Flawfinder is a program that examines C source code and reports possible security weaknesses (``flaws'') sorted by risk level. It's very useful for quickly finding and removing some security problems before a program is widely released.
- Easy to use
- Easy to install
- Reports on a number of different types of vulnerabilities
- CWE compatible
- Earned CII Best Practices badge
- No cost
- Open source software with OSI-approved license
- Works even if you can't build the software
Rate This ProjectLogin To Rate This Project
Flawfinder gives you a quick first-look at where issues in C/C++ code may be lurking. Its ease of use, friendly development team, and range of detected software weaknesses make it the best value for a quick static analysis scan.