Alternatives to Jtest
Compare Jtest alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to Jtest in 2026. Compare features, ratings, user reviews, pricing, and more from Jtest competitors and alternatives in order to make an informed decision for your business.
-
1
Aikido Security
Aikido Security
Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks to: - False-positive reduction - AI Autotriage & AI Autofix - Deep integration into the dev workflow (from IDEs and task managers to CI/CD gating) - AI Pentests - Automated Compliance Aikido covers the entire Software Development Lifecycle (SDLC), including: static application security testing (SAST), dynamic application security testing (DAST), infrastructure-as-code (IaC), container scanning, secrets detection, open source license scanning (SCA), cloud posture management (CSPM), runtime protection, AI pentests, and more. -
2
Gearset
Gearset
Gearset is the complete, enterprise-ready Salesforce DevOps platform, enabling teams to implement best practices across the entire DevOps lifecycle. With powerful solutions for metadata and CPQ deployments, CI/CD, testing, code scanning, sandbox seeding, backups, archiving, observability, and Org Intelligence — including the Gearset Agent — Gearset gives teams complete visibility, control, and confidence in every release. More than 3,000 enterprises, including McKesson, IBM and Zurich, trust Gearset to deliver securely at scale. Combining advanced governance, built‑in audit trails, SOX/ISO/HIPAA support, parallel pipelines, integrated security scans, and compliance with ISO 27001, SOC 2, GDPR, CCPA/CPRA, and HIPAA, Gearset provides enterprise‑grade controls, rapid onboarding, and a user‑friendly interface — all in one platform. Gearset delivers enterprise‑grade power without the overhead, which is why leading global organizations in finance, healthcare, and technology choose us, -
3
ZeroPath
ZeroPath
ZeroPath (YC S24) is an AI-native application security platform that delivers comprehensive code protection beyond traditional SAST. Founded by security engineers from Tesla and Google, ZeroPath combines large language models with advanced program analysis to find and automatically fix vulnerabilities. ZeroPath provides complete security coverage: 1. AI-powered SAST for business logic flaws & broken authentication 2. SCA with reachability analysis 3. Secrets detection and validation 4. Infrastructure as Code 5. Automated patch generation. any more... ZeroPath delivers 2x more real vulnerabilities with 75% fewer false positives. Our research team has been successful in finding vulns like critical account takeover in better-auth (CVE-2025-61928, 300k+ weekly downloads), identifying 170+ verified bugs in curl, and discovering 0-days in production systems at Netflix, Hulu, and Salesforce. Trusted by 750+ companies and performing 200k+ code scans monthly. -
4
Parasoft
Parasoft
Parasoft helps organizations continuously deliver high-quality software with its AI-powered software testing platform and automated test solutions. Supporting embedded and enterprise markets, Parasoft’s proven technologies reduce the time, effort, and cost of delivering secure, reliable, and compliant software by integrating everything from deep code analysis and unit testing to UI and API testing, plus service virtualization and complete code coverage, into the delivery pipeline. A powerful unified C and C++ test automation solution for static analysis, unit testing and structural code coverage, Parasoft C/C++test helps satisfy compliance with industry functional safety and security requirements for embedded software systems. -
5
Kiuwan Code Security
Kiuwan
Kiuwan is an end-to-end application security platform that integrates seamlessly into your development process. Our toolset includes Static Application Security Testing (SAST), Software Composition Analysis (SCA), Software Governance and Code Quality, empowering your team to quickly identify and remediate vulnerabilities. Integrating into your CI/CD pipeline, Kiuwan enables early detection and remediation of security issues. Kiuwan supports strict compliance with industry standards including OWASP, CWE, MISRA, NIST, PCI DSS, and CERT, among others. ✅ Large language support: 30+ programming languages. ✅ Detailed action plans: Prioritize remediation with tailored action plans. ✅ Code Security: Seamless Static Application Security Testing (SAST) integration. ✅ Insights: On-demand or continuous scanning Software Composition Analysis (SCA) to help reduce third-party threats. ✅ One-click Software Bill of Materials (SBOM) generation Code Smarter. Secure Faster. Ship Sooner. -
6
SonarQube Cloud
SonarSource
Maximize your throughput and only release clean code SonarQube Cloud (formerly SonarCloud) automatically analyzes branches and decorates pull requests. Catch tricky bugs to prevent undefined behavior from impacting end-users. Fix vulnerabilities that compromise your app, and learn AppSec along the way with Security Hotspots. With just a few clicks you're up and running right where your code lives. Immediate access to the latest features and enhancements. Project dashboards keep teams and stakeholders informed on code quality and releasability. Display project badges and show your communities you're all about awesome. Code Quality and Code Security is a concern for your entire stack, from front-end to back-end. That’s why we cover 24 languages including Python, Java, C++, and many others. Transparency makes sense and that's why the trend is growing. Come join the fun, it's entirely free for open-source projects! -
7
CodeSonar
CodeSecure
