NaiveSystems Analyze – FOSS static analyzer for MISRA C/C++, AUTOSAR C++14, etc.
github.comRecent and related:
Misra C++:2023 - https://news.ycombinator.com/item?id=38674158 - Dec 2023 (85 comments)
Oh gosh, AUTOSAR... shudder
The MISRA analysis seems neat -- It's GPLv3 from what the LICENSE suggests, does that cause problems when being used to scan proprietary code?
No. Using GPL software has nothing to do with the code processed by it. Think about the GCC compiler :)
I think just using it locally in manual or ad-hoc senses is fine, but IIRC it can become tricky or at least a legal grey area if you commit code that automates using GPL developer tooling and/or pulls it into your development toolchain, e.g. via GitHub action or some other CI automation.
Disclaimer: Not a lawyer, this isn't legal advice.
Totally fair :) I'm going to have a play with it at work!
Awesome! If there is any problem just post it in GitHub issues. We will also be releasing 2023.4 very soon.
I'm sure this is lovely software, and I'll probably try it, but...
Why is software so difficult to install these days? Why on earth should one need docker to build and run some C code? Why can't one just download an executable?
If you build it from source it's actually a bunch of regular executables. Running as a container is for the purpose of making the environments hermetic/reproducible so that it's easier to support users.
How do you conclude that? The instructions here:
https://github.com/naivesystems/analyze/wiki/How-to-run-on-m...
say docker is required.
That's running the prebuilt container image. The README has instructions on how to build from source.
The README says "To build from source, follow the steps below on Fedora 36 or 37. Other versions may also work but are not officially supported" So it seems on Mac and Windows docker is the only way. :(
Yes, the code of the analyzer itself cannot be built on macOS or Windows directly. In those cases you will have to use either podman or docker to use the binaries prebuilt on/for Linux. The whole system depends on a lot of other stuff on Linux so it won't easily run on other OSes.
Ah, that's too bad. For me at least, that makes the barrier to entry too high. Having to learn some new software (docker) just to try some other software is just too much.