Insights from Running 24 Static Analysis Tools on Open Source Software Repositories

Insights from Running 24 Static Analysis Tools on Open Source Software Repositories

연구 분야: Verification

학회: International Conference on Information Systems Security

OSS is important and useful. We want to ensure that it is of high quality and has no security issues. Static analysis tools provide easy-to-use and application-independent mechanisms to assess various aspects of a given code. Many effective open-source static analysis tools exist. In this paper, we perform the first comprehensive analysis using 24 open-source static analysis tools (through OMEGA ANALYZER) on 4,947 repositories. Our study identified several interesting findings, such as the distribution of errors in relation to the criticality score of repositories shows that repositories with a criticality score have the highest percentage of errors. We envision that our findings provide insights into the effectiveness of static analysis tools on OSS and future research directions in securing OSS repositories.