Skip to content

flawgarden/bentoo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
playground
playground
 
 
src
src
 
 
taxonomies
taxonomies
 
 
tool_runners
tool_runners
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

bentoo

Build Status

bentoo is a simple command-line utility to run SAST tools on benchmark suites and evaluate analysis results.

It uses a SARIF-based format called bentoo-sarif to represent both ground truth about vulnerabilities found in benchmarks and SAST tools' analysis results.

Vulnerabilities are described in terms of the CWE vulnerability classification.

bentoo can run your SAST tools on your benchmarks via runner scripts and compare the results against ground truth described in special truth.sarif files in each benchmark.

To start using the tool, please take a look at the getting started guide.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

6 tags

Packages

 
 
 

Contributors

Languages