{"id":21688461,"url":"https://github.com/sonaropencommunity/sonar-cxx","last_synced_at":"2026-04-16T13:02:12.609Z","repository":{"id":4982570,"uuid":"6140556","full_name":"SonarOpenCommunity/sonar-cxx","owner":"SonarOpenCommunity","description":"SonarQube C++ Community plugin (cxx plugin): This plugin adds C++ support to SonarQube with the focus on integration of existing C++ tools.","archived":false,"fork":false,"pushed_at":"2026-02-14T09:38:39.000Z","size":74079,"stargazers_count":1065,"open_issues_count":22,"forks_count":366,"subscribers_count":66,"default_branch":"master","last_synced_at":"2026-02-14T18:12:09.359Z","etag":null,"topics":["community","cpp","cxx","free","open-source","plugin","sonarqube","technical-debt"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"dangrossman/bootstrap-daterangepicker","license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SonarOpenCommunity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2012-10-09T12:48:03.000Z","updated_at":"2026-02-14T09:21:05.000Z","dependencies_parsed_at":"2023-07-05T18:49:31.566Z","dependency_job_id":"7706da54-b21f-46ee-a3e6-082e39c9670f","html_url":"https://github.com/SonarOpenCommunity/sonar-cxx","commit_stats":{"total_commits":2289,"total_committers":74,"mean_commits":30.93243243243243,"dds":0.6247269550021843,"last_synced_commit":"1aa2c942b1e1baef5153ce9e8c69f78433db9334"},"previous_names":["sonarcommunity/sonar-cxx","wenns/sonar-cxx"],"tags_count":50,"template":false,"template_full_name":null,"purl":"pkg:github/SonarOpenCommunity/sonar-cxx","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SonarOpenCommunity%2Fsonar-cxx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SonarOpenCommunity%2Fsonar-cxx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SonarOpenCommunity%2Fsonar-cxx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SonarOpenCommunity%2Fsonar-cxx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SonarOpenCommunity","download_url":"https://codeload.github.com/SonarOpenCommunity/sonar-cxx/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SonarOpenCommunity%2Fsonar-cxx/sbom","scorecard":{"id":132256,"data":{"date":"2025-08-04","repo":{"name":"github.com/SonarOpenCommunity/sonar-cxx","commit":"00e704a83504f2b5dbbe2c69d2537e3a418b041f"},"scorecard":{"version":"v5.2.1-28-gc1d103a9","commit":"c1d103a9bb9f635ec7260bf9aa0699466fa4be0e"},"score":4.2,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#maintained"}},{"name":"Code-Review","score":2,"reason":"Found 1/4 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#security-policy"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/cxx-ci.yml:1","Warn: no topLevel permission defined: .github/workflows/sonarcloud.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Lesser General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#license"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact latest-snapshot not signed: https://api.github.com/repos/SonarOpenCommunity/sonar-cxx/releases/236287768","Warn: release artifact cxx-2.2.1 not signed: https://api.github.com/repos/SonarOpenCommunity/sonar-cxx/releases/222761269","Warn: release artifact cxx-2.2.0 not signed: https://api.github.com/repos/SonarOpenCommunity/sonar-cxx/releases/197360688","Warn: release artifact cxx-2.1.3 not signed: https://api.github.com/repos/SonarOpenCommunity/sonar-cxx/releases/176352075","Warn: release artifact cxx-2.1.2 not signed: https://api.github.com/repos/SonarOpenCommunity/sonar-cxx/releases/170152478","Warn: release artifact latest-snapshot does not have provenance: https://api.github.com/repos/SonarOpenCommunity/sonar-cxx/releases/236287768","Warn: release artifact cxx-2.2.1 does not have provenance: https://api.github.com/repos/SonarOpenCommunity/sonar-cxx/releases/222761269","Warn: release artifact cxx-2.2.0 does not have provenance: https://api.github.com/repos/SonarOpenCommunity/sonar-cxx/releases/197360688","Warn: release artifact cxx-2.1.3 does not have provenance: https://api.github.com/repos/SonarOpenCommunity/sonar-cxx/releases/176352075","Warn: release artifact cxx-2.1.2 does not have provenance: