Static and Dynamic Analyzers

Analyzers to watchout for vulnerabilities on the code

17 listed tools Last update on 2025-04-28

Up a Level Contribute

Cyber Kill Chain

Recon: Information gathering stage, where attackers gather as much information as possible about the target.

Weaponization: Crafting of tools or payloads to exploit vulnerabilities.

Delivery: The transmission of the weaponized payload to the target.

Exploitation: Exploiting a vulnerability to gain access to the target system.

Installation: Establishing a foothold on the target system.

Command & Control (C2): Setting up channels for communication with the compromised system.

Actions on Objectives: Achieving the intended goal of the attack, such as data exfiltration or system disruption.

bandit 

Open-source      

Python code analyzer with a focus on vulnerabilities

Brakeman 

Open-source      

Static analysis security vulnerability scanner for Ruby on Rails applications

Checkmarx 

Commercial        

Full suite of SAST, DAST, and code scanning tools built for internal teams

Codacy 

Commercial      

AI-driven SAST for 40+ programming languages

Coverity 

Free      

Free static analysis solution for open-source projects

cppcheck 

Open-source      

Extensible C/C++ static analyzer and bug finder

Docker Scout 

Free      

Container analysis and vulnerability insights tool from Docker

FindBugs 

Open-source      

Free Java static analyzer with a focus on bugs

Forta WebInspect 

Commercial      

Web application vulnerability scanner and analyzer

Kiuwan 

Commercial      

SAST and code analysis for vulnerability management

KlocWork 

Commercial      

Compliance-based SAST

PMD 

Open-source      

Source code analyzer for cross-language SaaS

Snyk 

Commercial      

Vulnerability database and code scanner

sobelow 

Open-source      

Phoenix Framework static analyzer focused on vulnerabilities

SonarQube 

Commercial      

Static code analysis for 30+ languages, frameworks, and platforms

Trivy 

Open-source      

Simple and comprehensive vulnerability scanner for containers and other artifacts

Veracode 

Commercial      

Static analysis and vulnerability management