Alert Type Frequency Assessment of Open-Source Static Analysis Tools and Codebases - 2025 anonymous

This includes all data needed to replicate and validate our frequency analysis of static analysis (SA) alerts produced using open-source SA tools on several OSS codebases. It includes instructions how to get and run the SA tools, a Dockerfile to conveniently get and use the SA tools, raw SA tool output, some python scripts to parse that output, parsed SA data and aggregate analyses, and SA data augmented with CERT coding rule and CWE data.   The SA tools used: clang-tidy version 15.07    cppcheck version 2.9    CERT Rosecheckers    The codebases analyzed: zeek version 5.1.1 git version 2.39.0 dos2unix version 7.4.3