From db09996c014c9b3bc781dfee0e7333a79e4271be Mon Sep 17 00:00:00 2001 From: nickthetait Date: Wed, 14 Mar 2018 00:09:21 -0600 Subject: [PATCH] Convert README to use markdown Signed-off-by: nickthetait --- README => README.md | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) rename README => README.md (83%) diff --git a/README b/README.md similarity index 83% rename from README rename to README.md index 54e562d..274e40b 100644 --- a/README +++ b/README.md @@ -1,4 +1,6 @@ -This is "flawfinder" by David A. Wheeler, . +# About + +This is "flawfinder" by [David A. Wheeler](mailto:dwheeler@dwheeler.com). Flawfinder is a simple program that scans C/C++ source code and reports potential security flaws. It can be a useful tool for examining software @@ -7,20 +9,25 @@ static source code analysis tools more generally. It is designed to be easy to install and use. Flawfinder supports the Common Weakness Enumeration (CWE) and is officially CWE-Compatible. -For more information, see: - http://www.dwheeler.com/flawfinder +For more information, see the [project website](http://www.dwheeler.com/flawfinder) + +# Platforms Flawfinder is designed for use on Unix/Linux/POSIX systems (including Cygwin, Linux-based systems, MacOS, and *BSDs) as a command line tool. It requires Python 2.7 or Python 3. +# Installation + If you just want to *use* it, you can install flawfinder with Python's "pip" or with your system's package manager (flawfinder has packages for many systems). It also supports easy installation following usual "make install" source installation conventions. -The file INSTALL.txt has more detailed installation instructions. +The file [INSTALL.txt](INSTALL.txt) has more detailed installation instructions. You don't HAVE to install it to run it, but it's easiest that way. +# Usage + To run flawfinder, just give it a list of source files or directories to example. For example, to examine all files in "src/" and down recursively: @@ -31,6 +38,8 @@ flawfinder (including its various options) and related information (such as how it supports CWE). For example, the "--html" option generates output in HTML format. The "--help" option gives a brief list of options. +# Under the hood + More technically, flawfinder uses lexical scanning to find tokens (such as function names) that suggest likely vulnerabilities, estimates their level of risk (e.g., by the text of function calls), and reports the results. @@ -42,8 +51,12 @@ vulnerabilities in programs that cannot be built or cannot be linked. Flawfinder also doesn't get as confused by macro definitions and other oddities that more sophisticated tools have trouble with. +# Contributions + We love contributions! For more information on contributing, see -the file CONTRIBUTING.md. +the file [CONTRIBUTING.md](CONTRIBUTING.md). + +# License Flawfinder is released under the GNU GPL license version 2 or later (GPL-2.0+). -See the COPYING file for license information. +See the [COPYING](COPYING) file for license information.