Hey! Do you already use a static code analysis tool? Also known as SAST.

SAST is used to identify security vulnerabilities in your source code. Vulnerabilities such as buffer overflow where attackers can modify the application execution by writing to memory. Different than Fuzzing, where you have to setup your test cases, SAST tools have their own set of test cases that they'll check against your code.

So, adding SAST helps keep your code safe from vulnerabilities, but I understand it comes along additional work to handle the reports.

Referencing here some SAST options I found for Fortran:

• https://fortranwiki.org/fortran/show/Commercial+static+analysis+tools
• https://github.com/cnescatlab/i-CodeCNES

Additional Context

Hi! I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)