...
To run these checkers, you must use a virtualization system such as VMWare. The Sourceforge project provides a free example VM, which we call "Rosebud" (the Rosecheckers VM).
Once extracted, the rosebud directory is a VM image that can be powered on by VMWare. After logging in, you'll need to enter your login password again when the system asks for a sudo password. This is so the VM image can generate a unique SSH key.
...
Here is a breakdown of how thoroughly Rosecheckers enforces the C Secure Coding Rules:
Complete | 57 | ROSE catches all violations of these rules |
Partial | 45 | ROSE catches some, but not all violations of these rules |
false-positive | 9 | These rules could be checked by Rosecheckers, but they will also catch some false positives. |
Potential | 29 | These rules are not checked by Rosecheckers, but could be |
Undoable | 32 | These rules could not be checked by ROSE due to various limitations in ROSE. |
Unenforceable | 48 | These rules could not be checked by any tool that relies purely on unaided static analysis. |
TOTAL | 220 |