About

Try out OpenVAS

Information/Howtos

Books

German:

Support

Mailing Lists

Developers Corner

Download

OpenVAS 3.1

Classic Setup

Full Setup

OpenVAS 3.0

OpenVAS 2.0

Server components

Client

Documentation

More

NVT Lookup by OID

(replace 61039 by any other old-style ID)

Code quality analysis of OpenVAS modules with trends

The OpenVAS developer team is very much concerned with source code quality. This page summarizes analysis of the quality as a base for planning improvements strategies. Note, that simple counter heuristics are only one element of a quality strategy.

Applied tools:

Furthermore, some information (e.g. code/comment ratio) can be found on the ohloh page of OpenVAS.

Note: You should make yourself familiar with the applied tools especially before interpreting the absolute numbers. The trends of the numbers give a first impression, but for deeper understanding you should read more about the applied methods as well.

openvas-libraries

Release Flawfinder SLOC Flawfinder Hits RATS Hi/Med gcc -Wall
0.9.0 13909 484 not analyzed 37
0.9.1 13853 483 not analyzed 20
1.0.0 13755 476 not analyzed 10
1.0.1 11729 380 114/27 3
1.0.2 11752 377 114/27 3
1.0.3 11898 375 114/27 3
2.0-beta1 11819 376 102/27 3
2.0-beta2 11200 368 93/26 3
2.0-rc1 11254 317 84/13 3
2.0.0 11255 311 84/13 3
2.0.1 11248 295 76/13 3
2.0.2 11384 295 76/13 3
2.0.3 12401 305 76/13 3
2.0.4 12597 304 76/13 4
openvas-libnasl merged into openvas-libraries. Now, flawfinder 1.27 is used. New libraries "omp" and "base" were added.
3.1.0 62263 825 203/33 10

openvas-scanner

openvas-scanner is the successor of openvas-server. All C modules of openvas-plugins as well as management scripts of openvas-plugins were integrated here. flawfinder 1.27 was applied.

Release Flawfinder SLOC Flawfinder Hits RATS Hi/Med gcc -Wall
3.1.0 20951 605 166/25 n.a.

openvas-libnasl

Release Flawfinder SLOC Flawfinder Hits RATS Hi/Med gcc -Wall
0.9.0 16034 342 not analyzed not analyzed
0.9.1 16013 342 not analyzed not analyzed
0.9.2 16051 343 not analyzed not analyzed
1.0.0 16052 343 64/21 not analyzed
1.0.1 16077 331 62/21 not analyzed
2.0-beta1 16078 330 61/21 not analyzed
2.0-beta2 16422 339 62/22 not analyzed
2.0-rc1 16437 290 61/21 not analyzed
2.0.0 15524 265 54/15 not analyzed
2.0.1 15525 256 48/15 not analyzed
2.0.2 15539 258 48/15 not analyzed

openvas-server

Release Flawfinder SLOC Flawfinder Hits RATS Hi/Med gcc -Wall
0.9.0 10403 457 not analyzed not analyzed
0.9.1 10366 457 not analyzed not analyzed
0.9.2 10366 457 125/24 not analyzed
1.0.0 10354 457 125/24 not analyzed
1.0.1 10093 433 124/21 not analyzed
1.0.2 10087 433 124/21 not analyzed
2.0-beta1 9536 383 100/19 not analyzed
2.0-beta2 9384 381 93/19 not analyzed
2.0-rc1 9527 367 93/16 not analyzed
2.0.0 9365 361 93/16 not analyzed
2.0.1 9496 333 86/16 not analyzed
2.0.2 9809 324 86/16 not analyzed
2.0.3 9723 316 86/16 not analyzed

openvas-plugins

Release Flawfinder SLOC Flawfinder Hits RATS Hi/Med gcc -Wall
0.9.1 6904 412 not analyzed not analyzed
1.0.1 6904 412 128/20 not analyzed
1.0.2 6668 401 126/18 not analyzed
1.0.3 6730 375 126/18 not analyzed
1.0.4 6384 375 126/16 not analyzed
1.0.5 6300 374 125/16 not analyzed
1.0.6 6005 303 104/12 not analyzed
1.0.7 6005 303 106/12 not analyzed

OpenVAS-Client

Release Flawfinder SLOC Flawfinder Hits RATS Hi/Med gcc -Wall
0.9.1 51695 868 not analyzed 23
1.0.0 51679 867 not analyzed 23
1.0.1 51648 862 not analyzed 23
1.0.2 51648 862 not analyzed 23
1.0.3 51291 837 251/55 14
1.0.4 50067 794 221/55 22
1.0.5 50173 794 221/55 22
2.0-beta1 27266 677 176/47 13
2.0-beta2 27590 691 169/47 6
2.0-rc1 26983 659 164/45 6
2.0.0 26671 606 158/45 2
2.0.1 26672 606 158/45 2
2.0.2 28795 599 154/44 2
2.0.3 29192 562 144/44 2
2.0.4 30207 560 133/43 2
2.0.5 30594 532 133/43 2
Now, flawfinder 1.27 is used.
3.0.1 42842 481 98/32 n.a.

How the numbers have been assembled

The actual commands (currently except for RATS) to assemble all the numbers are collected in a shell script "code-analysis.sh" which you can find here.

For comparison: Nessus

This is the analysis of the latest Free Software release of Nessus (Server: 2.2.10, Client: 1.0.2).

Naturally, we do not have any such numbers for the proprietary successors.

Module Release Flawfinder SLOC Flawfinder Hits RATS Hi/Med gcc -Wall
nessus-libraries 2.2.10 21397 710 not analyzed 50
libnasl 2.2.10 15836 361 not analyzed 34
nessus-core 2.2.10 54866 1413 not analyzed 8
nessus-plugins 2.2.10 4672 299 not analyzed not analyzed
nessus-client 1.0.2 51383 864 not analyzed 21