May 26, 2018
Examines source code looking for security weaknesses
Flawfinder searches through source code looking for potential security
flaws. Flawfinder uses an internal database called the
ruleset identifies functions that are common causes of security flaws.
Every potential security flaw found in a given source code file matching
an entry in the ruleset is called ahit,’’ and the set of hits found
during any particular run is called the ``hitlist.’’