| layout |
|---|
custom |
OpenScanHub is a service for static and dynamic analysis. By default it uses Cppcheck, ShellCheck, the static analyzers embedded in GCC and Clang, find-unicode-control, and the Gitleaks tool. Other tools for static and dynamic analysis can be enabled on demand while submitting an OpenScanHub scan.
OpenScanHub can analyze RPM packages and source code tarballs.
- It can perform differential scans i.e. compare newer version of a package with older version and report defects that were introduced in the newer version.
- It is extensible through csmock plugins and can scan any type of source code.
- It can collect reports from various analyzers at a single place.
It can be used by any developer. It can help to improve security and stability of projects by finding defects in the source code.
It is used inside Red Hat to scan releases of RHEL and a few other projects.
It is running as a Fedora service. Alternatively, you can use it on your local system by following the developer documentation.
Developer documentation can be found on GitHub.
- OpenScanHub - Static Analysis of a Linux Distribution - DevConf.CZ 2024
- OpenScanHub: A Brief Introduction - GNU Tools Cauldron 2024
Code Scanning Utilities - csutils
Questions can be discussed on the mailing list.