These checkers enforce the CERT C Secure Coding rules, and are freely available from their SourceForge project. For questions regarding the CERT ROSE checkers, contact secure-coding at cert dot org.
Running Rosecheckers (the ROSE CERT C Checkers)
Checkers for CERT C secure coding rules/recommendations/guidelines are built into a tool called Rosecheckers, which uses the ROSE compiler. The program is run using all-lowercase 'rosecheckers'.
To run the Rosecheckers program on a C or C++ file, simply pass the file as an argument:
...
There are three ways to run Rosecheckers. You can run Rosecheckers using a downloadable virtual machine. You can build Rosecheckers, as well as ROSE itself, from source. Finally, Rosecheckers is available on Carnegie Mellon University's Andrew system to students, faculty, and staff.
Getting Rosecheckers code from source
You can get the rosecheckers code from alone (no VM) from https://github.com/coruus/rosecheckers
If you install rosecheckers code from source, you will should install ROSE first. After installing ROSE:
- Clone the rosecheckers repository from github
- Set the
ROSEenvironment variable to point to the directory for ROSE that has the bin, include, etc. for ROSE - To build the Rosecheckers program from the CERT C Checkers, go into the
rosecheckers/rosecheckersdirectory and type:make pgms
Rosecheckers on a Virtual Machine
To run these checkers, you must use a virtualization system such as VMWare. The Sourceforge project provides a free example VM.
...
In the VM's home directory, there is a README file explaining what software is available there. It includes both ROSE and the CERT Secure Coding rule checkers.
Building Rosecheckers
To build the Rosecheckers program from the CERT C Checkers, type:
...
To clean documentation pages and build files:
| Code Block |
|---|
make clean |
Rosecheckers on Andrew
To run Rosecheckers this way, you must have an Andrew account at CMU, usually limited to faculty, students, and staff. The Rosecheckers program is available in:
...