Semmle's code analysis platform helps teams find zero-days and automate variant analysis. Secure your code with continuous security analysis and automated code review. The feature by feature comparison is below this table.
|Ease of Use||Has Variant Analysis, but first you have to manually define the problem before you can code a variant for future use.||Uses multiple pre-defined industry leading standards to identify vulnerabilities.|
|Breadth of Application||Highly customized standards that are specific to the enterprise/application.||Broad visibility into common security vulnerabilities|
|Coding Standards||Enforce compliance with internal coding standards||Enforce compliance with defined coding standards|
|Expertise Needed||For Variant Analysis, need specific knowledge of QL syntax to create any variant. Heavy use of custom regex mapped to internal coding standards||Uses multiple pre-defined industry leading standards to identify vulnerabilities|
|Pattern maintenance||One might need to further customize patterns for each application/scenario because the standards/taxonomy likely keeps changing from app to app and release to release||Not applicable. No custom pattern definiton|
|Dependency Analysis||Custom queries to ID dependencies||Basic analysis is automated|
|Dead Code Analysis||Basic dead code analysis has to be extended with domain specific knowledge||Not currently supported|
On September 18, 2019 GitHub acquired Semmle.