Code Dx – Supported Tools

Code Dx Supported Analysis Tools

 Note: The “Focus” column shows the main area of focus for each tool – Security, Quality (Defects/Bugs) or Coding Standards/Styles.  However, the analysis of many tools may cross into other areas and may be affected by version and specific configuration.

Open Source

The following table lists the supported open source analysis and test tools which have been integrated with Code Dx, as well as the major supported languages for each.

Tool Type Focus Languages
Brakeman Static Analysis Security Ruby
CA.NET Static Analysis Security Managed Code (C#, VB.NET, J#)
CheckStyle Static Analysis Standards Java
CppCheck Static Analysis Quality C/C++
FindBugs Static Analysis Quality Java
FxCop Static Analysis Quality/Security .NET
Gendarme Static Analysis Quality .NET
JSHint Static Analysis Quality/Standards JavaScript
OWASP Dependency-Check Static Analysis Security Java, .NET
PHP Codesniffer Static Analysis Standards PHP, JavaScript, CSS
PHP MD Static Analysis Quality PHP
PMD Static Analysis Quality Java, XML, XSL
PyLint Static Analysis Quality Python
Retire.js Static Analysis Security JavaScript
ScalaStyle Static Analysis Quality/Standards Scala
AndroidLint Static Analysis Quality/Security Android platform development
Clang Static Analysis Quality C/C++, Objective C, Objective C++
Error-prone Static Analysis Quality Java
JLint Static Analysis Quality Java
OCLint Static Analysis Quality C/C++, Objective C
Arachni Dynamic Analysis Security WebApps
OWASP ZAP Dynamic Analysis Security WebApps
OWASP Dependency Check Component Security Java, .NET
Retire.js Component Security JavaScript



 The following table lists the supported commercial analysis and test tools which have been integrated with Code Dx, as well as the major supported languages for each.

Tool Type Focus Languages
Amorize CodeSecure Static Analysis Security WebApps
Checkmarx Static Analysis Security C/C++, Java, .NET, ASP, VB, PHP, JavaScript, Ruby, VBScript, Perl, Objective-C, Python, Groovy,
Coverity Static Analysis Quality/Security/Standards C/C++, C#. Objective-C, Java, JavaScript
GrammaTech CodeSonar Static Analysis Quality/Security/Standards C/C++, Java
HP Fortify Static Code Analysis Static Analysis Security All major languages (23 plus supported)
IBM AppScan Static Analysis Security C/C++, COBOL, Java, JavaScript, Perl, PHP, .NET (C#, ASP.NET,VB.NET), ASP, VB
Parasoft JTest Static Analysis Quality/Security/Standards Java
Parasoft dotTest Static Analysis Quality/Security/Standards .NET, C#, VB.NET, ASP.NET, Managed C
Parasoft C++Test Static Analysis Quality/Security/Standards C/C++
Veracode Static Analysis Security C/C++, Java, .NET (C#, ASP.NET,VB.NET), JavaScript, Python, PHP, Ruby, Objective-C, VB
WhiteHat Sentinel Source Static Analysis Security Java, C#, Objective-C, JavaScript, PHP, ASP.NET, HTML5
Acunetix Dynamic Analysis Security WebSites, WebApps
Burp Suite Dynamic Analysis Security Webpps
HP WebInspect Dynamic Analysis Security WebApps
IBM AppScan Dynamic Analysis Security WebApps, WebServices
NetSparker Dynamic Analysis Security WebApps
WhiteHat Sentinel Dynamic Dynamic Analysis Security Websites
Sonatype Nexus Component Security OpenSource components
Veracode Software Composition Analysis Component Security OpenSource components
Contrast Assess Component Security Thirdparty Libs
Contrast Security Assess Interactive Security


CMS3 Provided Custom Integrations

 The following table lists the analysis and test tools for which CMS3 has developed a custom integration. These integrations are available from CMS3. Additional custom integrations can be provided needed. Please contact CMS3 to discuss specific requirements.

Tool Type Focus Languages
Klocwork Static Analysis Quality/Security C/C++, Java, .NET
Lattix Static Analysis Architecture C/C++, Java, .NET, Ada, Fortran, ActionScript, JavaScript, Pascal, Python
Sparrow Static Analysis Quality/Security Java, JSP, JavaScript, C#, ASP.NET, Objective-C, PHP, VBScript, HTML