Lapack security analysis

Goal

Lear how to use Codee for Static Application Security Testing (SAST) and generate a SAST report for Lapack.

Getting started

Make sure you have Codee installed and available on your machine and clone the Lapack repository.

git clone https://github.com/Reference-LAPACK/lapack.git && cd lapack

The compile_commands.json can be obtained using CMake. Make sure to obtain a complete compilation of the project:

mkdir build && cd build && \
cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON .. && \
cmake --build . -j --target install

To obtain Codee SAST results for the CWE standard execute the following command:

codee diagnose --sast

You should have obtained a result similar to this:

<...>

4186 files, 4200 functions, 28832 loops, 1462066 LOCs successfully analyzed (49816 checkers) and 0 non-analyzed files in 11 m 28 s