https://api.github.com/repos/SonarOpenCommunity/sonar-cxx/releases/170152478"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:245: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:250: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:259: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:309: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:354: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:387: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:392: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:401: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:453: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:501: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:525: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cxx-ci.yml:531: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/cxx-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sonarcloud.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/sonarcloud.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sonarcloud.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/sonarcloud.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sonarcloud.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/sonarcloud.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sonarcloud.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/SonarOpenCommunity/sonar-cxx/sonarcloud.yml/master?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/cxx-ci.yml:265","Info:   0 out of  27 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool detected","details":["Info: SAST configuration detected: CodeQL","Info: SAST configuration detected: Sonar","Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":4,"reason":"6 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2023-206","Warn: Project is vulnerable to: PYSEC-2014-14 / GHSA-652x-xj99-gmcc","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2014-13 / GHSA-cfj3-7x9c-4p3h","Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T05:28:33.922Z","repository_id":4982570,"created_at":"2025-08-16T05:28:33.922Z","updated_at":"2025-08-16T05:28:33.922Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29541119,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-17T08:11:05.436Z","status":"ssl_error","status_checked_at":"2026-02-17T08:09:38.860Z","response_time":100,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["community","cpp","cxx","free","open-source","plugin","sonarqube","technical-debt"],"created_at":"2024-11-25T17:15:12.985Z","updated_at":"2026-02-17T11:00:56.045Z","avatar_url":"https://github.com/SonarOpenCommunity.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"|     |     |     |\n| --- | --- | --- |\n| **SonarCloud** / SonarSource SA\u003cbr\u003e(Technical Debt analysis) | [![Quality Gate](https://sonarcloud.io/api/project_badges/measure?project=org.sonarsource.sonarqube-plugins.cxx%3Acxx\u0026metric=alert_status)](https://sonarcloud.io/dashboard?id=org.sonarsource.sonarqube-plugins.cxx%3Acxx) | ![Coverage](https://sonarcloud.io/api/project_badges/measure?project=org.sonarsource.sonarqube-plugins.cxx%3Acxx\u0026metric=coverage) |\n| **JProfiler** / ej-technologies GmbH\u003cbr\u003e(when it comes to profiling: [Java profiler](https://www.ej-technologies.com/products/jprofiler/overview.html) tool) | [![JProfiler](https://www.ej-technologies.com/images/product_banners/jprofiler_small.png)](https://www.ej-technologies.com/products/jprofiler/overview.html)|\n| **GitHub Actions**\u003cbr\u003e(Windows \u0026 Linux CI/CD) | [![Build Status](https://github.com/SonarOpenCommunity/sonar-cxx/actions/workflows/cxx-ci.yml/badge.svg?branch=master\u0026event=push)](https://github.com/SonarOpenCommunity/sonar-cxx/actions/workflows/cxx-ci.yml) | [You can download latest snapshot from here.](https://github.com/SonarOpenCommunity/sonar-cxx/releases/tag/latest-snapshot) |\n\n# SonarQube C++ Community plugin (_cxx plugin_)\n\n[SonarQube](https://www.sonarqube.org) is an open platform to manage code quality. This plugin\nadds C++ support to SonarQube with the focus on integration of existing C++ tools.\n\nThe sensors for reading reports can be used with this _cxx plugin_ or [SonarCFamily](https://www.sonarsource.com/cpp/) plugin.