* Out of bounds checking * Memory leaks checking * Detect possible null pointer dereferences * Check for uninitialized variables * Check for invalid usage of STL * Checking exception safety * Warn if obsolete or unsafe functions are used * Warn about unused or redundant code * Detect various suspicious code indicating bugs * Look for simple patterns, see chapter about rules in the manual (pdf, html) * Define rules for functions with .cfg files, see chapter about library files in the manual (pdf, html) * Extend cppcheck with scripts, see chapter about addons in the manual (pdf, html)

* Fits into your development environment: HPE Security Fortify SCA supports a wide variety of development environments, languages, platforms, and frameworks to enable security reviews in mixed development and production environments. * Most accurate in the market: HPE Security Fortify SCA provides accurate results and detects a breadth of issues unmatched by other static testing technologies. * Easy to use: HPE Security Fortify SCA fits into your existing development environment. It is a flexible command line static code analyzer that can integrate into any environment through scripts, plugins, and GUI tools so developers can get up and running quickly and easily. * Scalable to any application: Applications come from multiple sources, in-house, outsource, third party, open source, mobile, and acquisitions, so testing and maintaining the security integrity of all these application types is a challenge. * On Premise or On Demand: HPE Security Fortify SCA is offered in multiple delivery models designed to accommodate changing needs.