The tooling seems a bit light. It doesn't include some of the following:
- joern
- weggli
- semgrep
- codeql
- shisho
- comby
- coccinelle
- sonarcube/source/lint
To say nothing of other tools that are broader, which don't necessarily point to specific flaws but instead add value to the code review process. This includes editors, IDEs and code browsers (source insight, VSCode, and its many plugins, sourcetrail, understand, vim, ...), libraries, and frameworks you can leverage to get more out of code and find things (e.g., antlr, tree-sitter, ...), search and index tooling (codesearch, ripgrep, opengrok, sourcegraph, ...), visualization tooling (cflow, codemap, ...) ...
The tooling seems a bit light. It doesn't include some of the following:
To say nothing of other tools that are broader, which don't necessarily point to specific flaws but instead add value to the code review process. This includes editors, IDEs and code browsers (source insight, VSCode, and its many plugins, sourcetrail, understand, vim, ...), libraries, and frameworks you can leverage to get more out of code and find things (e.g., antlr, tree-sitter, ...), search and index tooling (codesearch, ripgrep, opengrok, sourcegraph, ...), visualization tooling (cflow, codemap, ...) ...