On Tuesday 21 December 2010, Raphael Geissert wrote: > >> At the moment there are only partial reports from two tools, but > >> the list of tools to be evaluated and possibly included goes > >> over twenty. > > > > I would be glad if the tools included some security auditing > > tools such > > > > as: > > + Available as Debian packages > > > > - RATS: security auditing utility for C, C++, PHP, Perl, and > > Python code > > - Flawfinder: securty flaw search tool for C/C++ source code > > To be honest, the results of both tools are usually just noise and > it would be better if the C/C++ checks that are not implemented by > cppcheck were contributed. > I'm not opposed to running them either, but they will be down on my > To-Do list. If anyone has a few minutes to come up with the right > scripts and tweaks to the web reports, please subscribe and email > the daca- de...@lists.alioth.d.o list. > > > - Split: a tool for statically checking C programs for bugs > > Splint has better results than rats and flawfinder, but the same > arguments apply.
I fully agree with you WRT flawfinder and splint. OTOH, I think that clang's scan-build has a reasonable signal-to-noise ratio. It only does C, though. For perl, perlcritic at a sufficiently high warning level may be worth a thought. A question about hardware: How much memory/disk space is needed at the minimum to be useful? Cheers, Stefan -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201012232230.52248...@sfritsch.de