CodeSonar employs a unified dataflow and symbolic execution analysis that examines the computation of the complete application. By not relying on pattern matching or similar approximations, CodeSonar's static analysis engine is extraordinarily deep, finding 3-5 times more defects on average than other static analysis tools. Unlike many software development tools, such as testing tools, compilers, configuration management, etc., SAST tools can be integrated into a team's development process at any time with ease. SAST technologies like CodeSonar simply attach to your existing build environments to add analysis information to your verification process. Like a compiler, CodeSonar does a build of your code using your existing build environment, but instead of creating object code, CodeSonar creates an abstract model of your entire program. From the derived model, CodeSonar’s symbolic execution engine explores program paths, reasoning about program variables and how they relate. -
8
Parasoft dotTEST
Parasoft
Save time and money by finding and fixing defects earlier. Reduce the effort and cost of delivering high-quality software by preventing more complicated and expensive problems down the line. Ensure your C# or VB.NET code complies with a wide range of safety and security industry standards, including the requirement traceability mandated and the documentation required to verify compliance. Parasoft's C# testing tool, Parasoft dotTEST, automates a broad range of software quality practices for your C# and VB.NET development activities. Deep code analysis uncovers reliability and security issues. Code coverage, requirements traceability, and automated compliance reporting helps achieve compliance for security standards and safety-critical industries. -
9
DeepSource
DeepSource
DeepSource is an AI-powered code review platform designed to help development teams maintain high-quality, secure, and reliable code. The platform automates code reviews using a hybrid approach that combines static analysis with advanced AI agents. It integrates directly with development workflows through platforms like GitHub, GitLab, Bitbucket, and Azure DevOps. DeepSource analyzes pull requests in real time, identifying bugs, security vulnerabilities, code complexity issues, and maintainability risks before code reaches production. The system provides structured feedback and inline comments to help developers quickly understand and resolve issues. Additional features such as secrets detection, dependency vulnerability scanning, and infrastructure-as-code review strengthen application security. By automating repetitive review tasks and providing intelligent insights, DeepSource enables teams to ship software faster while maintaining strong code quality standards.Starting Price: $24/user/month -
10
Codacy
Codacy
Codacy is a comprehensive platform for code quality and security that helps development teams build secure, maintainable, and compliant software. It integrates across the entire development lifecycle, from IDE to production, providing real-time feedback and automated checks. Codacy analyzes code repositories, enforces quality standards, and detects vulnerabilities before deployment. With AI Guardrails, it also protects against risks introduced by AI-generated code. The platform centralizes rules and policies, ensuring consistency across teams and projects. Developers benefit from automated pull request checks, test coverage tracking, and actionable insights. Overall, Codacy enables faster development without compromising security or code quality.Starting Price: $21/user/month -
11
Klocwork
Perforce
Klocwork static code analysis and SAST tool for C, C++, C#, Java, and JavaScript identifies software security, quality, and reliability issues helping to enforce compliance with standards. Built for enterprise DevOps and DevSecOps, Klocwork scales to projects of any size, integrates with large complex environments, a wide range of developer tools, and provides control, collaboration, and reporting for the entire enterprise. This has made Klocwork the preferred static analyzer that keeps development velocity high while enforcing continuous compliance for security and quality. Use Klocwork static application security testing (SAST) for DevOps (DevSecOps). Our security standards identify security vulnerabilities, helping to find and fix security issues early and proving compliance to internationally recognized security standards. Klocwork integrates with CI/CD tools, containers, cloud services, and machine provisioning making automated security testing easy. -
12
SonarQube Server
SonarSource
SonarQube Server is a self-managed solution for continuous code quality inspection that helps development teams identify and fix bugs, vulnerabilities, and code smells in real-time. It provides automated static code analysis for a variety of programming languages, ensuring the highest quality and security standards are maintained throughout the development lifecycle. SonarQube Server integrates seamlessly with existing CI/CD pipelines, offering flexibility for on-premise or cloud-based deployment. With advanced reporting features, it helps teams manage technical debt, track improvements, and enforce coding standards. SonarQube Server is ideal for organizations seeking full control over their code quality and security without compromising on performance. -
13
Coverity Static Analysis
Black Duck
