We use Programming Research's QAC for our C code. Works OK.
Recently we have been talking about checking out some of the more advanced and static/dynamic code analyzers like Coverity's Prevent or the analysis tool by GrammaTech.
They claim to not only do static analysis but also find runtime errors etc. One major selling point is supposed to be fewer false positives.
