Magma is a "Ground-Truth Fuzzing Benchmark": a collection of open source projects with historical vulnerabilities re-injected into them ("forward porting").
Although created for fuzz-testing, https://dl.acm.org/doi/10.1145/3533767.3534380
("An empirical study on the effectiveness of static C code analyzers for vulnerability detection") discusses using Magma plus some other tests to evaluate static analysis tools
https://hexhive.epfl.ch/magma/ https://github.com/HexHive/magma https://dl.acm.org/doi/10.1145/3410220.3456276
Magma is a "Ground-Truth Fuzzing Benchmark": a collection of open source projects with historical vulnerabilities re-injected into them ("forward porting").
Although created for fuzz-testing, https://dl.acm.org/doi/10.1145/3533767.3534380 ("An empirical study on the effectiveness of static C code analyzers for vulnerability detection") discusses using Magma plus some other tests to evaluate static analysis tools