Flawfinder

Flawfinder is a program that examines C source code and reports possible security weaknesses (``flaws'') sorted by risk level. It's very useful for quickly finding and removing some security problems before a program is widely released.

Features

Easy to use
Easy to install
Reports on a number of different types of vulnerabilities
CWE compatible
Earned CII Best Practices badge
No cost
Open source software with OSI-approved license
Works even if you can't build the software

Project Samples

Project Activity

See All Activity >

License

GNU General Public License version 2.0 (GPLv2)

Follow Flawfinder

Flawfinder Web Site

Other Useful Business Software

$300 Free Credits for Your Google Cloud Projects

Start building on Google Cloud with $300 in free credits. No commitment, no credit card required until you're ready to scale.

Launch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.

Start Free Trial

Rate This Project

User Ratings

5.0 out of 5 stars

★★★★★

★★★★

★★★

★★

★

ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5

features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5

design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5

support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5

User Reviews

Filter Reviews:

All

squinky86 Posted 2017-09-07

Flawfinder gives you a quick first-look at where issues in C/C++ code may be lurking. Its ease of use, friendly development team, and range of detected software weaknesses make it the best value for a quick static analysis scan.

Additional Project Details

Languages

English

Intended Audience

Developers

User Interface

Command-line

Programming Language

C, Python

Related Categories

Python QA Automation Software, C QA Automation Software

Registered

2007-01-15

Similar Business Software

Parasoft

"Parasoft delivers an AI‑powered software testing platform that helps organizations continuously release high‑quality software. Our solutions support embedded and enterprise teams by integrating code analysis, testing, virtualization, and coverage into the delivery pipeline to improve security,...

See Software
Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
GW Apps

GW Apps – Build Powerful Business Apps Without Code. GW Apps is a secure, cloud-based no-code platform that enables businesses to create custom applications and automate workflows without programming. Designed for both business and IT teams, GW Apps combines an intuitive drag-and-drop builder...

See Software
Apify

Apify is a full-stack web scraping and automation platform helping anyone get value from the web. At its core is Apify Store, a marketplace with over 10,000 Actors where developers build, publish, and monetize automation tools. Actors are serverless cloud programs that extract data, automate...

See Software
Bitrise

Bitrise is a CI/CD platform built for mobile development, helping teams speed up builds, automate testing, and deliver high-quality apps faster. It supports native languages like Swift, Objective-C, Java, and Kotlin, as well as cross-platform frameworks including React Native, Flutter, Xamarin,...

See Software
Devin Desktop

Devin Desktop (formerly Windsurf) is an AI-powered development environment that combines a full-featured IDE with advanced coding agents in a unified workspace. Formerly known as Windsurf, the platform enables developers to manage local and cloud-based AI agents, delegate tasks, review code, and...

See Software