Coverity Static Analysis is a comprehensive code scanning solution that enables developers and security teams to deliver high-quality software in compliance with security, functional safety, and industry standards. It effectively uncovers complex defects across extensive codebases, identifying and resolving code quality and security issues that span multiple files and libraries. Coverity supports compliance with a wide range of standards, including OWASP Top 10, CWE Top 25, MISRA, and CERT C/C++/Java, providing built-in reports to track and prioritize issues. With the Code Sight™ IDE plugin, developers receive real-time results, including CWE information and remediation guidance, directly within their development environment, facilitating the integration of security into the software development life cycle without compromising developer velocity. -
14
CodeRush
DevExpress
Try your first CodeRush feature right now and see instantly just how powerful it is. Refactoring for C#, Visual Basic, and XAML, with the fastest test .NET runner available, next generation debugging, and the most efficient coding experience on the planet. Quickly find symbols and files in your solution and easily navigate to code constructions related to the current context. CodeRush includes the Quick Navigation and Quick File Navigation features, which make it fast and easy to find symbols and open files. Using the Analyze Code Coverage feature, you can discover what parts of your solution are covered by unit tests, and find the at-risk parts of your application. The Code Coverage window shows percentage of statements covered by unit tests for each namespace, type, and member in your solution.Starting Price: $49.99 one time payment -
15
Early
EarlyAI
Early is an AI-driven tool designed to automate the generation and maintenance of unit tests, enhancing code quality and accelerating development processes. By integrating with Visual Studio Code (VSCode), Early enables developers to produce verified and validated unit tests directly from their codebase, covering a wide range of scenarios, including happy paths and edge cases. This approach not only increases code coverage but also helps identify potential issues early in the development cycle. Early supports TypeScript, JavaScript, and Python languages, and is compatible with testing frameworks such as Jest and Mocha. The tool offers a seamless experience by allowing users to quickly access and refine generated tests to meet specific requirements. By automating the testing process, Early aims to reduce the impact of bugs, prevent code regressions, and boost development velocity, ultimately leading to the release of higher-quality software products.Starting Price: $19 per month -
16
AgitarOne
Agitar Technologies
The AgitarOne product family helps you work safer, better, and smarter as you develop and maintain your Java applications. AgitarOne JUnit Generator creates thorough JUnit tests on your code. This helps you find regressions and makes it safer and easier to improve your code to reduce the cost to maintain it. AgitarOne Agitator helps developers understand the behavior of their code as they write it. This helps you prevent bugs and prevent code complexity that can become tomorrow's maintenance headache. The AgitarOne family is the best available way to create, use, and manage the unit tests that you need to be truly agile. Automated JUnit Generation, you can automate the generation of JUnit tests to create a "safety net" before you start working with existing code. You can automate the generation of JUnit tests to create a "safety net" before you start working with existing code. -
17
Coco Code Coverage
Qt Group
Coco by Qt is an end-to-end code coverage and test analysis tool built for teams developing desktop, embedded, and safety-critical software. It supports multiple languages—including C, C++, C#, QML, and Tcl—and provides detailed insight into code coverage across unit, integration, and system testing. Coco helps engineering and QA teams identify untested paths, redundant test cases, and hidden logic branches to improve software reliability and performance. Designed for compliance-driven industries, it generates audit-ready reports aligned with international standards like ISO 26262, DO-178C, and IEC 62304. Seamlessly integrating with CI/CD pipelines and IDEs such as Visual Studio, Eclipse, and Qt Creator, Coco streamlines test validation across toolchains and environments. With precision, automation, and compliance at its core, Coco enables faster releases without compromising quality or safety. -
18
Visual Expert
Novalys
Visual Expert is a static code analyzer for Oracle PL/SQL, SQL Server T-SQL, and PowerBuilder. Identify code dependencies to modify your code without breaking your application. Scan your code to improve the security, performance, and quality. Perform Impact analysis to Identify breaking changes. Automatically scan your code to detect and fix security vulnerabilities, bugs and maintenance Issues. Implement continuous code inspection Understand the inner workings of your code with call graphs, code diagrams, CRUD Matrix and Object Dependency Matrix (ODM). Automatically generate an HTML Source Code documentation. Explore your code exploration with hyperlinks Compare applications, databases or pieces of code. Improve maintainability. Clean up code. Comply with dev standards. Analyze and Improve DB code performance: Find slow objects and SQL queries, Optimize a slow object, a Chain of calls a slow SQL, Get a query Execution Plan. And much more.Starting Price: $495 per year -
19
HUnit
Hackage
HUnit is a unit testing framework for Haskell, inspired by the JUnit tool for Java. It's easy to use HUnit, assuming you are familiar with Haskell, though not necessarily with JUnit. A test-centered methodology for software development is most effective when tests are easy to create, change, and execute. The JUnit tool pioneered support for test-first development in Java. HUnit is an adaptation of JUnit to Haskell, a general-purpose, purely functional programming language. With HUnit, as with JUnit, you can easily create tests, name them, group them into suites, and execute them, with the framework checking the results automatically. Test specification in HUnit is even more concise and flexible than in JUnit, thanks to the nature of the Haskell language. HUnit currently includes only a text-based test controller, but the framework is designed for easy extension. Run the tests as a group.Starting Price: Free -
