Projects / Flawfinder


Flawfinder searches through source code looking for potential security flaws. It will provide a list of potential security flaws, sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function. Flawfinder ignores text inside comments and strings.

Operating Systems

Recent releases

  •  17 Jan 2007 08:07

    Release Notes: The ability to review only the changes to a program was added. Other minor improvements and bugfixes were made.

    •  16 Jun 2004 03:48

      Release Notes: Code to better support Microsoft's approach to internationalization was added along with various new rules to detect more situations. False positives were reduced and some documentation was improved.

      •  31 May 2004 20:52

        Release Notes: This release adds more rules for finding security flaws involving cuserid, getlogin, getpass, mkstemp, getpw, memalign, gsignal, ssignal, ulimit, and usleep. It has 137 rules that it checks automatically. Lengthy text has been added to the manual to explain exactly how to use flawfinder with Vim and Emacs. An error in the --columns format has been fixed, and many shortcut single-letter commands have been added. It tries to auto-remove some false positives, and a "--falsepositive" (-F) option has been added that tries to remove many more.

        •  31 Oct 2003 01:33

          Release Notes: This version fixes an extremely obscure parsing error that in very rare cases caused false reports of a vulnerability where there wasn't one. Also, readlink() has been added to the vulnerability database.

          •  29 Sep 2003 11:00

            Release Notes: This release fixed a subtle code bug that caused single character constants to not be be parsed correctly under certain unusual circumstances. An error in the manual where "--minlevel" incorrectly only had one dash was fixed, and C/C ++ filename extensions are listed in the documentation.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.