Automated source code review tools

Phabricator provides a detailed platform to have a conversation with your team members. You can either have a pre-commit review of a new team member or conduct a review on the newly submitted code. For instance, it provides you with a built-in tracker to manage bugs and features.

You can also create a wiki for your software within the tool through Phriction. You can build applications over Phabricator through its API as well. In summary, Phabricator provides you with a ton of features that help you in making your development process more efficient. It makes complete sense to opt for this tool if your project is in an early stage. If you do not have the expertise to set it up on your server, you should opt for the hosted version of the tool.

Collaborator by SmartBear is a peer code and document review tool for development teams. In addition to source code review, Collaborator enables teams to review design documents too. A free trial is available depending on your business requirements. This tool also enables reporting and analysis of key metrics related to your code review process. Moreover, Collaborator helps in audit management and bug tracking as well. If your tech stack involves enterprise software and you need support to set up your code review process, you should give Collaborator a try.

CodeScene is a code review tool that goes beyond traditional static code analysis. It performs behavioral code analysis by including a temporal dimension to analyze the evolution of your codebase. CodeScene is available in two forms: a cloud-based solution and an on-premise solution.

CodeScene processes your version control history to provide code visualizations. In addition to this, it applies machine learning algorithms to identify social patterns and hidden risks in code. Need a blazing-fast, secure, and developer-friendly hosting for your client sites?

Kinsta is built with WordPress developers in mind and provides plenty of tools and a powerful dashboard. Check out our plans. Through the version control history, CodeScene profiles ever team member to map out their knowledge base and create inter-team dependencies. It also introduces the concept of hotspots in your repository by identifying files that undergo the most development activity. These hotspots require the highest attention going forward.

If you are looking for a tool that goes beyond a traditional, conversational code review tool, make sure to check out the free trial of CodeScene.

Visual Expert is an enterprise solution for code review specializing in database code. In addition to a traditional code review, Visual Expert analyzes each change in your code to foresee any performance issues due to the changes.

The tool can automatically generate complete documentation of your application from the code too. Gerrit is a free and open source web-based code review tool for Git repositories , written in Java. To run Gerrit, you need to download the source code and run it in Java. Gerrit combines the functionality of a bug tracker and a review tool into one.

During a review, changes are displayed side by side in a unified diff, with the possibility to initiate a conversation for every line of code added. This tool works as an intermediate step between a developer and the central repository.

Additionally, Gerrit also incorporates a voting system. If you possess the technical expertise to install and configure Gerrit, and you are looking for a free code review tool, it should serve as an ideal solution for your projects. Rhodecode is a web-based tool that assists you in performing code reviews. It supports three version control systems: Mercurial, Git, and Subversion. While it is enterprise software, its community edition , which is free and open source, can be downloaded and compiled free of charge.

Rhodecode enables a team to collaborate effectively through iterative, conversational code reviews to improve code quality. This tool additionally provides a layer of permission management for secure development.

In addition, a visual changelog helps you navigate the history of your project across various branches. An online code editor is also provided for small changes through the web interface. Rhodecode integrates seamlessly with your existing projects, which makes it a great choice for someone looking for a web-based code review tool. Therefore, the community edition is ideal for those with technical expertise looking for a free and dependable code review tool.

Veracode provides a suite of code review tools that let you automate testing, accelerate development, integrate a remediation process, and improve the efficiency of your project. The suite of code review tools by Veracode is marketed as a security solution that searches for vulnerability in your systems.

They provide a set of two code review tools:. Code review is a part of the Software Composition Analysis and you can opt for a demo of Veracode before committing fully to it. Here is the link to request a quote.

Reviewable is a code review tool for GitHub pull requests. Since the tool is integrated with GitHub, you can sign in using your GitHub account and get started. If you would like to check out a typical review on Reviewable, you can head over to a demo review. HuskyCI is an open-source tool that orchestrates security tests inside CI pipelines of multiple projects and centralizes all results into a database for further analysis and metrics.

A free for open source static analysis service that automatically monitors commits to publicly accessible code in Bitbucket Cloud, GitHub, or GitLab. Microsoft FxCop. Microsoft PREFast. Free version available. Scans Git repos daily and provides a web-based dashboard to track code and dependency vulnerabilities. Handles team-based access patterns, vulnerability exception lifecycle, and is built on API first principles.

SAST technology that attacks the source code from all corners it has all in one. Malware, SCA, License, and deep source code analysis. Enterprise vulnerability scanner for Android and iOS apps.

It offers app owners and developers the ability to secure each new version of a mobile app by integrating Oversecured into the development process. It currently has core PHP rules as well as Drupal 7 specific rules. PMD scans Java source code and looks for potential code problems this is a code quality tool that does not focus on security issues. Can generate special test queries exploits to verify detected vulnerabilities during SAST analysis.

Supports Java,. Static code analyzer for. Seeker performs code security without actually doing static analysis. Lightweight static analysis for many languages. Find bug variants with patterns that look like source code. No compilation needed to scan source code. Sentinel Source. A free open-source DevSecOps platform for detecting security issues in source ode and dependencies.

Find, learn and fix vulnerabilities in open source dependencies, in your application code, in container images or insecure configurations in Terraform and Kubernetes. Scans source code for 15 languages for Bugs, Vulnerabilities, and Code Smells. Ignore issues that the team decides not to fix. Drawbacks Support for PHP language is not available. Codacy Codacy allows developers to tackle technical debt and improve code quality.

Commit and Pull Request Analysis. Auto-comments on Commits and Pull Requests. The impossibility to cipher the project info or limit the access to the source code in the UI.

Relatively small community. Key Features Code review comment on Pull Requests. Get test coverage on every Pull Request. Drawbacks Unpredictable API in beta. No support for Objective-C.

No distinct types for total issues number. No detailed description of the issue, only a header with source code. Codebeat Codebeat is an automated code review tool that collects the result from the static code analysis into a single, real-time report which includes the information required to detect code smells, security holes and improve the code quality. Key Features Great team management tool, assign access levels and move people between projects.

Drawbacks No possible security issues check. Sonarcloud Sonarcloud is one of the code quality tools, which is cloud-based code quality and security service. Key Features It can block the pull request when specific code violations are detected. It sends the analysis report as a comment in the PR.

It fails the pipelines if the code quality or security doesn't match the requirements you set for it. Drawbacks Doesn't provide automated scans of 'compiled' languages.

Embold Embold is a static analysis platform that offers AI-assisted code testing, identifies weak code and vulnerabilities, and suggests solutions to rectify them. Key Features The Quality Gates feature allows you to set quality thresholds for your repositories. Recommendation Engine beta learns from the past issues that were caught in a code base and highlights potential issues which can be fixed before committing the code. The Antipattern Visualization feature helps to understand the antipatterns in a graphical representation format.

Drawbacks Comparatively overpriced. Key Features It is a stand-alone tool that runs on Windows and Linux platforms. Can be used for integration testing and unit testing.

Drawbacks Comparatively expensive.