Description
A static analysis tool that scans source code for patterns linked to possible security flaws. It is used by developers and auditors to find risky functions, unsafe calls, and code areas that deserve human review.
Use it as an early warning tool, not as proof that code is safe or unsafe. Results need interpretation, and false positives are common in automated security scanning.