Alert Type Frequency Assessment of Open-Source Static Analysis Tools and Codebases
• Dataset
This dataset includes all the data needed to replicate and validate our frequency analysis of static analysis (SA) alerts produced using open-source SA tools on several OSS codebases.
Publisher
Software Engineering Institute
DOI (Digital Object Identifier)
10.5281/zenodo.7958182Abstract
This dataset includes all data needed to replicate and validate our frequency analysis of static analysis (SA) alerts produced using open-source SA tools on several OSS codebases. It includes instructions on how to get and run the SA tools, a Dockerfile to conveniently get and use the SA tools, raw SA tool output, some Python scripts to parse that output, parsed SA data and aggregate analyses, and SA data augmented with CERT coding rule and CWE data. The dataset can be used to develop and test enhanced and competing versions of automated code repair and static analysis test results.
The SA tools used:
- clang-tidy version 15.07
- cppcheck version 2.9
- CERT Rosecheckers
The codebases analyzed:
- zeek version 5.1.1
- git version 2.39.0
- dos2unix version 7.4.3