Software Engineering Institute

The Rosecheckers tool performs static analysis on C/C++ source files. It is designed to enforce the rules in the CERT C Coding Standard. Rosecheckers finds some C coding errors that other static analysis tools do not. However, it does not do a comprehensive test for secure and correct C coding, and it is only a prototype, so it cannot be used alone to fully analyze code security.