Login/Register
Any alternative to Coverity on Jenkins? [closed]
Asked Answered
c++code-analysisjenkins-pluginsstatic-code-analysis
Z

2

5

I'm running jenkins in my ubuntu desktop. I need a static code analysis report before pushing my c++ code. I found that coverity is expensive. I'm looking for free analysis tool. Is there any alternatives to Coverity?

Zea answered 20/1, 2014 at 15:42 Comment(0)
C
4

I recommend SONAR (or SonarQube as it is now called) , you can use it with multipule plugins.

Some free plugins I use are:

PMD

Find bugs

Checkstyle

EDIT: Just noticed you are looking for c++ plugins. Might want to add a tag for c++ to avoid confusion. Sonar is still compatible with c++ , but I have no experience with free c++ SCA plugins for sonar.

Camera answered 20/1, 2014 at 15:47 Comment(2)
Does SONAR really come with an open source code analysis tool like Coverity? Looking around, all I can see is a code linter, nothing more...Apocryphal
There is a sonar-cxx open source plugin for SonarQube that is free at github.com/SonarOpenCommunity/sonar-cxx. This plugin works will external tools like cppckeck, rats, etc. There is also a licensed for fee c++ plugin available at sonarsource.com/products/plugins/languages/cppLexicologist
L
3

I work on the tool Cppcheck: http://cppcheck.sf.net

It is an open source static analysis tool for C/C++.

There is a Jenkins plugin for Cppcheck: https://wiki.jenkins-ci.org/display/JENKINS/Cppcheck+Plugin

Some other free static analysis tools that are readily available on the Linux platform would be to use GCC with extra warning flags. CLANG has a static analyser. Perhaps the google cpplint.py tool or veracode will be interesting for you (if stylistic checks are interesting). I am not sure how you integrate these in Jenkins though.

Lagas answered 21/1, 2014 at 10:9 Comment(1)
Thanks for making cppcheck! My current project uses it with Sonar and Jenkins on our C++ codebase, although it's a little too thorough and it takes far too long to give CI feedback to Gerrit, so we have it scheduled for at least once a day. We also do builds with multiple compilers and max warnings-as-errors. The cpplint tool is good, but confuses concerns by complaining about style. Vera, rats, gcovr and valgrind are also good, and all of these can be made to work with Sonar and Jenkins. Someday I'll blog about setting these all up . . .Caulis

© 2022 - 2024 — McMap. All rights reserved.