VCG is an automated code security review tool for C++, Java, and PL/SQL which is intended to drastically speed up the code review process by identifying bad code. Features include configure file for each language that basically allows you to add any bad functions (or other text) that you want to search for and attempts to find phrases within comments that can indicate broken code and it provides stats and a pie chart (for the entire codebase and for individual files) showing relative proportions of code, whitespace, comments, style comments, and bad code.
Full Specifications
What's new in version 1.4.1
General
ReleaseFebruary 21, 2013
Date AddedFebruary 22, 2013
Version1.4.1
Operating Systems
Operating SystemsWindows 2003, Windows Vista, Windows, Windows 7, Windows XP