Static Analysis

Static analysis tools that prevent defects and expose vulnerabilities

  • Increase productivity with the industry’s broadest set of static analysis technologies
  • Focus DevTest efforts on what’s most important to the business
  • Eliminate defects fast with prioritized findings, workflow triggers
  • Gain unparalleled insight through advanced software analytics
  • Broad support for languages and regulations: Security | C/C++ | Java | .NET | FDA | Safety-critical

Detection is Good, Prevention is Better

Static analysis has been proven to be such a fast and easy way to identify defects that there’s really no excuse for developing software without it. Parasoft static analysis accurately exposes the industry’s broadest range of defects across C/C++, Java, and .NET languages. Using multiple levels of static analysis, Parasoft provides early and effortless detection of the exact code responsible for critical leaks, erratic behavior, crashes, deadlocks, security vulnerabilities, etc. that might otherwise leak into production.

In addition to exposing defects, Parasoft static analysis also helps organizations prevent defects. Widely-recognized as industry leaders in automated defect prevention, Parasoft has engineered an extensive library of anti-patterns that prevent entire classes of common and critical defects. Each defect prevented saves the organization countless errors of diagnosis, defect reporting, code rework, and confirmation—not only reducing risks but also saving a tremendous amount of time and resources.

The Industry's Most Advanced and Extensive Static Analysis

Parasoft offers more different types of static analysis techniques than any other single provider: Pattern Based Static Analysis, Flow-Based Static Analysis, Third-Party Static Analysis (open source or custom), Metrics Analysis, and Multivariate Analysis.  This unique integrated support for so many static analysis techniques— in a broad array of workflows from “on the fly” analysis to continuous integration execution— enables organizations to prevent and detect more (and more types of) defects and centrally automate any code inspection activity that does not require human intelligence.

Visualized, Actionable Static Analysis Insights

Parasoft offers the industry’s most flexible reporting platform. Customizable dashboards provide instant access to the stats and trends most important to the team—enabling you to rapidly visualize and act upon static analysis findings. Dashboards can include custom and built-in widgets such as My Defects, Top Defects by Category, and Defects by Severity. Widgets can be rendered in numerous formats (bar charts, pie charts, sunbursts, heat maps,  etc.)

Remediation workflows such as adding task or defect work items in a third-party tool (e.g., Polarion, Jira, Microsoft TFS, etc.) can be automatically triggered when your specified criteria are met. Moreover, a centralized remediation control panel lets development managers rapidly:
  • Zero in on specific static analysis violation types and trends
  • Explore the breadth and depth of risk associated with the code
  • Adjust violation priority, assignment, risk and impact levels, due dates, etc. on the fly

Blend with Unit Test Execution, Coverage Analysis, Metrics Analysis, and Other DevTest Practices

Parasoft’s award-winning Development Testing Platform (DTP) ensures that static analysis is applied consistently across distributed teams and throughout the SDLC—alongside complementary defect prevention and detection practices, such as unit testing, code review, and runtime error detection. With seamless integration into any SDLC infrastructure system, including open source and third-party testing tools, Parasoft DTP allows you to aggregate disparate data and apply statistical analysis techniques—transforming traditional reporting into a central system of decision.

By automatically and continuously measuring whether a comprehensive set of quality expectations are being met, teams can truly achieve a real-time, objective assessment of the release candidate’s business risks and enable a fully-automated continuous release process.


Multivariate Analysis with Process Intelligence Engine

Parasoft’s ground-breaking Process Intelligence Engine (PIE), a core component of Parasoft DTP, analyzes data scattered across the software development infrastructure to enable early and automated identification of business risks that humans would most likely overlook. For example, you might want to correlate defect density, regression failures, and complexity within a targeted component of an application. Parasoft PIE allows you to graphically model a “PIE Slice” that draws in this disparate data and weights it according to your unique preferences. By correlating multiple data points, you can identify high-risk code as well as opportunities for process improvement.

Integrate and Enhance Results from Third-Party Static Analysis Tools

Using Parasoft’s open API as well as prebuilt plugins, results from any static analysis tool can be processed and viewed alongside those delivered by Parasoft static analyzers. Available plugins cover popular static analysis tools such as FindBugs, PMD, Android Lint, FxCop, StyleCop, Checkstyle, Pylint, PHPMD, CodeNarc, etc. Any integrated results benefit from all of the Parasoft DTP capabilities, including remediation workflow post-analysis analysis, flexible widget-based dashboards, interactive control panels, and so on. Centralization of the results of all testing efforts across a variety of static analysis technologies significantly increases productivity and efficiency.