Lib.rs

Command line utilities
#static-analysis #sarif #clang-tidy #clang #output-format #command-line-tool #lint

app clang-tidy-sarif

Convert clang-tidy output to SARIF

by Paul Sastrasinh and 13 contributors

25 releases

0.6.6 Sep 2, 2024
0.6.0 Jul 30, 2024
0.4.2 Sep 7, 2023
0.4.1 Jul 30, 2023
0.2.20 Nov 1, 2021

#1197 in Command line utilities

Download history 711/week @ 2024-07-29 152/week @ 2024-08-05 2/week @ 2024-08-12 165/week @ 2024-09-02 7/week @ 2024-09-09 5/week @ 2024-09-16 25/week @ 2024-09-23 5/week @ 2024-09-30 23/week @ 2024-10-07 6/week @ 2024-10-14 49/week @ 2024-11-04

56 downloads per month

MIT license

57KB
1K SLoC

Workflow Status

clang-tidy-sarif

This crate provides a command line tool to convert clang-tidy diagnostic output into SARIF.

The latest documentation can be found here.

clang-tidy is a popular linter / static analysis tool for C++. More information can be found on the official page: https://clang.llvm.org/extra/clang-tidy/

SARIF or the Static Analysis Results Interchange Format is an industry standard format for the output of static analysis tools. More information can be found on the official website: https://sarifweb.azurewebsites.net/.

Installation

clang-tidy-sarif may be installed via cargo

cargo install clang-tidy-sarif

via cargo-binstall

cargo binstall clang-tidy-sarif

or downloaded directly from Github Releases

# make sure to adjust the target and version (you may also want to pin to a specific version)
curl -sSL https://github.com/psastras/sarif-rs/releases/download/clang-tidy-sarif-v0.6.6/clang-tidy-sarif-x86_64-unknown-linux-gnu -o clang-tidy-sarif

Fedora Linux

sudo dnf install <cli_name> # ex. cargo binstall clang-tidy-sarif

Nix

Through the nix cli,

nix --accept-flake-config profile install github:psastras/sarif-rs#clang-tidy-sarif

Usage

For most cases, simply run clang-tidy and pipe the results into clang-tidy-sarif.

Example

 clang-tidy -checks=cert-* -warnings-as-errors=* main.cpp -- | clang-tidy-sarif

If you are using Github Actions, SARIF is useful for integrating with Github Advanced Security (GHAS), which can show code alerts in the "Security" tab of your repository.

After uploading clang-tidy-sarif output to Github, clang-tidy diagnostics are available in GHAS.

Example

on:
  workflow_run:
    workflows: ["main"]
    branches: [main]
    types: [completed]

name: sarif

jobs:
  upload-sarif:
    runs-on: ubuntu-latest
    if: ${{ github.ref == 'refs/heads/main' }}
    steps:
      - uses: actions/checkout@v2
      - uses: actions-rs/toolchain@v1
        with:
          profile: minimal
          toolchain: stable
          override: true
      - uses: Swatinem/rust-cache@v1
      - run: cargo install clang-tidy-sarif sarif-fmt
      - run: clang-tidy -checks=cert-* -warnings-as-errors=* main.cpp -- | tee
          results.sarif | sarif-fmt
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: results.sarif

License: MIT

Dependencies

~4–13MB
~148K SLoC