Tools approved for SAST
The following table lists Itron-approved tools for performing SAST, and whether its use is for offline or in a software as a service (SaaS) environment.
| SAST tool | SaaS | Offline |
|---|---|---|
|
WhiteHat Security® Sentinel |
ü | – |
|
Micro Focus® Fortify on Demand (FoD) |
ü | – |
|
MicroFocus Fortify Static Code Analyzer |
– | ü |
|
SonarQube® Static Code Analyzer |
– | ü |
|
Raxis |
– | ü |
|
PVS-Studio |
– | ü |
|
reshift |
– | ü |
|
Embold |
– | ü |
|
SmartBear™ Collaborator |
– | ü |
|
CodeScene™ Behavioral Code Analysis |
– | ü |
|
RIPS Technologies |
– | ü |
|
Veracode |
– | ü |
|
Parasoft® |
– | ü |
|
Coverity® Static Analysis |
– | ü |
|
CAST |
– | ü |
|
GrammaTech CodeSonar C/C++ |
– | ü |
|
Understand |
– | ü |