Tools/facebook/infer

infer

A static analyzer for Java, C, C++, and Objective-C

15.7kgrowthOCamlMIT Licensetrending

The Lens

Infer reads your code without running it and tells you where it will crash. Meta built it to catch null pointer bugs, memory leaks, and data races in Java, C, C++, and Objective-C before they ever hit production, then open-sourced the whole thing under MIT. It runs from the command line and hooks into your build, so it sees exactly what your compiler sees.

There's no server and no subscription. You grab a prebuilt binary or build it from OCaml source, wire it into your build system, and it runs in CI like any other check. The real work isn't infrastructure, it's tuning. Infer is an interprocedural analyzer, meaning it traces bugs across function boundaries, and out of the box it will surface findings you'll need to triage and quiet down. Budget time for that first pass.

This runs in production at Meta, Amazon, Uber, and Spotify, so the engine is proven. Solo devs on a small codebase probably won't feel the need. Where it earns its keep is on large C/C++/Objective-C or Android codebases, where a single null deref can ship to millions of devices. If you're paying for Coverity, or leaning on SonarCloud's paid tier mainly for deep bug detection, Infer covers a lot of that for free.

The catch is scope. Infer is a specialist, not a platform. It finds a specific class of correctness and concurrency bugs extremely well, but it won't give you the security rule packs, quality-gate dashboards, or broad language coverage that a SonarQube or Snyk sells. It's a sharp knife, not a Swiss Army one.

Free vs Self-Hosted vs Paid

fully free

Free tier: Everything. The entire analyzer is MIT-licensed and open source, including all checkers.

Self-hosted: This is the only way to run it. Prebuilt binaries for Linux and macOS, or build from OCaml source. It runs locally or in CI. Enabling Java support may pull in GPL components, worth noting if licensing purity matters to you.

Paid: None. There's no hosted version and no commercial tier. If you want a managed dashboard and rule management, that's what SonarCloud or Coverity sell, and that's a different product.

Free and MIT-licensed. The cost is engineering time to integrate it and triage the first run, not dollars.

Self-hosting ops:moderate

Get tools like this every Wednesday

One featured tool, three on the radar. No fluff.

Similar Tools

Score
77/100 · B+
Adoption27/30
Maintenance20/25
Community5/20
License15/15
Analysis10/10

License: MIT License

Use freely, including commercial. Just keep the license.

Commercial use: ✓ Yes

About

Owner
Meta (Organization)
Backed by
Meta
Stars
15,660
Forks
2,095

Explore Further

More tools in the directory