-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an option to generate SARIF and/or SAST output (RDT-110) #9
Comments
Another related issue, warnings.txt currently contains absolute file paths. When generating SARIF, we need to convert them to file paths relative to the repository root, otherwise Github won't associate the reported warnings with source files. A script in espressif/idf-extra-components#28 currently handles this after running clang-tidy-sarif (and also excludes warnings reported for ESP-IDF itself, #7) |
Another issue with clang-tidy-sarif tool is that it only processes the first line (warning: or error:) and ignores subsequent note: lines, which provide additional context about the issue. These note lines are useful in order to understand the conditions when the issue occurs. Example: warnings.txt
sarif.json produced using clang-tidy-sarif {
"level": "warning",
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "esp_encrypted_img/src/esp_encrypted_img.c"
},
"region": {
"startColumn": 22,
"startLine": 218
}
}
}
],
"message": {
"text": "Call to 'realloc' has an allocation size of 0 bytes [clang-analyzer-optin.portability.UnixAPI]"
}
}, |
Libraries which may help: |
Now it's possible to get diagnostics in YAML format from clang-tidy via There are also discussions upstream about adding SARIF support to clang-tidy itself. |
When we run clang-tidy, we get a warnings.txt file as output. It would be nice to add functionality to parse the warnings.txt file and output SARIF or SAST JSON files which can then be fed into Github or Gitlab.
For reference, there is a clang-tidy-sarif tool which performs this kind of conversion, written in Rust: https://github.com/psastras/sarif-rs/tree/main/clang-tidy-sarif.
The text was updated successfully, but these errors were encountered: