Code Dx Supported Analysis Tools
Note: The “Focus” column shows the main area of focus for each tool – Security, Quality (Defects/Bugs) or Coding Standards/Styles. However, the analysis of many tools may cross into other areas and may be affected by version and specific configuration.
Open Source
The following table lists the supported open source analysis and test tools which have been integrated with Code Dx, as well as the major supported languages for each.
| Tool | Type | Focus | Languages |
| Brakeman | Static Analysis | Security | Ruby |
| CA.NET | Static Analysis | Security | Managed Code (C#, VB.NET, J#) |
| CheckStyle | Static Analysis | Standards | Java |
| CppCheck | Static Analysis | Quality | C/C++ |
| FindBugs | Static Analysis | Quality | Java |
| FxCop | Static Analysis | Quality/Security | .NET |
| Gendarme | Static Analysis | Quality | .NET |
| JSHint | Static Analysis | Quality/Standards | JavaScript |
| OWASP Dependency-Check | Static Analysis | Security | Java, .NET |
| PHP Codesniffer | Static Analysis | Standards | PHP, JavaScript, CSS |
| PHP MD | Static Analysis | Quality | PHP |
| PMD | Static Analysis | Quality | Java, XML, XSL |
| PyLint | Static Analysis | Quality | Python |
| Retire.js | Static Analysis | Security | JavaScript |
| ScalaStyle | Static Analysis | Quality/Standards | Scala |
| AndroidLint | Static Analysis | Quality/Security | Android platform development |
| Clang | Static Analysis | Quality | C/C++, Objective C, Objective C++ |
| Error-prone | Static Analysis | Quality | Java |
| JLint | Static Analysis | Quality | Java |
| OCLint | Static Analysis | Quality | C/C++, Objective C |
| Arachni | Dynamic Analysis | Security | WebApps |
| OWASP ZAP | Dynamic Analysis | Security | WebApps |
| OWASP Dependency Check | Component | Security | Java, .NET |
| Retire.js | Component | Security | JavaScript |
Commercial
The following table lists the supported commercial analysis and test tools which have been integrated with Code Dx, as well as the major supported languages for each.
| Tool | Type | Focus | Languages |
| Amorize CodeSecure | Static Analysis | Security | WebApps |
| Checkmarx | Static Analysis | Security | C/C++, Java, .NET, ASP, VB, PHP, JavaScript, Ruby, VBScript, Perl, Objective-C, Python, Groovy, |
| Coverity | Static Analysis | Quality/Security/Standards | C/C++, C#. Objective-C, Java, JavaScript |
| GrammaTech CodeSonar | Static Analysis | Quality/Security/Standards | C/C++, Java |
| HP Fortify Static Code Analysis | Static Analysis | Security | All major languages (23 plus supported) |
| IBM AppScan | Static Analysis | Security | C/C++, COBOL, Java, JavaScript, Perl, PHP, .NET (C#, ASP.NET,VB.NET), ASP, VB |
| Parasoft JTest | Static Analysis | Quality/Security/Standards | Java |
| Parasoft dotTest | Static Analysis | Quality/Security/Standards | .NET, C#, VB.NET, ASP.NET, Managed C |
| Parasoft C++Test | Static Analysis | Quality/Security/Standards | C/C++ |
| Veracode | Static Analysis | Security | C/C++, Java, .NET (C#, ASP.NET,VB.NET), JavaScript, Python, PHP, Ruby, Objective-C, VB |
| WhiteHat Sentinel Source | Static Analysis | Security | Java, C#, Objective-C, JavaScript, PHP, ASP.NET, HTML5 |
| Acunetix | Dynamic Analysis | Security | WebSites, WebApps |
| Burp Suite | Dynamic Analysis | Security | Webpps |
| HP WebInspect | Dynamic Analysis | Security | WebApps |
| IBM AppScan | Dynamic Analysis | Security | WebApps, WebServices |
| NetSparker | Dynamic Analysis | Security | WebApps |
| WhiteHat Sentinel Dynamic | Dynamic Analysis | Security | Websites |
| Sonatype Nexus | Component | Security | OpenSource components |
| Veracode Software Composition Analysis | Component | Security | OpenSource components |
| Contrast Assess | Component | Security | Thirdparty Libs |
| Contrast Security Assess | Interactive | Security |
CMS3 Provided Custom Integrations
The following table lists the analysis and test tools for which CMS3 has developed a custom integration. These integrations are available from CMS3. Additional custom integrations can be provided needed. Please contact CMS3 to discuss specific requirements.
| Tool | Type | Focus | Languages |
| Klocwork | Static Analysis | Quality/Security | C/C++, Java, .NET |
| Lattix | Static Analysis | Architecture | C/C++, Java, .NET, Ada, Fortran, ActionScript, JavaScript, Pascal, Python |
| Sparrow | Static Analysis | Quality/Security | Java, JSP, JavaScript, C#, ASP.NET, Objective-C, PHP, VBScript, HTML |