Project Description
The SCA Baseline provides a codebase that can be used by static code analyzers to detect bugs, and also test against false positives and false negatives.


Source Code
This project is meant to provide implementations in SEVERAL languages.
Each language should include issues among several categories: Security, Reliability, Maintainability, etc.

Each issue should provide:
  • One or more code snippets containing the error
  • One or more unit tests to invoke the error
  • One or more code snippets containing similar false positives
  • One or more unit tests to invoke the false positives


Contributions are always welcome!

Of specific interest are:
  • issues/examples/findings. Maybe a tool pointed out something important, maybe a tool missed something important, or maybe you just like to write evil code
  • code snippets, especially other languages

Last edited Aug 5, 2016 at 2:23 PM by sbrickey, version 5