\n\n## License\nThis plugin is free software; you can redistribute it and/or modify it under the terms of the [GNU Lesser General Public License](https://github.com/SonarOpenCommunity/sonar-cxx/blob/master/LICENSE) as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.\n\n## Features\n* parser supporting\n  * `C++03`, `C++11`, `C++14`,`C++17`, `C++20`, `C++23`\n  * `C89`, `C99`, `C11`, `C17`\n* compiler specific extensions\n  * Microsoft extensions: `C++/CLI`, `Attributed ATL`\n  * GNU extensions\n  * `CUDA` extensions\n* Microsoft Windows and Linux for runtime environment\n\nSensors for **static and dynamic code analysis**:\n* **Cppcheck** warnings support (http://cppcheck.sourceforge.net/)\n  - [sonar.cxx.cppcheck.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.cppcheck.reportPaths)\n* **GCC/G++** warnings support (https://gcc.gnu.org/)\n  - [sonar.cxx.gcc.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.gcc.reportPaths)\n* **Visual Studio** and **Core Guideline Checker** warnings support (https://www.visualstudio.com/)\n  - [sonar.cxx.vc.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.vc.reportPaths)\n* **Clang Static Analyzer** support (https://clang-analyzer.llvm.org/)\n  - [sonar.cxx.clangsa.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.clangsa.reportPaths)\n* **Clang-Tidy** warnings support (http://clang.llvm.org/extra/clang-tidy/)\n  - [sonar.cxx.clangtidy.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.clangtidy.reportPaths)\n* **Infer** warnings support (https://fbinfer.com/)\n  - [sonar.cxx.infer.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.infer.reportPaths)\n* **PC-Lint** warnings support (http://www.gimpel.com/)\n  - [sonar.cxx.pclint.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.pclint.reportPaths)\n* **RATS** (https://github.com/andrew-d/rough-auditing-tool-for-security)\n  - [sonar.cxx.rats.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.rats.reportPaths)\n* **Valgrind** (http://valgrind.org/)\n  - [sonar.cxx.valgrind.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.valgrind.reportPaths)\n* **Vera++** (https://bitbucket.org/verateam/vera/wiki/Home)\n  - [sonar.cxx.vera.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.vera.reportPaths)\n* **Dr. Memory** warnings support (http://drmemory.org/)\n  - [sonar.cxx.drmemory.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.drmemory.reportPaths)\n* [Generic Issue Import Format](https://docs.sonarqube.org/latest/analysis/generic-issue/) support\n* any other tool can be integrated:\n  - [Generic issue import format](https://docs.sonarqube.org/latest/analyzing-source-code/importing-external-issues/generic-issue-import-format/) support\n  - [Importing issues from SARIF reports](https://docs.sonarqube.org/latest/analyzing-source-code/importing-external-issues/importing-issues-from-sarif-reports/)\n  - [sonar.cxx.other.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.other.reportPaths)\n\n**Test framework** sensors for:\n* **XUnit** file format\n  - [sonar.cxx.xunit.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.xunit.reportPaths)\n* **Google Test (gtest)** file format (https://github.com/google/googletest)\n  - [sonar.cxx.xunit.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.xunit.reportPaths)\n* **Boost.Test** file format (https://www.boost.org/doc/libs/release/libs/test/)\n  - [sonar.cxx.xunit.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.xunit.reportPaths) with [sonar.cxx.xslt](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.xslt)\n* **ctest (cmake)** file format (https://cmake.org/cmake/help/latest/manual/ctest.1.html)\n  - [sonar.cxx.xunit.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.xunit.reportPaths) with ctest option `--output-junit \u003cfile\u003e`\n* **CppTest** file format (https://cpptest.sourceforge.io/)\n  - [sonar.cxx.xunit.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.xunit.reportPaths) with [sonar.cxx.xslt](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.xslt)\n* **CppUnit** file format (https://sourceforge.net/projects/cppunit/)\n  - [sonar.cxx.xunit.