GROMACS security analysis

Goal

Lear how to use Codee for Static Application Security Testing (SAST) and generate a SAST report for GROMACS.

Getting started

Make sure you have Codee installed and available on your machine and clone the GROMACS repository.

git clone https://github.com/gromacs/gromacs.git && cd gromacs

The compile_commands.json can be obtained using CMake. Make sure to obtain a complete compilation of the project:

cmake \
        -DCMAKE_EXPORT_COMPILE_COMMANDS=ON \
        -DGMX_BUILD_OWN_FFTW=ON \
        -B build \
        -S .

To obtain Codee SAST results for the CWE standard execute the following command:

codee diagnose --sast

You should have obtained a result similar to this:

<...>

1725 files, 20583 functions, 12102 loops, 477122 LOCs successfully analyzed (3205 checkers) and 5 non-analyzed files in 1 h 16 m 34 s