Integrate FlawFinder into CI/CD

What is Flawfinder?

Flawfinder is a popular open-source security tool that examines C/C++ source code and reports possible security weaknesses.  

Security Stage SAST (Static code analysis)
Type Open Source
Languages C, C++
Site https://dwheeler.com/flawfinder/

 

Pre-requisite

1 You'll need a Git address to scan

 

How do I set it up?

Adding Flawfinder to your set of security tests is simple.

  • Click on the application you wish to add the tool for, and edit the version (stage) configuration.

EditStage

  • Ensure that the version's 'Uri' is set to the Git URL of the repo being tested (either through the Uleska UI, or via the CLI/API). This will include the branch and auth details needed.

SASTSetup-1

  • Click Save.

  • Create a new Toolkit (or edit an existing one) by following the Creating a Toolkit guide and selecting 'Flawfinder' as a tool.

flawfinder

  • Click Save.

Now any time you click 'Test Now' and select your Toolkit that includes Flawfinder, or make a request over the Uleska API or CLI including that Toolkit, the Flawfinder tool will be included in the test run and any results added to your vulnerabilities list.

Notes

None