20
LDRA Tool Suite
LDRA
The LDRA tool suite is LDRA’s flagship platform that delivers open and extensible solutions for building quality into software from requirements through to deployment. The tool suite provides a continuum of capabilities including requirements traceability, test management, coding standards compliance, code quality review, code coverage analysis, data-flow and control-flow analysis, unit/integration/target testing, and certification and regulatory support. The core components of the tool suite are available in several configurations that align with common software development needs. A comprehensive set of add-on capabilities are available to tailor the solution for any project. LDRA Testbed together with TBvision provide the foundational static and dynamic analysis engine, and a visualization engine to easily understand and navigate standards compliance, quality metrics, and code coverage analyses. -
21
Veracode
Veracode
Veracode offers a holistic, scalable way to manage security risk across your entire application portfolio. We are the only solution that can provide visibility into application status across all testing types, including SAST, DAST, SCA, and manual penetration testing, in one centralized view. -
22
BaseRock AI
BaseRock AI
BaseRock.ai is an AI-driven software quality platform that automates unit and integration testing, enabling developers to generate and execute tests directly within their preferred IDEs. It leverages advanced machine learning models to analyze codebases, producing comprehensive test cases that ensure optimal code coverage and quality. By integrating seamlessly into CI/CD pipelines, BaseRock.ai facilitates early bug detection, reducing QA costs by up to 80% and boosting developer productivity by 40%. Its features include automated test generation, real-time feedback, and support for multiple programming languages such as Java, JavaScript, TypeScript, Kotlin, Python, and Go. BaseRock.ai offers flexible pricing plans, including a free tier, to accommodate various development needs. It is trusted by leading enterprises to enhance software quality and accelerate feature delivery.Starting Price: $14.99 per month -
23
JUnit
JUnit
JUnit 5 is the next generation of JUnit. The goal is to create an up-to-date foundation for developer-side testing on the JVM. This includes focusing on Java 8 and above, as well as enabling many different styles of testing. We ask you – our users – to support us so we can keep up the pace. We will continue our work on JUnit regardless of how many donations we receive. However, your support would enable us to do so with greater focus and not only on weekends or in our spare time. For example, we want to meet regularly and work colocated for a few days in order to get things done faster in face-to-face design and coding sessions. Your donations will help to make that a reality! -
24
Typemock
Typemock
The easiest way to unit test. Write tests without changing your code! Even legacy code. Static methods, private methods, non-virtual methods, out parameters and even members and fields. Our professional edition is free for developers around the world. We also have paid support package. Improve your code integrity and deliver quality code. Fake entire object models with a single statement. Mock statics, private, constructors, events, linq, ref args, live, future, static constructors. Our suggest feature creates automated test suggestions suitable for your code. Our smart runner will run only your impact tests and get you super fast feedback. Our coverage feature displays your code coverage in your editor while you code.Starting Price: $479 per license per year -
25
Axivion Static Code Analysis
Qt Group
Axivion helps development teams deliver safer, cleaner, and more maintainable C, C++, and CUDA code by automatically detecting coding standard violations, security vulnerabilities, dead code, and code clones. It provides actionable recommendations and detailed analytics, helping teams track, resolve, and prevent defects early in the development process. Axivion also supports architecture verification, enabling teams to maintain modular and scalable codebases. Designed for safety-critical industries like automotive, aerospace, medical devices, and industrial automation, Axivion supports functional safety standards including MISRA, ISO 26262, and IEC 61508. By combining static code analysis with architecture verification, it helps teams maintain long-term code health, accelerate certification readiness, and deliver high-performance software while reducing technical debt and ensuring compliance. -
26
JCov
OpenJDK
The JCov open-source project is used to gather quality metrics associated with the production of test suites. JCov is being opened in order to facilitate the practice of verifying test execution of regression tests in OpenJDK development. The main motivation behind JCov is the transparency of test coverage metrics. The advantage to promoting standard coverage based on JCov is that OpenJDK developers will be able to use a code coverage tool that stays in the 'lock step' with Java language and VM developments. JCov is a pure java implementation of a code coverage tool that provides a means to measure and analyze dynamic code coverage of Java programs. JCov provides functionality to collect method, linear block, and branch coverage, as well as show uncovered execution paths. It is also able to show a program's source code annotated with coverage information. From a testing perspective, JCov is most useful to determine execution paths.Starting Price: Free -
