software packages for common inconsistencies and errors.
Rpmlint – Checks for common problems in rpm packages.

Perl[edit]

Perl::Critic – A tool to help enforce common Perl best practices. Most best practices are based on Damian Conway's Perl Best Practices book.
PerlTidy – Program that acts as a syntax checker and tester/enforcer for coding practices in Perl.
Padre – An IDE for Perl that also provides static code analysis to check for common beginner errors.

PL/SQL[edit]

TOAD – A PL/SQL development environment with a Code xPert component that reports on general code efficiency as well as specific programming issues.
Visual Expert – A PL/SQL code analysis tool^[9] that reports on programming issues and helps understand and maintain complex code (Impact Analysis, Source Code documentation, Call trees, CRUD matrix, etc.).

Python[edit]

PyCharm – Cross-platform Python IDE with code inspections available for analyzing code on-the-fly in the editor and bulk analysis of the whole project.
PyDev – Eclipse-based Python IDE with code analysis available on-the-fly in the editor or at save time.
Pylint – Static code analyzer. Quite stringent; includes many stylistic warnings as well.

Transact-SQL[edit]

Visual Expert – A SQLServer code analysis tool^[10] that reports on programming issues and helps understand and maintain complex code (Impact Analysis, Source Code documentation, Call trees, CRUD matrix, etc.).

Open Source Comparison Tool

Formal methods tools[edit]

Tools that use sound, i.e. over-approximating a rigorous model, formal methods approach to static analysis (e.g., using static program assertions). Sound methods contain no false negatives for bug-free programs, at least with regards to the idealized mathematical model they are based on (there is no 'unconditional' soundness). Note that there is no guarantee they will report all bugs for buggy programs, they will report at least one.

Source Code online, free

Astrée – finds all potential runtime errors by abstract interpretation, can prove the absence of runtime errors and can prove functional assertions; tailored towards safety-critical C code (e.g. avionics).
CodePeer – Statically determines and documents pre- and post-conditions for Ada subprograms; statically checks preconditions at all call sites.
ECLAIR – Uses formal methods-based static code analysis techniques such as abstract interpretation and model checking combined with constraint satisfaction techniques to detect or prove the absence of certain run time errors in source code.
ESC/Java and ESC/Java2 – Based on Java Modeling Language, an enriched version of Java
Frama-C – An open-source static analysis framework for C.
KeY – analysis platform for Java based on theorem proving with specifications in the Java Modeling Language; can generate test cases as counterexamples; stand-alone GUI or Eclipse integration
MALPAS – A formal methods tool that uses directed graphs and regular algebra to prove that software under analysis correctly meets its mathematical specification.
Polyspace – Uses abstract interpretation, a formal methods based technique,^[11] to detect and prove the absence of certain run time errors in source code for C/C++, and Ada
SPARK Toolset including the SPARK Examiner – Based on the SPARK language, a subset of Ada.

References[edit]

^'Supported Application Security Testing Tools and Languages'. codedx.com. Retrieved Apr 25, 2017.
^'PMD - Browse /pmd/5.0.0 at SourceForge.net'. Retrieved Dec 9, 2012.
^Baldassari, Boris (2012). 'SQuORE: a new approach to software project assessment', International Conference on Software and Systems Engineering and their Applications, Nov. 2012, Paris, France.
^'White Box Testing/Binary Static Analysis (SAST)'. Veracode.com. Retrieved 2018-02-06.
^'CPAchecker'. 2015-02-08.
^'SIG Customer Community'. community.synopsys.com. Retrieved 2020-02-06.
^https://github.com/checkstyle/checkstyle/issues/523
^'Static Analysis in Xcode'. Apple. Retrieved 2009-09-03.
^'Visual Expert for Oracle - PL/SQL Code Analyzer'. www.visual-expert.com. 2017-08-24.
^'Visual Expert for SQL Server - Transact SQL Code Analyzer'. www.visual-expert.com. 2017-08-24.
^Cousot, Patrick (2007). 'The Role of Abstract Interpretation in Formal Methods'. Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007). IEEE International Conference on Software Engineering and Formal Methods. pp. 135–140. doi:10.1109/SEFM.2007.42. ISBN978-0-7695-2884-7.