Flawfinder is a python program by David Wheeler which scans code for known security vulnerabilities. It is basically grep(1) on steroids with a ruleset.

Flawfinder scans each file specified on the command line and produces a report when scanning is complete. For each vulnerability, the list of files and line numbers where it occurred is given, followed by a brief description of the vulnerability and suggested action.

Recently I have extended flawfinder to take arbitrary rulesets which are specified on the command line. This page includes a pointer to the original flawfinder as well as a pointer to my patch and additional rulesets. Complete directions for updating your flawfinder are included with the .tar.gz listed below.

Original Program

Patch and Rulesets