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.xunit.reportPaths) with [sonar.cxx.xslt](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.xslt)\n* **VSTest** file format (https://github.com/microsoft/vstest)\n  - [sonar.cxx.vstest.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.vstest.reportPaths)\n* **NUnit** file format (https://nunit.org/)\n  - [sonar.cxx.nunit.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.nunit.reportPaths)\n* any other tool can be integrated:\n  - [Generic test execution report format](https://docs.sonarqube.org/latest/analysis/generic-test/) support\n  - adaptations possible via XLST: [sonar.cxx.xslt](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.xslt)\n\n**Coverage** sensors for:\n* **Visual Studio** coverage reports (https://www.visualstudio.com/)\n  - [sonar.cxx.vscoveragexml.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.vscoveragexml.reportPaths)\n* **BullseyeCoverage** reports (http://www.bullseye.com/)\n  - [sonar.cxx.bullseye.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.bullseye.reportPaths)\n* **Cobertura** coverage reports (http://cobertura.github.io/cobertura/)\n   * **gcov / gcovr** coverage reports with option `--xml` https://gcovr.com/en/stable/guide.html\n   * **OpenCppCoverage** with option `--export_type=cobertura` (https://github.com/OpenCppCoverage/OpenCppCoverage/)\n   * [sonar.cxx.cobertura.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.cobertura.reportPaths)\n* **Testwell CTC++** coverage reports (https://www.verifysoft.com/en_ctcpp.html)\n  - [sonar.cxx.ctctxt.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.ctctxt.reportPaths)\n* any other tool can be integrated:\n  - [Generic test coverage report format](https://docs.sonarqube.org/latest/analysis/generic-test/) support\n  - adaptations possible via XLST: [sonar.cxx.xslt](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.xslt)\n\nSimple to **customize**\n* custom rules by [regular expression template](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/CXX-Custom-Regex-Rules) possible\n* custom rules by [XPath template rule](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/CXX-Custom-XPath-Rules) possible\n* [extend CXX repositories](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/CXX-Custom-Template-Rules) with custom rules\n* easy 3rd party tool integration with XML rule definitions and reports possible\n  - [sonar.cxx.other.reportPaths](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/sonar.cxx.other.reportPaths)\n* provide the ability to add custom rules\n  * [Writing a SonarQube plugin](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/CXX-Custom-Rules) in Java that uses SonarQube APIs to add new rules\n\n## Quickstart\n1. [Setup a SonarQube instance](https://docs.sonarqube.org/latest/setup/overview/)\n2. [Install the Plugin](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/Install-the-Plugin)\n3. [Run an analysis](https://github.com/SonarOpenCommunity/sonar-cxx/wiki/Scan-Source-Code)\n\n## Resources\n- [Latest release](https://github.com/SonarOpenCommunity/sonar-cxx/releases)\n- [Download latest snapshot](https://github.com/SonarOpenCommunity/sonar-cxx/releases/tag/latest-snapshot)\n- [Documentation](https://github.com/SonarOpenCommunity/sonar-cxx/wiki)\n- [Issue Tracker](https://github.com/SonarOpenCommunity/sonar-cxx/issues)\n\n## Contributing\nYou are welcome to contribute. [Help is needed](https://github.com/SonarOpenCommunity/sonar-cxx/blob/master/CONTRIBUTING.md).\n\n## Alternatives\nThat's not the only choice when you are looking for C++ support in SonarQube there is also\n* the commercial [SonarCFamily plugin from SonarSource](https://www.sonarsource.com/cpp)\n* the commercial [C/C++ plugin from CppDepend](http://www.cppdepend.com/sonarplugin)\n* the commercial [PVS-Studio plugin](https://www.viva64.com/en/pvs-studio-download)\n* the [Coverity plugin](https://github.com/coverity/coverity-sonar-plugin)\n\nChoose whatever fits your needs.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsonaropencommunity%2Fsonar-cxx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsonaropencommunity%2Fsonar-cxx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsonaropencommunity%2Fsonar-cxx/lists"}