27
IntelliJ IDEA
JetBrains
IntelliJ IDEA is a professional-grade integrated development environment (IDE) primarily designed for Java and Kotlin development. It helps developers write code faster by automating routine tasks and providing smart coding assistance. The IDE supports the full software development lifecycle, from design and coding to testing and deployment. IntelliJ IDEA stays up to date with the latest language features, such as full support for Java 24 and Kotlin K2 mode. It offers a smooth and enjoyable workflow that helps developers stay focused and productive. The platform also emphasizes data privacy and security, complying with industry standards like SOC 2.Starting Price: $19.90 per user per month -
28
The Code Registry
The Code Registry
The Code Registry is an AI-powered code intelligence and analysis platform that gives businesses and non-technical stakeholders full visibility into their software codebase, even if they don’t write code themselves. Upon connecting your code repository (GitHub, GitLab, Bitbucket, Azure DevOps, or uploading a zipped archive), the platform creates a secure “IP Vault” and runs a comprehensive automated analysis across your entire codebase. It produces a range of reports and dashboards, including a code-complexity score (revealing how intricate or maintainable your code is), open-source component analysis (detecting dependencies, license status, outdated or vulnerable libraries), security analysis (identifying potential vulnerabilities, insecure configurations or risky dependencies), and a “cost-to-replicate” valuation, estimating how much effort or resources it would take to rebuild or replace the software from scratch.Starting Price: $2 per month -
29
Code Climate
Code Climate
Velocity provides in-depth, contextual analytics that equip engineering leaders to support stuck team members, address team roadblocks, and streamline engineering processes. Actionable metrics for engineering leaders. Velocity turns data from commits and pull requests into the insights you need to make lasting improvements to your team’s productivity. Quality: Automated code review for test coverage, maintainability and more so that you can save time and merge with confidence. Receive automated code review comments on your pull requests. Our 10-point technical debt assessment provides real-time feedback, so you can save time and focus on what matters in your code review discussions. Get test coverage right, every time. See coverage line by line within diffs. Never merge code without sufficient tests again. At a glance, identify frequently changed files that have inadequate coverage and maintainability issues. Track your progress against measurable goals, day-by-day. -
30
Bitdive
Bitdive
BitDive is a zero-code quality and test automation platform for Java, Kotlin, Spring Boot and other JVM-based applications that captures real executions and converts them into reusable, deterministic test scenarios you can replay in CI, staging or on a developer machine without writing or maintaining test code. BitDive runs as a lightweight library dependency and records full context from real traffic including HTTP/gRPC requests and responses, method calls, SQL queries with parameters and results, service interactions and timings, enabling deep method-level observability, distributed tracing, performance profiling and semantic drift detection. Its capture-replay-verify loop lets teams automatically generate regression suites and JUnit tests from actual executions, reproduce and debug production bugs locally with full execution chains, eliminate fragile mocks and flaky tests, and validate behavior changes before deployment. BitDive also visualizes service maps and heatmaps.Starting Price: Free -
31
JMockit
JMockit
The toolkit is provided as a set of artifacts deployed to the Maven Central repository. It requires Java 7 or newer for test execution; tests must use JUnit or TestNG. For instructions on how to add the library to a Java project, see Running tests with JMockit. In this tutorial we examine the APIs available in the library, with the help of example tests (using Java 8). The central API - a single annotation - provides support for the automatic instantiation and initialization of the objects to be tested. Then we have the mocking API (also known as the "Expectations" API), intended for tests which use mocked dependencies. Finally, there is a small faking API (aka the "Mockups" API), which can be used for the creation and application of fake implementations that avoid the full cost of external components.Starting Price: Free -
32
OpenText Static Application Security Testing (SAST) identifies and remediates security vulnerabilities in source code early in the software development lifecycle. It supports extensive language coverage and integrates seamlessly with popular CI/CD tools such as Jenkins, Azure DevOps, Jira, and Visual Studio. The platform uses advanced static code analysis and AI-driven insights to prioritize risks and reduce false positives, enabling developers to focus on fixing critical vulnerabilities efficiently. With its customizable code analysis and rule sets, it helps reduce development time by catching issues early. OpenText SAST complies with industry standards like OWASP and offers flexible deployment options including SaaS, private cloud, and on-premises. This comprehensive approach enhances application security without sacrificing development speed or accuracy.
