This is "flawfinder" by David A. Wheeler, <dwheeler@dwheeler.com>.
Flawfinder is a simple program that scans C/C++ source code and reports
potential security problems. It can be a useful tool for examining
software, and it can also serve as a simple introduction to static source code
analysis tools more generally. It is designed to be easy to install and use.
More technically, flawfinder uses lexical scanning to find tokens
(such as function names) that suggest likely problems, estimates their
level of risk (e.g., by the text of function calls), and reports the results.
For more information, see:
http://www.dwheeler.com/flawfinder
On Unix/Linux/POSIX systems, you can typically install it by extracting
its files, using "cd" to enter its directory, and then run this:
sudo make prefix=/usr install
You can omit the "prefix=/usr"; it will then install under "/usr/local".
The file INSTALL.txt has more detailed installation instructions.
Flawfinder requires Python 2 (version 2.5 or later).
Flawfinder is released under the GNU GPL license version 2 or later (GPLv2+).
See the COPYING file for more license information.