A year back Salesforce began supporting source code analysis on Force.com through http://security.force.com/sourcescanner. But there wasn’t any integration with the Force.com IDE.
Checkmarx, the company Salesforce partnered with to provide Force.com source scanning, has stepped up and made an offering available to all of us. For 90 days, for the first 1000 developers, they’ll give away a free version of an Eclipse plugin that can scan all Force.com code (under 100k LoC). The great thing about this is that you get actionable results, directly in your IDE, without having to cross reference line numbers in a report like you have to do today. I hope this is a great resource for all of us!
Download a copy at http://www.apexscanner.com.