Once you have built and installed RATS, it's time to start auditing your software! RATS accepts a few command line options that will be described here and accepts a list of files to audit on the command line. If no files to audit are specified, stdin will be used.

usage: rats [-d ] [-h] [-r] [-w ] [-x] [file1 
                                    file2 ... filen]

Options explained:

Warning level 1 includes only default and high severity Level 2 includes medium severity. Level 2 is the default warning level 3 includes low severity vulnerabilities.

When started, RATS will scan each file specified on the command line and produce a report when scanning is complete. What vulnerabilities are reported in the final report depend on the data contained in the vulnerability database or databases that are used and the warning level in use.

For each vulnerability, the list of files and line numbers where it occurred is given, followed by a brief description of the vulnerability and suggested action.