-
33
PHPUnit
PHPUnit
PHPUnit requires the dom and json extensions, which are normally enabled by default. PHPUnit also requires the pcre, reflection, and spl extensions. These standard extensions are enabled by default and cannot be disabled without patching PHP’s build system and/or C sources. The code coverage report feature requires the Xdebug (2.7.0 or later) and tokenizer extensions. Generating XML reports requires the xmlwriter extension. Unit Tests are primarily written as a good practice to help developers identify and fix bugs, to refactor code and to serve as documentation for a unit of software under test. To achieve these benefits, unit tests ideally should cover all the possible paths in a program. One unit test usually covers one specific path in one function or method. However a test method is not necessarily an encapsulated, independent entity. Often there are implicit dependencies between test methods, hidden in the implementation scenario of a test.Starting Price: Free -
34
dotCover
JetBrains
dotCover is a .NET unit testing and code coverage tool that works right in Visual Studio and in JetBrains Rider, helps you know to what extent your code is covered with unit tests, provides great ways to visualize code coverage, and is Continuous Integration ready. dotCover calculates and reports statement-level code coverage in applications targeting .NET Framework, .NET Core, Mono for Unity, etc. dotCover is a plug-in to Visual Studio and JetBrains Rider, giving you the advantage of analyzing and visualizing code coverage without leaving the code editor. This includes running unit tests and analyzing coverage results right in the IDEs, as well as support for different color themes, new icons and menus. dotCover comes bundled with a unit test runner that it shares with another JetBrains tool for .NET developers, ReSharper. dotCover supports continuous testing, a modern unit testing workflow whereby dotCover figures out on-the-fly which unit tests are affected by your code changes.Starting Price: $399 per user per year -
35
Sparrow SAST
Sparrow
Support over 20 languages including Java, JSP, C/C++, C#, Python, Swift, ASP(.NET), ABAP, Object C, etc. Complies with global security compliances guides and standards. MVC structure analysis, associated file analysis, and analysis of function call relationship in various levels. Incremental analysis: Minimize analysis time by only analyzing newly added, modified files and their associated files. Interact with other Sparrow AST solutions (DAST, RASP) to identify correlation among vulnerabilities and improve search results. Issue navigator to track and follow vulnerabilities from its origin to actual code. Automated real source code correction guide. Automated classification of vulnerabilities. Dashboard for analysis result management and statistics. Centralized rule (Checker) management based on information including risk levels, option and other. -
36
RKTracer
RKVALIDATE
RKTracer is a code-coverage and test-analysis tool that enables teams to assess the quality and completeness of their testing across unit, integration, functional, and system-level testing, without altering a single line of application code or build workflow. It supports instrumentation across host machines, simulators, emulators, embedded devices, and servers, and covers a broad array of programming languages, including C, C++, CUDA, C#, Java, Kotlin, JavaScript/TypeScript, Golang, Python, and Swift. It provides detailed coverage metrics such as function, statement, branch/decision, condition, MC/DC, and multi-condition coverage, and even supports delta-coverage reports to show which newly added or modified portions of code are already covered. Integration is seamless; simply prefix your build or test command with “rktracer”, run your tests, then generate HTML or XML reports (for CI/CD systems or dashboards like SonarQube). -
37
Appknox
Appknox
Push world-class mobile apps faster into the market without compromising on security Build and deploy world-class mobile apps for your organizations at scale and leave your mobile app security to us. Highest Rated Security solution on Gartner We rejoice when the Appknox system secures our client’s app against all vulnerabilities. At Appknox we’re dedicated to delivering Mobile Application Security to help businesses achieve their objectives today and in the near Future. Static Application Security Testing (SAST). With 36 different test cases, Appknox SAST can detect almost every vulnerability that’s lurking around by analyzing your source code. Our tests cover security compliances like OWASP Top 10, PCI-DSS, HIPAA and other commonly used security threat parameters. Dynamic Application Security Testing (DAST). Detect advanced vulnerabilities while your application is running. -
38
blanket.js
Blanket.js
A seamless JavaScript code coverage library. Blanket.js is a code coverage tool for JavaScript that aims to be easy to install, easy to use, and easy to understand. Blanket.js can be run seamlessly or can be customized for your needs. JavaScript code coverage compliments your existing JavaScript tests by adding code coverage statistics (which lines of your source code are covered by your tests). Parsing the code using Esprima and node-falafel, and instrumenting the file by adding code tracking lines. Connecting to hooks in the test runner to output the coverage details after the tests have been completed. A Grunt plugin has been created to allow you to use Blanket like a "traditional" code coverage tool (creating instrumented copies of physical files, as opposed to live-instrumenting). Runs the QUnit-based Blanket report headlessly using PhantomJS. Results are displayed on the console, and the task will cause Grunt to fail if any of your configured coverage thresholds are not met.Starting Price: Free -
