English | Deutsch
Home »

Code metrics of OpenVAS modules with trends

The OpenVAS developer team is very much concerned with source code quality. This page summarizes analysis of the quality as a base for planning improvements strategies. Note, that simple counter heuristics are only one element of a quality strategy.

Applied tools:

Furthermore, some information (e.g. code/comment ratio) can be found on the ohloh page of OpenVAS.

Note: You should make yourself familiar with the applied tools especially before interpreting the absolute numbers. The trends of the numbers give a first impression, but for deeper understanding you should read more about the applied methods as well.

openvas-libraries

Release Flawfinder SLOC Flawfinder Hits RATS Hi/Med gcc -Wall
0.9.0 13909 484 not analyzed 37
0.9.1 13853 483 not analyzed 20
1.0.0 13755 476 not analyzed 10
1.0.1 11729 380 114/27 3
1.0.2 11752 377 114/27 3
1.0.3 11898 375 114/27 3
2.0-beta1 11819 376 102/27 3
2.0-beta2 11200 368 93/26 3
2.0-rc1 11254 317 84/13 3
2.0.0 11255 311 84/13 3
2.0.1 11248 295 76/13 3
2.0.2 11384 295 76/13 3
2.0.3 12401 305 76/13 3
2.0.4 12597 304 76/13 4
openvas-libnasl merged into openvas-libraries. Now, flawfinder 1.27 is used. New libraries "omp" and "base" were added.
3.1.0 62263 825 203/33 10

openvas-scanner

openvas-scanner is the successor of openvas-server. All C modules of openvas-plugins as well as management scripts of openvas-plugins were integrated here. flawfinder 1.27 was applied.

Release Flawfinder SLOC Flawfinder Hits RATS Hi/Med gcc -Wall
3.1.0 20951 605 166/25 n.a.

openvas-libnasl

Release Flawfinder SLOC Flawfinder Hits RATS Hi/Med gcc -Wall
0.9.0 16034 342 not analyzed not analyzed
0.9.1 16013 342 not analyzed not analyzed
0.9.2 16051 343 not analyzed not analyzed
1.0.0 16052 343 64/21 not analyzed
1.0.1 16077 331 62/21 not analyzed
2.0-beta1 16078 330 61/21 not analyzed
2.0-beta2 16422 339 62/22 not analyzed
2.0-rc1 16437 290 61/21 not analyzed
2.0.0 15524 265 54/15 not analyzed
2.0.1 15525 256 48/15 not analyzed
2.0.2 15539 258 48/15 not analyzed

openvas-server

Release Flawfinder SLOC Flawfinder Hits RATS Hi/Med gcc -Wall
0.9.0 10403 457 not analyzed not analyzed
0.9.1 10366 457 not analyzed not analyzed
0.9.2 10366 457 125/24 not analyzed
1.0.0 10354 457 125/24 not analyzed
1.0.1 10093 433 124/21 not analyzed
1.0.2 10087 433 124/21 not analyzed
2.0-beta1 9536 383 100/19 not analyzed
2.0-beta2 9384 381 93/19 not analyzed
2.0-rc1 9527 367 93/16 not analyzed
2.0.0 9365 361 93/16 not analyzed
2.0.1 9496 333 86/16 not analyzed
2.0.2 9809 324 86/16 not analyzed
2.0.3 9723 316 86/16 not analyzed

openvas-plugins

Release Flawfinder SLOC Flawfinder Hits RATS Hi/Med gcc -Wall
0.9.1 6904 412 not analyzed not analyzed
1.0.1 6904 412 128/20 not analyzed
1.0.2 6668 401 126/18 not analyzed
1.0.3 6730 375 126/18 not analyzed
1.0.4 6384 375 126/16 not analyzed
1.0.5 6300 374 125/16 not analyzed
1.0.6 6005 303 104/12 not analyzed
1.0.7 6005 303 106/12 not analyzed

OpenVAS-Client

Release Flawfinder SLOC Flawfinder Hits RATS Hi/Med gcc -Wall
0.9.1 51695 868 not analyzed 23
1.0.0 51679 867 not analyzed 23
1.0.1 51648 862 not analyzed 23
1.0.2 51648 862 not analyzed 23
1.0.3 51291 837 251/55 14
1.0.4 50067 794 221/55 22
1.0.5 50173 794 221/55 22
2.0-beta1 27266 677 176/47 13
2.0-beta2 27590 691 169/47 6
2.0-rc1 26983 659 164/45 6
2.0.0 26671 606 158/45 2
2.0.1 26672 606 158/45 2
2.0.2 28795 599 154/44 2
2.0.3 29192 562 144/44 2
2.0.4 30207 560 133/43 2
2.0.5 30594 532 133/43 2
Now, flawfinder 1.27 is used.
3.0.1 42842 481 98/32 n.a.

How the numbers have been assembled

The actual commands (currently except for RATS) to assemble all the numbers are collected in a shell script "code-analysis.sh" which you can find here.

For comparison: Nessus

This is the analysis of the latest Free Software release of Nessus (Server: 2.2.10, Client: 1.0.2).

Naturally, we do not have any such numbers for the proprietary successors.

Module Release Flawfinder SLOC Flawfinder Hits RATS Hi/Med gcc -Wall
nessus-libraries 2.2.10 21397 710 not analyzed 50
libnasl 2.2.10 15836 361 not analyzed 34
nessus-core 2.2.10 54866 1413 not analyzed 8
nessus-plugins 2.2.10 4672 299 not analyzed not analyzed
nessus-client 1.0.2 51383 864 not analyzed 21