ShellCheck is a static analysis tool for shell scripts. Its goals are to point out and clarify typical beginner's syntax issues that causes a shell to give cryptic error messages, to point out and clarify typical intermediate level semantic problems that causes a shell to behave strangely and counter-intuitively, and to point out subtle caveats, corner cases, and pitfalls that may cause an advanced user's otherwise working script to fail under future circumstances.
Frama-C is a suite of tools dedicated to the analysis of the source code of software written in C. Frama-C gathers several static analysis techniques in a single collaborative framework. The collaborative approach allows static analyzers to build upon the results already computed by other analyzers in the framework. It provides sophisticated tools, such as a slicer and dependency analysis.
ThreadFix is a software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. It imports the results from dynamic, static, and manual testing to provide a centralized view of software security defects across development teams and applications. The system allows companies to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. By auto-generating application firewall rules, this tool allows organizations to continue remediation work uninterrupted. ThreadFix empowers managers with vulnerability trending reports that show progress over time, giving them justification for their efforts.