Please comment, there is a great god know major Internet and communications companies now use security code scanning tools? To solve the

CodePudding user response:

Cppcheck calculate?

CodePudding user response:

reference 1st floor light bamboo hat reply:

cppcheck calculate?

I want to know more comprehensive, between companies currently in use

CodePudding user response:

https://download.csdn.net/download/chengjunchengjun/11615802
Recommend a good tool
> Based on cppcheck + Astyle codeCheck, support automatic formatting and static analysis of c/c + + code analysis - & gt; Import files or folders, automatic analysis code, typesetting alignment, static analysis, the prompt risk code, and on the annotation, suitable for C/C + + newcomer training and automated code review, suitable for small group unified coding standard, reduce the hidden trouble, are home to travel, to develop learning essential artifact,

CodePudding user response:

DMSCA - static source code scanning analysis enterprise service platform

Shanghai port maria static source code scanning analysis enterprise of science and technology service platform (the English abbreviation: DMSCA) is a unique source code security holes, quality defect and logical defect scanning analysis service platform, the platform can be used to identify, track and repair in the source of technical and logical flaws, make software development team and testing team quickly, accurately locate the source of security holes, the quality and defective business logic, and on the basis of providing professional relevant repair advice, fast repair, improve the reliability of software products, security, and compatible and reached the international and domestic relevant industry compliance requirements,
DMSCA was end of science and technology in the years the accumulation of static analysis technology and research and development efforts, on the basis of the combination of many domestic and international famous university, experts together after analyzing the advantages and disadvantages of global static analysis technology, combined with the current technical status quo of development of language, the source code defects after the situation and the development of market, the development of a new generation of source enterprise analysis scheme designed to identify from the source, tracking and repair the source code and logic flaws, this scheme overcomes the traditional static analysis tools of False positives (False Positive) high and omission (False Negative), the defects of interrupted foreign products, static analysis in high-end products monopoly form in China's independent controllable high-end source code scanning of safety and quality products, and to support China's own source code detection aspects of the national standard (GB/Java T34944-2017, GB/T34943-2017 - C/C + +, GB/T34946-2017 C #), commitment to the Chinese enterprises to provide more direct, more personalized custom and localization service platform,
DMSCA support mainstream programming language security vulnerabilities and quality defect scan and analysis, support customization platform interface, reports, custom rules, to meet customer specific security policies, safety standards and the need of r&d operating environment integration, products from the launch, has won the favor of many customers in China, including but not limited to Banks, online payment, insurance, electricity, energy, telecommunications, automotive, media entertainment, software, service and military industries such as fortune 1000 companies,