Flawfinder searches through C/C++ source code looking for potential
 security flaws and produces a report describing the potential flaws
 found in source code, ranking them by likely severity.
 .
 Like RATS, Flawfinder reports are not a direct indication of a
 vulnerability, but provide a reasonable starting point for performing manual
 security audits in source code.
 .
 Flawfinder can also generate differential reports by pointing it to
 a patch (diff) file describing the code changes. This way it can be used
 to determine if the potential flaws found in code have increased or
 decreased after a commit to a source code management system like
 CVS or Subversion.