Skip to content

cppcheck-sarif

Actions
Convert cppcheck xml report to sarif
v2.0
Latest
By Flast
Star (1)

Tags

 (2)
code-reviewcode-quality

cppcheck-sarif

Go Report Card

cppcheck-sarif is a converter which converts cppcheck xml report to Static Analysis Results Interchange Format (SARIF).

Build

go build .

Example usage

cppcheck --xml --output-file=report.xml .
cppcheck-sarif -output report.sarif report.xml

Use errorlist.xml instead of embedded one

cppcheck --errorlist > errorlist.xml
cppcheck --xml --output-file=report.xml .
cppcheck-sarif -errorlist errorlist.xml -output report.sarif report.xml

GitHub Action usage

name: cppcheck

on:
  push:
    branches:
      - master

jobs:
  upload-sarif:
    runs-on: ubuntu-24.04
    permissions:
      security-events: write
      actions: read
      contents: read
    steps:
      - uses: actions/checkout@v4

      - run: |
          sudo apt-get install -y cppcheck

      - run: |
          cppcheck --enable=all --xml --output-file=report.xml .

      - uses: Flast/cppcheck-sarif@v2
        with:
          input: report.xml
          output: report.sarif

      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: report.sarif
          category: cppcheck

References

Contributors (1)

@Flast

Resources

cppcheck-sarif is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

Convert cppcheck xml report to sarif
v2.0
Latest
By Flast

Tags

 (2)
code-reviewcode-quality

Contributors (1)

@Flast

Resources

cppcheck-sarif is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.