Flawfinder

Flawfinder is a static analysis tool that scans C and C++ source code for potentially dangerous function calls and insecure coding patterns. It provides rankings for issues based on severity and ease of exploitation to help prioritize remediation. Flawfinder is lightweight, easy to run, and useful for quick scans or inclusion in CI checks for native codebases. While not exhaustive, it helps surface many common pitfalls in legacy or new C/C++ projects. Developers and security auditors use Flawfinder as a first pass in secure code review workflows.

Details

Deployment mode

Cloud, SaaS, web-based

Desktop Linux

Desktop Mac

Pricing model

Free

Open source

Organisation

Recommended by NERO

This organisation collects external/opensource solutions and training resources collected and validated by NERO partners.

Training and support

Free trial available:

Yes

Available trainings

Ratings & reviews

This solution has not been reviewed yet.