Flawfinder

Flawfinder is a program that examines C source code and reports possible security weaknesses (``flaws'') sorted by risk level. It's very useful for quickly finding and removing some security problems before a program is widely released.

Features

Easy to use
Easy to install
Reports on a number of different types of vulnerabilities
CWE compatible
Earned CII Best Practices badge
No cost
Open source software with OSI-approved license
Works even if you can't build the software

Project Samples

Project Activity

See All Activity >

License

GNU General Public License version 2.0 (GPLv2)

Follow Flawfinder

Flawfinder Web Site

Other Useful Business Software

$300 in Free Credit Towards Top Cloud Services

Build VMs, containers, AI, databases, storage—all in one place.

Start your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale.

Get Started

Rate This Project

User Ratings

5.0 out of 5 stars

★★★★★

★★★★

★★★

★★

★

ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5

features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5

support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5

User Reviews

Filter Reviews:

All

squinky86 Posted 2017-09-07

Flawfinder gives you a quick first-look at where issues in C/C++ code may be lurking. Its ease of use, friendly development team, and range of detected software weaknesses make it the best value for a quick static analysis scan.

Additional Project Details

Languages

English

Intended Audience

Developers

User Interface

Command-line

Programming Language

C, Python

Related Categories

Python QA Automation Software, C QA Automation Software

Registered

2007-01-15

Similar Business Software

Parasoft

Parasoft helps organizations continuously deliver high-quality software with its AI-powered software testing platform and automated test solutions. Supporting embedded and enterprise markets, Parasoft’s proven technologies reduce the time, effort, and cost of delivering secure, reliable, and...

See Software
Windsurf Editor

The Windsurf Editor is a free AI-powered IDE and AI coding assistant that accelerates development by providing intelligent code generation and agents in over 70 programming languages and more than 40 IDEs, including VSCode, JetBrains, and Jupyter Notebooks. With Windsurf, developers can write...

See Software
Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
ZeroPath

ZeroPath (YC S24) is an AI-native application security platform that delivers comprehensive code protection beyond traditional SAST. Founded by security engineers from Tesla and Google, ZeroPath combines large language models with advanced program analysis to find and automatically fix...

See Software
GW Apps

GW Apps – Build Powerful Business Apps Without Code. GW Apps is a secure, cloud-based no-code platform that enables businesses to create custom applications and automate workflows without programming. Designed for both business and IT teams, GW Apps combines an intuitive drag-and-drop builder...

See Software
Apify

Apify is a full-stack web scraping and automation platform helping anyone get value from the web. At its core is Apify Store, a marketplace with over 10,000 Actors where developers build, publish, and monetize automation tools. Actors are serverless cloud programs that extract data, automate...

See Software