https://github.com/flast/cppcheck-sarif
Convert cppcheck xml report to SARIF
https://github.com/flast/cppcheck-sarif
c c-plus-plus cplusplus cpp cppcheck sarif static-analysis
Last synced: about 2 months ago
JSON representation
Convert cppcheck xml report to SARIF
- Host: GitHub
- URL: https://github.com/flast/cppcheck-sarif
- Owner: Flast
- License: gpl-3.0
- Created: 2024-06-09T07:26:48.000Z (12 months ago)
- Default Branch: master
- Last Pushed: 2024-06-28T01:29:31.000Z (11 months ago)
- Last Synced: 2025-02-10T21:19:28.205Z (4 months ago)
- Topics: c, c-plus-plus, cplusplus, cpp, cppcheck, sarif, static-analysis
- Language: Go
- Homepage:
- Size: 64.5 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# cppcheck-sarif
[](https://goreportcard.com/report/github.com/Flast/cppcheck-sarif)
cppcheck-sarif is a converter which converts cppcheck xml report to Static Analysis Results Interchange Format (SARIF).
## Build
```sh
go build .
```
## Example usage
```sh
cppcheck --xml --output-file=report.xml .
cppcheck-sarif -output report.sarif report.xml
```
### Use errorlist.xml instead of embedded one
```sh
cppcheck --errorlist > errorlist.xml
cppcheck --xml --output-file=report.xml .
cppcheck-sarif -errorlist errorlist.xml -output report.sarif report.xml
```
## GitHub Action usage
```yaml
name: cppcheck
on:
push:
branches:
- master
jobs:
upload-sarif:
runs-on: ubuntu-24.04
permissions:
security-events: write
actions: read
contents: read
steps:
- uses: actions/checkout@v4
- run: |
sudo apt-get install -y cppcheck
- run: |
cppcheck --enable=all --xml --output-file=report.xml .
- uses: Flast/cppcheck-sarif@v2
with:
input: report.xml
output: report.sarif
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: report.sarif
category: cppcheck
```
## References
- https://trac.cppcheck.net/ticket/9972
- https://github.com/danmar/cppcheck/pull/4651