39
Diffblue Cover
Diffblue
Diffblue Cover analyzes your existing Java program and writes unit regression tests that reflect the current behavior of the code. The CLI tool works 100% autonomously, configuring itself from your Maven or Gradle environment. By bringing automation to the test-writing process, the CLI tool provides a speed boost for organizations that are working towards achieving DevOps goals like CI/CD. Since it fits into a CI pipeline, the CLI tool protects the whole codebase from regressions by shifting testing left. Diffblue Cover's unit regression tests run fast and verify new code changes immediately, helping users detect undesirable changes in the code’s behavior as early as possible, when they're the quickest, easiest, and cheapest to fix. And tests are automatically maintained, saving teams even more time.Starting Price: Free -
40
beSOURCE
Beyond Security (Fortra)
Integrate security into SDLC via potent code analysis. Security must be an integral part of software development. Historically it hasn’t been. Static application security testing (SAST) used to be divorced from Code quality reviews, resulting in limited impact and value. beSOURCE addresses the code security quality of applications and thus integrates SecOps into DevOps. Other SAST offerings look at security as an isolated function. Beyond Security has turned this model upside-down by assuming the SecOps’ perspective in addressing security from all possible angles. Security Standards. beSOURCE adheres to all pertinent standards, guiding static code analysis engine in providing an actionable reference point. -
41
PyCharm
JetBrains
All the Python tools in one place. Save time while PyCharm takes care of the routine. Focus on the bigger things and embrace the keyboard-centric approach to get the most of PyCharm's many productivity features. PyCharm knows everything about your code. Rely on it for intelligent code completion, on-the-fly error checking and quick-fixes, easy project navigation, and much more. Write neat and maintainable code while the IDE helps you keep control of the quality with PEP8 checks, testing assistance, smart refactorings, and a host of inspections. PyCharm is designed by programmers, for programmers, to provide all the tools you need for productive Python development. PyCharm provides smart code completion, code inspections, on-the-fly error highlighting and quick-fixes, along with automated code refactorings and rich navigation capabilities.Starting Price: $199 per user per year -
42
Checkmarx
Checkmarx
The Checkmarx Software Security Platform provides a centralized foundation for operating your suite of software security solutions for Static Application Security Testing (SAST), Interactive Application Security Testing (IAST), Software Composition Analysis (SCA), and application security training and skills development. Built to address every organization’s needs, the Checkmarx Software Security Platform provides the full scope of options: including private cloud and on-premises solutions. Allowing a range of implementation options ensures customers can start securing their code immediately, rather than going through long processes of adapting their infrastructure to a single implementation method. The Checkmarx Software Security Platform transforms the standard for secure application development, providing one powerful resource with industry-leading capabilities. -
43
Refraction
Refraction
Refraction is a code-generation tool for developers. It uses AI to generate code for you. You can use it to generate unit tests, documentation, refactor code, and more. Generate code using AI in 34 languages — Assembly, C#, C++, CoffeeScript, CSS, Dart, Elixir, Erlang, Go, GraphQL, Groovy, Haskell, HTML, Java, JavaScript, Kotlin, LaTeX, Less, Lua, MatLab, Objective-C, OCaml, Perl, PHP, Python, R Lang, Ruby, Rust, Sass / SCSS, Scala, Shell, SQL, Swift, and TypeScript. Join thousands of developers around the world using Refraction to generate documentation, create unit tests, refactor code, and more using AI. Use the power of AI to automate the tedious parts of software development like testing, documentation, and refactoring, so you can focus on what matters. Refactor, optimize, fix and style-check your code. Generate unit tests for your code with various test frameworks. Explain the purpose of your code to make it easier to understand.Starting Price: $8 per month -
44
TestComplete
SmartBear
Ensure the quality of your application without sacrificing speed or agility with an easy-to-use, GUI test automation tool. Our AI-powered object recognition engine and script or scriptless flexibility is unmatched, letting you test every desktop, web, and mobile application with ease. TestComplete comes with an intelligent object repository and support for over 500 controls, so you can ensure your GUI tests are scalable, robust, and easy to maintain. More automated quality means more overall quality. Automate UI testing across a wide range of desktop applications, including .Net, Java, WPF and Windows 10. Create reusable tests for all web applications including modern JavaScript frameworks like React and Angular on 2050+ browser and platform configurations. Create and automate functional UI tests on physical or virtual iOS and Android devices. No need to jailbreak your phone.Starting Price: $4,836 -
45
OpenClover
OpenClover
