Flawfinder

Flawfinder is a program that examines C source code and reports possible security weaknesses (``flaws'') sorted by risk level. It's very useful for quickly finding and removing some security problems before a program is widely released.

Features

Easy to use
Easy to install
Reports on a number of different types of vulnerabilities
CWE compatible
Earned CII Best Practices badge
No cost
Open source software with OSI-approved license
Works even if you can't build the software

Project Samples

Project Activity

See All Activity >

License

GNU General Public License version 2.0 (GPLv2)

Follow Flawfinder

Flawfinder Web Site

Other Useful Business Software

Simple, Secure Domain Registration

Get your domain at wholesale price. Cloudflare offers simple, secure registration with no markups, plus free DNS, CDN, and SSL integration.

Register or renew your domain and pay only what we pay. No markups, hidden fees, or surprise add-ons. Choose from over 400 TLDs (.com, .ai, .dev). Every domain is integrated with Cloudflare's industry-leading DNS, CDN, and free SSL to make your site faster and more secure. Simple, secure, at-cost domain registration.

Rate This Project

User Ratings

5.0 out of 5 stars

★★★★★

★★★★

★★★

★★

★

ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5

features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5

support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5

User Reviews

Filter Reviews:

All

squinky86 Posted 2017-09-07

Flawfinder gives you a quick first-look at where issues in C/C++ code may be lurking. Its ease of use, friendly development team, and range of detected software weaknesses make it the best value for a quick static analysis scan.

Additional Project Details

Languages

English

Intended Audience

Developers

User Interface

Command-line

Programming Language

C, Python

Related Categories

Python QA Automation Software, C QA Automation Software

Registered

2007-01-15

Similar Business Software

Parasoft

Parasoft helps organizations continuously deliver high-quality software with its AI-powered software testing platform and automated test solutions. Supporting embedded and enterprise markets, Parasoft’s proven technologies reduce the time, effort, and cost of delivering secure, reliable, and...

See Software
Windsurf Editor

The Windsurf Editor is a free AI-powered IDE and AI coding assistant that accelerates development by providing intelligent code generation and agents in over 70 programming languages and more than 40 IDEs, including VSCode, JetBrains, and Jupyter Notebooks. With Windsurf, developers can write...

See Software
Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
Adobe PDF Library SDK

Developers rely on Datalogics to provide the most comprehensive PDF SDKs in the industry. We are SOC 2 Type 2 certified. Global OEMs, SaaS and enterprise end-users rely on Adobe PDF Library to automate the creation, editing and management of PDFs. An Adobe partner, our SDK uses the same...

See Software
ZeroPath

ZeroPath (YC S24) is an AI-native application security platform that delivers comprehensive code protection beyond traditional SAST. Founded by security engineers from Tesla and Google, ZeroPath combines large language models with advanced program analysis to find and automatically fix...

See Software
Twilio

Design and deploy your ideal customer engagement experience. Twilio is a single fully-programmable platform with flexible APIs for any channel and over 400+ integrations, backed by a community of over 9 million developers. Build accurate and personalized experiences for your customers, easily...

See Software