-
Notifications
You must be signed in to change notification settings - Fork 440
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CI] Add a C++ static code analyser in the build #2297
Comments
/assign |
@marcalff I am an Outreachy candidate, can you please assign me this issue? |
@sakshi-1505 - Thanks for the interest on this. I think @marcalff is travelling this week, so mayn't respond. And don't know if he has already done these changes locally. For now. it's assigned to you along with @marcalff. Feel free to come up with draft PR or suggestions to discuss further. @marcalff has some good ideas to enable this, hopefully he can guide you over. |
@sakshi-1505 Thanks for volunteering, and welcome. First step is to investigate the C++ tooling available, and decide which tool to use. Second step will be to implement CI scripts to use the tool we decide to pick. |
We took a look into multiple static check tools for cpp, and we had two top contenders: Here's the brief comparison b/w both: I did a comparison b/w clang static analyzer & cppcheck. Few of the difference which I could figure out were:
I also did take a bit of GPT help here & here's what GPT says: Cppcheck is a good choice for developers who are looking for a free and easy-to-use static check tool. It is also a good choice for developers who are new to static code analysis. Cppcheck can detect a wide range of bugs and security vulnerabilities, but it may produce some false positives. Clang Static Analyzer is a good choice for developers who need a static check tool that is highly accurate and can handle large and complex codebases. However, it is important to note that Clang Static Analyzer can be slow and difficult to use. |
This issue was marked as stale due to lack of activity. |
This issue is available for anyone to work on. Make sure to reference this issue in your pull request. |
This issue was marked as stale due to lack of activity. |
Just a thought on this; would it be reasonable to create a story to add static analysis checks to the build pipeline of the contrib repo, as well? |
This is needed for security audits on the code.
Parent issue: #2282
The text was updated successfully, but these errors were encountered: