# Install flawfinder

Examines code and reports possible security weaknesses. Version 2.0.20 via Homebrew; verified 2026-05-18.

## Install

```sh
sudo av install brew:flawfinder
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install flawfinder
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install flawfinder
```

  Evidence: MacPorts ports tree: devel/flawfinder/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add flawfinder
```

  Evidence: Alpine Linux edge package indexes: flawfinder from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install flawfinder
```

  Evidence: Debian stable package indexes: flawfinder from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install flawfinder
```

  Evidence: Fedora Rawhide package metadata: flawfinder from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/13ee7b80cb813542594d4235c4a0b8695435d5ecf23dd3580bc7515ae1b6180d-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#flawfinder
```

  Evidence: nixpkgs package indexes: pkgs/by-name/fl/flawfinder/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S flawfinder
```

  Evidence: Arch Linux sync databases: flawfinder from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- zypper (92%):

```sh
sudo zypper install flawfinder
```

  Evidence: openSUSE Tumbleweed package metadata: flawfinder from https://download.opensuse.org/tumbleweed/repo/oss/repodata/155b97171d05e27afd950b6fe0d55513ff38f4597110664535bceedc680bbe6fd459f0733718dcc21dcf0efc7c8250fd1390c73d4790b42e62fb2c16a87242e5-primary.xml.zst

## Package Facts

- **Package key:** brew:flawfinder
- **Package manager:** Homebrew
- **Package manager URL:** <https://formulae.brew.sh/formula/flawfinder>
- **Version:** 2.0.20
- **Source summary:** Examines code and reports possible security weaknesses
- **Homepage:** <https://dwheeler.com/flawfinder/>
- **Repository:** <https://sourceforge.net/p/flawfinder/code>
- **Upstream docs:** <https://dwheeler.com/flawfinder>
- **License:** GPL-2.0-or-later
- **Source archive:** <https://dwheeler.com/flawfinder/flawfinder-2.0.20.tar.gz>
- **Last updated:** 2026-05-18T00:00:27Z
- **Generated:** 2026-06-10T07:18:26+00:00

## Executables

- flawfinder (cli)
- flawfinder (alias)

## Dependencies

- python@3.14

## Install Behavior

- Post-install hook: not defined
- Bottle: available on all

## Freshness

- Page generated: 2026-06-10
- Package-manager version: 2.0.20
- Package-manager updated: 2026-05-18
- Local data status: ok
- Upstream repository: https://dwheeler.com/flawfinder/
- info: Release/tag comparison is only available for GitHub repositories.

## セキュリティノート

no executable entrypoint in the package index.

- **Geiger risk:** green / low
- no executable entrypoint in the package index

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** flawfinder
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Debian apt - flawfinder - 2.0.19-1.1: normalized package name match | Debian stable package indexes: flawfinder from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | examines source code and looks for security weaknesses | https://dwheeler.com/flawfinder/
- Nix - flawfinder: normalized package name match | nixpkgs package indexes: pkgs/by-name/fl/flawfinder/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - flawfinder - 2.0.19-1.1: normalized package name match | Ubuntu 24.04 LTS package indexes: flawfinder from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | examines source code and looks for security weaknesses | https://dwheeler.com/flawfinder/
- apk - flawfinder - 2.0.19-r5: normalized package name match | Alpine Linux edge package indexes: flawfinder from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Examines C/C++ source code for security flaws | https://dwheeler.com/flawfinder/
- apk - flawfinder-doc - 2.0.19-r5: normalized package name match | Alpine Linux edge package indexes: flawfinder-doc from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Examines C/C++ source code for security flaws (documentation) | https://dwheeler.com/flawfinder/
- apk - flawfinder-pyc - 2.0.19-r5: normalized package name match | Alpine Linux edge package indexes: flawfinder-pyc from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Precompiled Python bytecode for flawfinder | https://dwheeler.com/flawfinder/
- dnf - flawfinder - 2.0.11-16.fc44: normalized package name match | Fedora Rawhide package metadata: flawfinder from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/13ee7b80cb813542594d4235c4a0b8695435d5ecf23dd3580bc7515ae1b6180d-primary.xml.zst | Examines C/C++ source code for security flaws | http://www.dwheeler.com/flawfinder/
- pacman - flawfinder - 2.0.20-1: normalized package name match | Arch Linux sync databases: flawfinder from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Searches through source code for potential security flaws | https://dwheeler.com/flawfinder/
- zypper - flawfinder - 2.0.19-1.16: normalized package name match | openSUSE Tumbleweed package metadata: flawfinder from https://download.opensuse.org/tumbleweed/repo/oss/repodata/155b97171d05e27afd950b6fe0d55513ff38f4597110664535bceedc680bbe6fd459f0733718dcc21dcf0efc7c8250fd1390c73d4790b42e62fb2c16a87242e5-primary.xml.zst | C/C++ source code security flaw examination tool | https://www.dwheeler.com/flawfinder/
- MacPorts - flawfinder: normalized package name match | MacPorts ports tree: devel/flawfinder/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related Links

- [Terminal utility packages](https://www.automicvault.com/ja/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Developer build packages](https://www.automicvault.com/ja/pkg/developer-build-tools/) - Matched build, compiler, generator, or developer workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/ja/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/ja/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [python@3.14](https://www.automicvault.com/ja/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [tfsec](https://www.automicvault.com/ja/pkg/brew/tfsec/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [gosec](https://www.automicvault.com/ja/pkg/brew/gosec/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [bandit](https://www.automicvault.com/ja/pkg/brew/bandit/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [joern](https://www.automicvault.com/ja/pkg/brew/joern/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [cargo-geiger](https://www.automicvault.com/ja/pkg/brew/cargo-geiger/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [caracal](https://www.automicvault.com/ja/pkg/brew/caracal/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [slither-analyzer](https://www.automicvault.com/ja/pkg/brew/slither-analyzer/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [ghalint](https://www.automicvault.com/ja/pkg/brew/ghalint/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [checkov](https://www.automicvault.com/ja/pkg/brew/checkov/) - Both packages touch the same language runtime or ecosystem. Shared terms: analysis, cli, code, python, python-3-14.

## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph