C++ language logo

C++ static code analysis

457 rules for Code Quality and Security

  • Detect Bugs Bug
  • Detect Code Smell Code Smell
  • Correctness
    C++ Correctness, major Bug: Null pointers should not be dereferenced

    Null pointers should not be dereferenced

    • Detect Bugs Bug
    • Severity Major Major
  • Memory management
    C++ Memory management, blocker Bug: Dynamically allocated memory should be released

    Dynamically allocated memory should be released

    • Detect Bugs Bug
    • Severity Blocker Blocker
  • Correctness
    C++ Correctness, major Bug: All code should be reachable

    All code should be reachable

    • Detect Bugs Bug
    • Severity Major Major
  • C++ , major Bug: Identical expressions should not be used on both sides of a binary operator

    Identical expressions should not be used on both sides of a binary operator

    • Detect Bugs Bug
    • Severity Major Major
  • C++ , major Bug: All branches in a conditional structure should not have exactly the same implementation

    All branches in a conditional structure should not have exactly the same implementation

    • Detect Bugs Bug
    • Severity Major Major
  • Memory management
    C++ Memory management, blocker Bug: Freed memory should not be used

    Freed memory should not be used

    • Detect Bugs Bug
    • Severity Blocker Blocker

Advanced static analysis with hundreds of valuable rules

Unique rules find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code using

green check

Symbolic execution

green check

Path-sensitive analysis

green check

Cross-function, cross-file analysis

See all the C++ rules

Any project format, any build system

We gather the information required for analysis by unobtrusively monitoring your build. Our Build Wrapper gathers all the configuration required for correct analysis of your C++ projects without impacting your build, so analysis is compatible with make, xcodebuild, MSBuild, and any other tool that performs a full build

MS build xcode build your own build

Faster analysis

Analyzing a large project can be cumbersome. We give you the tools to speed it up.

Security shield

Incremental analysis

Incremental analysis lets you cache the results of analysis so subsequent analyses can check only what changed in the new build.

Security lock

Multi-threaded analysis

Most machines are multi-core, and analysis can be too. Configure how many threads your analysis uses to make the most of your infrastructure.

See the benefits for yourself!

  • 4:03min

    A sample of available Maintainability rules

  • 7:25min

    Reliability rules

  • 11:10min

    Security rules

  • 16:04min

    Demos: How it fits into your dev workflow

  • 25:13min

    How it fits into your toolchain

  • 27:39min

    Pricing, summary and questions

We support

SonarQube analysis integrates seamlessly into your environment.

Your build

We support the common operating systems and most popular compilers

green check

Windows, Linux, macOS


green check

Clang, GCC, MSVC, ARM, QNX compilers

green check

Intel compilers for Linux, macOS

green check

Compilers based wholly on GCC including Linaro GCC

green check

Wind River Diab and GCC

green check

IAR compilers for 8051, ARM, AVR32, AVR, Renesas RL78, Renesas RX, Renesas V850, Renesas H8, and Texas Instruments MSP430

green check

Texas Instruments compilers on Windows and macOS for ARM, C2000, C6000, C7000, MSP430, PRU

Your standards

We provide hundreds of rules that target the following standards:

green check

Classical and modern C++: C++98, C++03, C++ 11, C++14, C++17

green check

CPP Core Guidelines

green check

MISRA C++2008

All the languages in your project

Is your project multi-language? Our static analysis is too! That means you get a consolidated, consistently great experience across the board, no matter how many of our 27 languages you use.