These checkers enforce the CERT C Secure Coding rules, and are freely available from Rosecheckers Github project. For questions regarding the CERT ROSE checkers, contact info@sei.cmu.edu.
Getting Rosecheckers code from source or container
You can get the rosecheckers code from source or a container from Rosecheckers Github project.
Follow the instructions on the Readme of that project site.
Secure Coding Rules Enforced by Rosecheckers
The SEI CERT C Secure Coding Standard is freely available.
Here is a breakdown of how thoroughly Rosecheckers enforces the C Secure Coding Rules and Recommendations:
Complete | 57 | Rosecheckers catches all violations of these rules |
Partial | 45 | Rosecheckers catches some, but not all violations of these rules |
false-positive | 9 | These rules could be checked by Rosecheckers, but they will also catch some false positives. |
Potential | 29 | These rules are not checked by Rosecheckers, but could be |
Undoable | 32 | These rules could not be checked by Rosecheckers due to various limitations in ROSE. |
Unenforceable | 48 | These rules could not be checked by any tool that relies purely on unaided static analysis. |
TOTAL | 220 |