cts
clang-tidy-sarif
cargo install clang-tidy-sarif
cts

clang-tidy-sarif

A group of Rust projects for interacting with the SARIF format

by Paul Sastrasinh

0.3.1 (see all)License:MIT
cargo install clang-tidy-sarif
Readme

Workflow Status

This crate provides a command line tool to convert clang-tidy diagnostic output into SARIF.

The latest documentation can be found here.

clang-tidy is a popular linter / static analysis tool for C++. More information can be found on the official page: https://clang.llvm.org/extra/clang-tidy/

SARIF or the Static Analysis Results Interchange Format is an industry standard format for the output of static analysis tools. More information can be found on the official website: https://sarifweb.azurewebsites.net/.

Installation

clang-tidy-sarif may be insalled via cargo

cargo install clang-tidy-sarif

or downloaded directly from Github Releases

# make sure to adjust the target and version (you may also want to pin to a specific version)
curl -sSL https://github.com/psastras/sarif-rs/releases/download/clang-tidy-sarif-latest/clang-tidy-sarif-x86_64-unknown-linux-gnu -o clang-tidy-sarif

Usage

For most cases, simply run clang-tidy and pipe the results into clang-tidy-sarif.

Example

 clang-tidy -checks=cert-* -warnings-as-errors=* main.cpp -- | clang-tidy-sarif

If you are using Github Actions, SARIF is useful for integrating with Github Advanced Security (GHAS), which can show code alerts in the "Security" tab of your respository.

After uploading clang-tidy-sarif output to Github, clang-tidy diagnostics are available in GHAS.

Example

on:
  workflow_run:
    workflows: ["main"]
    branches: [main]
    types: [completed]


name: sarif




jobs:
upload-sarif:
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/main' }}
steps:



  - uses: actions/checkout@v2
  - uses: actions-rs/toolchain@v1
    with:
      profile: minimal
      toolchain: stable
      override: true
  - uses: Swatinem/rust-cache@v1
  - run: cargo install clang-tidy-sarif sarif-fmt
  - run: clang-tidy -checks=cert-* -warnings-as-errors=* main.cpp -- | tee
      results.sarif | sarif-fmt
  - name: Upload SARIF file
    uses: github/codeql-action/upload-sarif@v1
    with:
      sarif_file: results.sarif


License: MIT

GitHub Stars

15

LAST COMMIT

2mos ago

MAINTAINERS

1

CONTRIBUTORS

5

OPEN ISSUES

1

OPEN PRs

1
VersionTagPublished
0.3.1
2mos ago
0.3.0
5mos ago
0.2.25
5mos ago
0.2.24
5mos ago
No alternatives found
No tutorials found
Add a tutorial