Insights from Running 24 Static Analysis Tools on Open Source Software Repositories

被引：0

作者：

Hashmat, Fabiha ^{[1
]}

Aljaali, Zeyad Alwaleed ^{[1
]}

Shen, Mingjie ^{[1
]}

Machiry, Aravind ^{[1
]}

机构：

[1] Purdue Univ, W Lafayette, IN 47907 USA

来源：

INFORMATION SYSTEMS SECURITY, ICISS 2024 | 2025年 / 15416卷

基金：

美国国家科学基金会;

关键词：

Program Analysis; OMEGA ANALYZER; GITHUB Network Projects; Static Analysis; OSSF critical repositories; VULNERABILITIES;

D O I：

10.1007/978-3-031-80020-7_13

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

OSS is important and useful. We want to ensure that it is of high quality and has no security issues. Static analysis tools provide easy-to-use and application-independent mechanisms to assess various aspects of a given code. Many effective open-source static analysis tools exist. In this paper, we perform the first comprehensive analysis using 24 open-source static analysis tools (through OMEGA ANALYZER) on 4,947 repositories. Our study identified several interesting findings, such as the distribution of errors in relation to the criticality score of repositories shows that repositories with a criticality score have the highest percentage of errors. We envision that our findings provide insights into the effectiveness of static analysis tools on OSS and future research directions in securing OSS repositories.

引用

页码：225 / 245

页数：21

共 21 条

[1] Efficacy of static analysis tools for software defect detection on open-source projects
Yeboah, Jones
Popoola, Saheed
2023 INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND COMPUTATIONAL INTELLIGENCE, CSCI 2023, 2023, : 1588 - 1593
[2] Comparative Analysis of Open-Source Tools for Conducting Static Code Analysis
Kuszczynski, Kajetan
Walkowski, Michal
SENSORS, 2023, 23 (18)
[3] Static Analysis and Improvement Opportunities for Open Source of UAV Flight Control Software
Jang, Jeong-hoon
Kang, Yu-sun
Lee, Ji-hyun
JOURNAL OF THE KOREAN SOCIETY FOR AERONAUTICAL AND SPACE SCIENCES, 2021, 49 (06) : 473 - 480
[4] Evaluation of Static Analysis Tools for Software Security
AlBreiki, Hamda Hasan
Mahmoud, Qusay H.
2014 10TH INTERNATIONAL CONFERENCE ON INNOVATIONS IN INFORMATION TECHNOLOGY (IIT), 2014, : 93 - 98
[5] Ranking Source Code Static Analysis Warnings for Continuous Monitoring of FLOSS Repositories
Ribeiro, Athos
Meirelles, Paulo
Lago, Nelson
Kon, Fabio
OPEN SOURCE SYSTEMS: ENTERPRISE SOFTWARE AND SOLUTIONS, OSS 2018, 2018, 525 : 90 - 101
[6] Study of State-of-the-art Open-source C/C++ Static Analysis Tools
Li G.-W.
Yuan T.
Li L.
Ruan Jian Xue Bao/Journal of Software, 2022, 33 (06): : 2061 - 2081
[7] Open Source Web Application Security: A Static Analysis Approach
Alenezi, Mamdouh
Javed, Yasir
2016 INTERNATIONAL CONFERENCE ON ENGINEERING & MIS (ICEMIS), 2016,
[8] BPEL Conformance in Open Source Engines: The Case of Static Analysis
Harrer, Simon
Preissnger, Christian
Wirtz, Guido
2014 IEEE 7TH INTERNATIONAL CONFERENCE ON SERVICE-ORIENTED COMPUTING AND APPLICATIONS (SOCA), 2014, : 33 - 40
[9] Understanding How to Use Static Analysis Tools for Detecting Cryptography Misuse in Software
Braga, Alexandre
Dahab, Ricardo
Antunes, Nuno
Laranjeiro, Nuno
Vieira, Marco
IEEE TRANSACTIONS ON RELIABILITY, 2019, 68 (04) : 1384 - 1403
[10] A Comparative Study of Static Analysis Tools for AUTOSAR Automotive Software Components Development
Imparato, Alfredo
Maietta, Raffaele Rodolfo
Scala, Stefano
Vacca, Vladimiro
2017 IEEE 28TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW 2017), 2017, : 65 - 68

← 1 2 3 →