Balance your effort spent on writing applications and test code. Use the most sophisticated code coverage tool for Java and Groovy. OpenClover measures code coverage for Java and Groovy and collects over 20 code metrics. It not only shows you untested areas of your application but also combines coverage and metrics to find the riskiest code. The Test Optimization feature tracks which test cases are related to each class of your application code. Thanks to this OpenClover can run tests relevant to changes made in your application code, significantly reducing test execution time. Do testing getters and setters bring much value? Or machine-generated code? OpenClover outruns other tools in its flexibility to define the scope of coverage measurement. You can exclude packages, files, classes, methods, and even single statements. You can focus on testing important parts of your code. OpenClover not only records test results but also measures individual code coverage for every test.Starting Price: Free -
46
DoubleCheck Code Analysis
Green Hills Software
When it comes to ensuring software quality, reliability, and security in today's sophisticated code bases, traditional debugging and testing methods simply fall short. Automated tools such as static source code analyzers are more effective in finding defects that could result in buffer overflows, resource leaks, and other security and reliability issues. This class of defects are often not detected by compilers during standard builds, run-time testing, or typical field operation. While other source code analyzers run as separate tools, DoubleCheck is an integrated static analyzer, built into the Green Hills C/C++ compiler. DoubleCheck leverages accurate and efficient analysis algorithms that have been tuned and field-proven in 30+ years of producing embedded development tools. DoubleCheck can be used as a single integrated tool to perform compilation and defect analysis in the same pass. -
47
Istanbul
Istanbul
JavaScript test coverage made simple. Istanbul instruments your ES5 and ES2015+ JavaScript code with line counters, so that you can track how well your unit-tests exercise your codebase. The nyc command-line-client for Istanbul works well with most JavaScript testing frameworks, tap, mocha, AVA, etc. First-class support of ES6/ES2015+ using babel-plugin-Istanbul. Support for the most popular JavaScript testing frameworks. Support for instrumenting subprocesses, using the nyc command-line interface. Adding coverage to your mocha tests could not be easier. Now, simply place the command nyc in front of your existing test command. nyc's instrument command can be used to instrument source files outside of the context of your unit tests. nyc is able to show you all Node processes that are spawned when running a test script under it. By default, nyc uses Istanbul's text reporter. However, you may specify an alternative reporter.Starting Price: Free -
48
YAG-Suite
YAGAAN
The YAG-Suite is a French made innovative tool which brings SAST one step beyond. Based on static analysis and machine learning, YAGAAN offers customers more than a source code scanner : it offers a smart suite of tools to support application security audits as well as security and privacy by design DevSecOps processes. Beyond classic vulnerability detection, the YAG-Suite focuses the team attention on the problems that really matter in their business context, it supports developers in their understanding of the vulnerability causes and impacts. Its contextual remediation support them in fixing efficiently the problems while improving their secure coding skills. Additionally, YAG-Suite's unprecedented 'code mining' support security investigations of an unknown application with mapping all relevant code features and security mechanisms and offers querying capabilities to search for 0-days or non automatically detectable risks. PHP, Java and Python are supported. JS, C/C++ coming soonStarting Price: From €500/token or €150/mo -
49
EvoSuite
EvoSuite
EvoSuite is an open source tool that automatically generates JUnit test suites for Java classes, utilizing search-based software testing (SBST) techniques to optimize code coverage and detect potential defects. By analyzing Java bytecode, EvoSuite creates executable unit tests with assertions, aiming to achieve high structural coverage such as branch, line, and mutation coverage. It employs a hybrid approach that combines evolutionary algorithms with mutation testing to produce effective and minimal test suites. EvoSuite supports various Java versions and integrates with build systems and IDEs, including Maven, Eclipse, IntelliJ IDEA, and command-line interfaces. It also offers regression testing capabilities through EvoSuiteR, which generates test suites to identify differences between two versions of a Java class. EvoSuite has been benchmarked on numerous open source projects and has been utilized in both academic research and industrial applications to enhance software testing.Starting Price: Free -
50
Snappytick
Snappycode Audit
Snappy Tick Source Edition (SAST) is a source code review tool, it helps to identify the Vulnerability in Source code. We provide - Static Code Analysis tools and Source Code Review tools. Consider an In-line auditing approaches will identify the largest amount of most significant Security issues in your application and it will verify that the proper security controls exist. Snappy Tick Standard Edition (DAST) is Dynamic application security tool, it helps to perform black box and grey box testing. Analyze the requests and responses and find potential vulnerabilities inside an application by trying to access them in variety of ways, while the applications are running. Built with amazing features developed specifically for SnappyTick. Capable of scanning multiple languages. Best reporting that highlights the precise source files, line numbers, and even subsections of lines that are affected.Starting Price: $549 per month
