NaiveSystems Analyze is a static analysis tool for code security and compliance.
This repository holds the source code for the Community Edition which is free
and open-source. Contact hello[AT]naivesystems.com to learn more about the
Enterprise Edition.
NaiveSystems Analyze Community Edition currently supports the following coding standards:
- MISRA C:2012 third edition a.k.a. MISRA C:2019
- MISRA C++:2008
- AUTOSAR C++14
- Google C++ Style Guide
The Enterprise Edition supports (a) more recent versions of the above coding standards, (b) other C/C++ coding standards including more security-oriented rules from CERT and CWE, and (c) many other programming languages.
Refer to our demo repositories (e.g. analyze-demo and googlecpp-demo) to see how to specify and configure the various coding standards and their rules.
You may choose to use the prebuilt container images, GitHub Actions, or build directly from the source code.
Refer to analyze-demo for an example.
For projects using Makefiles, run the commands below in your project root:
podman pull ghcr.io/naivesystems/analyze:latest
mkdir -p output
podman run --rm \
-v $PWD:/src:O \
-v $PWD/.naivesystems:/config:Z \
-v $PWD/output:/output:Z \
ghcr.io/naivesystems/analyze:latest \
/opt/naivesystems/misra_analyzer -show_results
A few notes:
-
You may use
dockerinstead ofpodmanhere. -
You must configure the rules in
.naivesystems/check_rules.- Refer to analyze-demo for an example.
- Most (if not all) supported rules are listed in
rulesets/*.check_rules.txtin this repository.
-
You may remove
:Zif you are not using SELinux. -
Replace
latestwith the actual version that you want to use.
NaiveSystems Analyze can trace and capture your build process automatically. Currently we only publish Fedora-based images in the Community Edition, so your code must compile successfully under Fedora Linux in order to use the prebuilt container images. For other operating systems such as Debian, Ubuntu, CentOS, or RHEL, please reach out to us to get the Enterprise Edition.
The analysis results are also available in the output directory. You may use
our VS Code Extension
to view the results in Visual Studio Code.
In addition to Makefiles, we support many other project types. See also:
NaiveSystems Analyze supports running directly in GitHub Actions. For example, googlecpp-action is our officially published action for checking the Google C++ Style Guide. Refer to googlecpp-demo for more information.
To build from source, follow the steps below on Fedora 37. Other versions may also work but are not officially supported in the Community Edition.
- Install build dependencies
dnf install -y autoconf automake clang cmake libtool lld make python3-devel wget which xz zip
-
Install Go 1.18 or later by following the official instructions.
-
Install Bazel 6.0 or later by following the official instructions.
-
Build the project
make
- Build a container image
make -C podman_image build-en
This will build an image named naive.systems/analyzer/misra:dev_en for MISRA
C:2012. You may specify other targets if needed. Read the code for more details.
NaiveSystems Analyze can be built on a variety of Linux distros. For example, the Community Edition in this repository can be built in GitHub Actions with the official runner image of Ubuntu 22.04 LTS. For other operating systems such as Debian, Ubuntu 18.04/20.04 LTS, CentOS 7/8, or RHEL and its derivatives, please reach out to us to get the Enterprise Edition.
If you find a bug of NaiveSystems Analyze, feel free to report it in the issues.
Use GitHub Discussions for other topics.
If you use WeChat, you may scan the QR code below to join our group chat:
(The QR code is updated when it's expired or when the group exceeds 200 people.)
The Community Edition of NaiveSystems Analyze is licensed under the GNU General Public License version 3. Some subcomponents may have separate licenses. See their respective subdirectories in this repository for details.
The Enterprise Edition is offered in separate licenses and terms. Contact us to learn more.
