GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Tencent → Tscancode

Tencent / Tscancode

Licence: other
A static code analyzer for C++, C#, Lua

Programming Languages

lua
6591 projects
cpp
1120 projects
csharp
926 projects

Labels

static-code-analysis

Projects that are alternatives of or similar to Tscancode

Rubocop Rails
A RuboCop extension focused on enforcing Rails best practices and coding conventions.
Stars: ✭ 433 (-61.06%)
Mutual labels:  static-code-analysis
Scalastyle
scalastyle
Stars: ✭ 679 (-38.94%)
Mutual labels:  static-code-analysis
Sonar Java
☕️ SonarSource Static Analyzer for Java Code Quality and Security
Stars: ✭ 745 (-33%)
Mutual labels:  static-code-analysis
Phpcs Security Audit
phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code
Stars: ✭ 525 (-52.79%)
Mutual labels:  static-code-analysis
Phan
Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
Stars: ✭ 5,194 (+367.09%)
Mutual labels:  static-code-analysis
Sonarjs
SonarSource Static Analyzer for JavaScript and TypeScript
Stars: ✭ 696 (-37.41%)
Mutual labels:  static-code-analysis
Souffle
Soufflé is a variant of Datalog for tool designers crafting analyses in Horn clauses. Soufflé synthesizes a native parallel C++ program from a logic specification.
Stars: ✭ 426 (-61.69%)
Mutual labels:  static-code-analysis
Rubocop Packaging
A RuboCop extension focused on enforcing upstream best practices and coding conventions.
Stars: ✭ 29 (-97.39%)
Mutual labels:  static-code-analysis
Jackhammer
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Stars: ✭ 633 (-43.08%)
Mutual labels:  static-code-analysis
Eslint Plugin Node
Additional ESLint's rules for Node.js
Stars: ✭ 740 (-33.45%)
Mutual labels:  static-code-analysis
Pep8speaks
A GitHub app to automatically review Python code style over Pull Requests
Stars: ✭ 546 (-50.9%)
Mutual labels:  static-code-analysis
Phpdoc Parser
Next-gen phpDoc parser with support for intersection types and generics
Stars: ✭ 569 (-48.83%)
Mutual labels:  static-code-analysis
Stacoan
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Stars: ✭ 707 (-36.42%)
Mutual labels:  static-code-analysis
Sonar Dotnet
Code analyzer for C# and VB.NET projects https://redirect.sonarsource.com/plugins/vbnet.html
Stars: ✭ 466 (-58.09%)
Mutual labels:  static-code-analysis
Eslint Plugin
ESLint configurations and additional rules for me
Stars: ✭ 19 (-98.29%)
Mutual labels:  static-code-analysis
Gosec
Golang security checker
Stars: ✭ 5,694 (+412.05%)
Mutual labels:  static-code-analysis
Standard
🌟 JavaScript Style Guide, with linter & automatic code fixer
Stars: ✭ 26,433 (+2277.07%)
Mutual labels:  static-code-analysis
Devreplay
A linter that replay your developing style
Stars: ✭ 39 (-96.49%)
Mutual labels:  static-code-analysis
Cfmt
cfmt is a tool to wrap Go comments over a certain length to a new line.
Stars: ✭ 28 (-97.48%)
Mutual labels:  static-code-analysis
Checkstyle
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
Stars: ✭ 6,481 (+482.82%)
Mutual labels:  static-code-analysis
View All Similar Projects ➔

TscanCode

Release version

A fast and accurate static analysis solution for C/C++, C#, Lua codes

Tencent is pleased to support the open source community by making TscanCode available.

Copyright (C) 2017 Tencent company and TscanCode Team. All rights reserved.

Introduction

TscanCode is devoted to help programmers to find out code defects at the very beginning.

  • TscanCode supports multi-language: C/C++, C# and Lua codes;
  • TscanCode is fast and accurate, The performance can be 200K lines per minute and the accuracy rate is about 90%;
  • TscanCode is easy to use, It doesn't require strict compiling enviroment and one single command can make it work;
  • TscanCode is extensible, you can implement your own checks with TscanCode.

Highlights in v2.14.24 (2018-02-24)

  • Rule Package was released on GUI, easier for rule customization;
  • GUI supports marking false-positive errors now.

For other changes please refer to change log.

Compiling

Any C++11 compiler should work. For compilers with partial C++11 support it may work. If your compiler has the C++11 features that are available in Visual Studio 2015 then it will work. If nullptr is not supported by your compiler then this can be emulated using the header lib/cxx11emu.h.

There are multiple compilation choices:

  • Windows: Visual Studio (Visual Studio 2015 and above)
  • Linux: g++ 4.6 (or later)
  • Mac: clang++

Visual Studio

Use the tsancode.sln file. The file is configured for Visual Studio 2015, but the platform toolset can be changed easily to older or newer versions. The solution contains platform targets for both x86 and x64.

Select option Release to build release version.

g++ or clang++

Simple build (no dependencies):

make

Usage at a glance

This simple example contains a potential null pointer defect. Checking if p is null indicates that p might be null, so dereferencing p *p is not safe outside the if-scope.

// func.cpp
void func(int* p) {
    if(p == NULL) {
        printf("p is null!");
    }

    printf("p is %d", *p);
}

Run TscanCode:

./tscancode --xml func.cpp 2>result.xml

Error list, result.xml:

<?xml version="1.0" encoding="UTF-8"?>
<results>
    <error file="func.cpp" line="7" id="nullpointer" subid="dereferenceAfterCheck" severity="error" 
           msg="Comparing [p] to null at line 3 implies [p] might be null. Dereferencing null pointer [p]." />
</results>

There are more examples:

For now, codes under trunk are only for TscanCode CPP version, C# and Lua version are in the internal review process. Sorry for the inconvenience.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].