Lapack security analysis

Goal

Lear how to use Codee for Static Application Security Testing (SAST) and generate a SAST report for Lapack.

Getting started

Make sure you have Codee installed and available on your machine and clone the Lapack repository.

git clone https://github.com/Reference-LAPACK/lapack.git

Now navigate to the source code:

cd lapack

The compile_commands.json can be obtained using CMake. Make sure to obtain a complete compilation of the project:

mkdir build && cd build && \
cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON .. && \
cmake --build . -j --target install

To obtain Codee SAST results for the CWE standard execute the following command:

codee screening --sast

You should have obtained a result similar to this:

<...>

4186 target files, 4200 functions, 28840 loops, 1462216 LOCs successfully analyzed (49804 checkers) and 0 non-analyzed files in 25 m 30 s