Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Source Code Security Analysis

[SAMATE Home | IntrO TO SAMATE | SARD | SATE | Bugs Framework | Publications | Tool Survey | Resources]

For our purposes, a source code security analyzer

  1. examines source code to
  2. detect and report weaknesses that can lead to security vulnerabilities.

Specifications 

Source Code Security Analysis Tool Functional Specification Version 1.1, NIST Special Publication 500-268, February 2011
This version 1.1 updates version 1.0 by adding the SPARK language in Annex A and improving explanations.

Earlier version

Source Code Security Analysis Tool Functional Specification Version 1.0, NIST Special Publication 500-268, May 2007

Drafts

Test Plan 

Source Code Security Analysis Tool Test Plan Version 1.1, NIST Special Publication 500-270, July 2011
This version 1.1 updates version 1.0 by adding Java test suites and updating C/C++ test suites. 

Earlier versions

Source Code Security Analysis Tool Test Plan Version 1.0, NIST Special Publication 500-270,

Tool Instances 

Created March 23, 2021, Updated May 17, 2021