The following list of products and tools that provide static code analysis functionality. Note that the tools on this list are not being endorsed by the Web Application Security Consortium - any tool that provides static code analysis functionality is listed here. If you know of a tool that should be added to this list, please contact Sherif Koussa at sherif.koussa@gmail.com
Commercial Tools
Checkmarx by Checkmarx
CodeSecure by Armorize
CodeSonar by Gammatech
CoveritySave by Coverity
Klocwork Insight by Klocwork
Development Testing Platform by Parasoft
bugScout by buguroo
ECLAIR by BUGSENG
ThreadSafe by Contemplate
Software-as-a-Service Providers
Free / Open Source Tools