flawfinder
« Back to VersTracker
Description:
Examines code and reports possible security weaknesses
Type: Formula  |  Tracked Since: Dec 28, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: c c++ static-analysis security code-quality auditing
Install: brew install flawfinder
About:
Flawfinder is a static analysis tool that scans C and C++ source code to identify potential security vulnerabilities. It highlights risky functions like buffer overflows and format string issues, providing a prioritized list of warnings. This helps developers identify and fix security flaws early in the development lifecycle.
Key Features:
  • Scans C/C++ source code for security weaknesses
  • Ranks risks by severity (level, confidence, warning)
  • Supports HTML, XML, and plain text output formats
  • Fast and lightweight with minimal dependencies
Use Cases:
  • Auditing legacy C/C++ codebases for security flaws
  • Integrating security checks into CI/CD pipelines
  • Educating developers on secure coding practices
Alternatives:
  • cppcheck – Focuses on general bugs and syntax errors rather than just security vulnerabilities
  • SonarQube – A comprehensive platform covering multiple languages and code quality metrics
Version History
Detected Version Rev Change Commit
Oct 10, 2024 6:31pm 1 VERSION_BUMP 3ec903c6
Sep 13, 2024 7:14am 1 VERSION_BUMP 2dddb258
Oct 4, 2023 9:08am 1 VERSION_BUMP 4cd00f2e
Oct 1, 2023 4:01pm 1 VERSION_BUMP 373c0496
« Back to VersTracker  |  Browse Packages  |  About