...
- tool status: prototype, fully functional, development ongoing, maintained, stagnant, dead
- license: Is it open source, or do we have to keep access restricted? What restrictions are there on how we can use it? (Can we use it on a shared build engine?) Can we make minor fixes if necessary? Price? Can we make public a review or analysis of the tool? Do we have to restrict who can see the results?
- support: Is help available if we run into problems?
- languages: Which programming languages are supported, and how well?
- platforms: Windows? Mac? UNIX? What implementation language? Other packages that need to be installed to support it?
- ease of use: Invoke via command line or makefile? Plug in to Eclipse? Has its own GUI? Does it need to be fed all the source for a program at once? Can it analyze libraries we write, and applications using analyzed libraries, or only whole-program analysis?
- intrusiveness: Does it require stylized code, magic comments, additional input or generated files? Would the stylized code, if needed, trigger complaints from other tools?
- Types of analysis: What kind of problems or issues does it look for?
- hit rate: Does it miss a lot of problems? Does it report a lot of false positives?
- Can we suppress false positives we've analyzed and found to be okay?
- Is it being actively developed, or at least maintained?