QA·Static Analyzers

Assess software reliability, security, and conformance to ISO coding best practices while reducing development time.

  • Scale to millions of lines of code
  • Continuously inspect source code for conformance to the
    coding standard of your choice
  • Give your developers real-time contextual feedback that
    helps them correct and learn from mistakes
  • Reduce bottlenecks caused by manual code review and
    slow analysis tools and methods
  • Analyze your source code without executing programs
    whether in C, C++, or Java


PRQA Developer's Challenge



How manual code reviews compare to effective automated code inspections.

Avoid an expensive recall: Test early and often to catch weaknesses
sooner and fix them at the lowest cost

Static analyzers continuously detect and report on dataflow problems, software defects,
language implementation errors, inconsistencies, dangerous usage, coding standard
violations, and security vulnerabilities.

SGS-TÜV Saar certified

SGS-TÜV Saar has certified QA·C and QA·C++ as “usable in the development of safety related software” for the key safety critical standards, IEC 61508, ISO 26262, EN 50128, IEC 60880 and IEC 62304, enabling our customers to achieve product certifications to these standards more easily and in less time.

See all Standards Compliance Add-Ons>

SGS-TÜV-Saar -certifie

Avoid-expensive -mistakes-and- recalls -by identifying-errors -early

Avoid expensive mistakes and recalls by identifying errors early

Identify software defects at creation, simplify your development lifecycle and reduce costs and cycle time.

Static Analyzers can detect and report on dataflow problems, software defects, language implementation errors, inconsistencies, dangerous usage and coding standard violations quickly and efficiently.

Minimize false negatives and false positives

QA·Static Analyzers identify issues compilers and most developers miss. These include lesser known issues explicitly stated in the ISO standards and language constructs that, while not classified as incorrect, may result in unpredictable behavior.

That means fewer defects survive testing and your developers waste less time manually addressing issues that don’t exist.

Minimize -false negatives-and-false-positives

Improve-the- overall-security-of -any-application-

Improve the overall security of any application

Avoid constructs in the C and Java languages that can lead to vulnerabilities that attackers can exploit. Some of the risks that Static Analyzers help you avoid include:

  • Buffer overflow and stack smashing
  • Incorrect use of dynamic memory management functions
  • Integer-related problems resulting from signed integer overflows, unsigned integer wrapping, and
    truncation errors
  • Incorrect use of formatted output functions that introduce format-string vulnerabilities
  • Race conditions and other exploitable vulnerabilities that occur when developing concurrent code
Detect Dataflow Defects

Our analysis toolsets identify critical coding issues relating to control-flow, variable state, library usage and semantic modeling of your code.

Our Dataflow analysis engine incorporates an advanced, industry-proven Satisfiability Modulo Theories (SMT) solver engine – a technology first for deep-flow static analysis products.

Detect-Dataflow- Defects-

Monitor-and -Continually -Improve-Your -Codebas- with -configurable- reports

Monitor and Continually Improve Your Codebase with configurable reports

The compliance report helps you visualize which areas of the codebase require the most attention to reach a higher level compliance.

The code review report refocuses peer review on discussing design, optimization, and meeting requirements rather than costly manual investigation of code conformance and correctness.

The metrics data report provides you with an XML file that you can use as a source of quality metrics data for your own further examination.

The suppression report provides information on message diagnostics which have been suppressed during analysis.

Ensure Portability

Static Analyzers make you aware of implementation defined language features and language extensions, so that code behaves consistently across different compilers and platforms.

Ensure- Portability

Who is this product for:

Developers in organizations of any size who want to create better code without the constant intrusion of “QA testing plans.”

QA managers and team leaders who want to enable their team to find and correct their own defects.

Engineering leaders who need to eliminate business risks while reducing lead times and costs of software development.

"QA·C++ offers seamlessly equivalent operation to QA·C, and contains an equally impressive level of compliance to the MISRA standard."


Select a Static Analyzer for your programming language

Get consistency across programming languages and common result formats, and have your data handled seamlessly by all downstream components such as QA∙Verify results analysis and distribution tools.


Advanced static analysis of C, providing sophisticated bug detection and compliance to coding standards.

Questions? Inquire about QA·C


Download QA·C datasheet

See a view virtual demo

See MISRA and other Compliance Modules for QA·C

Find out how to Integrate QA·C into IAR Embedded Workbench

Find out more about DO-178B Qualification Pack


A static analysis toolset for Java code.

QA·J combines three highly-regarded open source tools for analyzing Java code: Checkstyle, FindBugs and PMD. Together, these have nearly 1000 checks. The tools are integrated into a common framework, making them easy to configure and use.

Questions? Inquire about QA·J

 Download QA·J datasheet