The SEI CERT Coding Standards wiki documents which analysis tools detect violations of which rules/recs. To edit or add to this information, follow these guidelines.
First, you should create an empty page for the tool of interest under the "Analyzers" section of the backmatter, in each appropriate language space. It may be the case that a page already exists for the tool, in which case you can skip this step. Below are links to the "Analyzers" sections for each space.
Space | Analyzers Page |
---|---|
C | EE. Analyzers |
C++ | CC. Analyzers |
Java | |
Perl | BB. Analyzers |
The page should be titled with the name of the analysis tool. The page will be automatically populated with the information that you provide on individual rule/rec pages. You do not need to add any content to it. The page should also have the 'analyzer' label so that it shows up on the Analyzers section.
Additionally, a "version" page should be created alongside the tool page. This page is titled ToolName_V, should be populated with the version number of the tool. For example, GCC_V documents the version of the GCC compiler. This version page is not automatically generated. You are responsible for entering the version information into this page.
Each rule/rec page has an Automated Detection (AD) section, describing which tools can detect violations of the rule/rec. This section contains a table. Each row of the table contains information for a specific version of a tool. A row in the AD table has the following format.
Tool | Version | Checker | Description |
---|---|---|---|
Hyperlinked name of the tool | The version of the tool | Checker Name 1 Checker Name 2 Checker Name 3 ... | Checker Description 1 Checker Description 2 Checker Description 3 ... |
Each tool wiki page is updated, by request, with the aggregated data from these individual tables. This aggregation process is automatic. In order for the process to pick up your changes, you should adhere to certain guidelines when entering data into the AD tables.