This repository is intended for testing Secure C Coding standard sample code snippets. Copyright and License information for the code snippets can be found in the file license.txt.

The official Secure C coding standard static code analysis test suite can be found from here.

The Clang version used for this test was Clang 9. In Ubuntu you need to install clan-9 and clan-tools-9 packages. Please consult your distribution how to install the packages.

The install instructions for Infer can be found from here.

This repository contains three helper scripts to run the tests. The run-clang.sh tests Clang, the run-infer.sh tests Infer and run-overlap.sh runs both Clang and Infer to collect the combined results for both of the scanners.