OpenCV security analysis

Goal

Lear how to use Codee for Static Application Security Testing (SAST) and generate a SAST report for OpenCV.

Getting started

Make sure you have Codee installed and available on your machine and clone the OpenCV repository.

git clone https://github.com/opencv/opencv.git && cd opencv

The compile_commands.json can be obtained using CMake. Make sure to obtain a complete compilation of the project:

cmake \
        -DCMAKE_EXPORT_COMPILE_COMMANDS=ON \
        -B build \
        -S . && \
make -C build

To obtain Codee SAST results for the CWE standard execute the following command:

codee diagnose --sast

You should have obtained a result similar to this:

<...>

1739 files, 53816 functions, 27452 loops, 793483 LOCs successfully analyzed (9793 checkers) and 13 non-analyzed files in 1 h 29 m 50 s