summaryrefslogtreecommitdiff
path: root/development/rats/README
diff options
context:
space:
mode:
Diffstat (limited to 'development/rats/README')
-rw-r--r--development/rats/README22
1 files changed, 22 insertions, 0 deletions
diff --git a/development/rats/README b/development/rats/README
new file mode 100644
index 0000000000..e470ebed27
--- /dev/null
+++ b/development/rats/README
@@ -0,0 +1,22 @@
+RATS - Rough Auditing Tool for Security
+
+RATS is an open source tool developed and maintained by Secure Software
+security engineers. Secure Software was acquired by Fortify Software, Inc.
+RATS is a tool for scanning C, C++, Perl, PHP and Python source code and
+flagging common security related programming errors such as buffer overflows
+and TOCTOU (Time Of Check, Time Of Use) race conditions.
+
+RATS scanning tool provides a security analyst with a list of potential
+trouble spots on which to focus, along with describing the problem and
+potentially suggest remedies. It also provides a relative assessment of the
+potential severity of each problem, to better help an auditor prioritize.
+This tool also performs some basic analysis to try to rule out conditions
+that are obviously not problems.
+
+As its name implies, the tool performs only a rough analysis of source code.
+It will not find every error and will also find things that are not errors.
+Manual inspection of your code is still necessary, but greatly aided with
+this tool.
+
+Example usage - to analyze "main.c":
+rats --db /usr/share/rats-2.3/rats-c.xml main.c
generated by cgit v1.2.3 (git 2.26.2) at 2024-12-18 08:05:04 +0000