<h1 align="center">
<br>
<img src="https://github.com/Ericsson/codechecker/raw/master/docs/logo/logo_blue.png" alt="CodeChecker" width="200">
<br>
CodeChecker
<br>
</h1>
<p align="center">
<a href="https://github.com/Ericsson/codechecker/actions">
<img src="https://github.com/Ericsson/codechecker/workflows/codechecker-tests/badge.svg"
alt="Github Action">
</a>
<a href="https://gitter.im/codecheckerHQ/Lobby?utm_source=share-link&utm_medium=link&utm_campaign=share-link">
<img src="https://badges.gitter.im/codecheckerHQ/Lobby.svg"
alt="Gitter">
</a>
<a href="https://codechecker.readthedocs.io/en/latest/?badge=latest">
<img src="https://readthedocs.org/projects/codechecker/badge/?version=latest"
alt="Documentation Status">
</a>
<a href="https://securityscorecards.dev/viewer/?uri=github.com/Ericsson/codechecker">
<img src="https://api.securityscorecards.dev/projects/github.com/Ericsson/codechecker/badge"
alt="OpenSSF Scorecard Score">
</a>
</p>
**CodeChecker** is a static analysis infrastructure built on the [LLVM/Clang
Static Analyzer](http://clang-analyzer.llvm.org) toolchain, replacing
[`scan-build`](http://clang-analyzer.llvm.org/scan-build.html) in a Linux or
macOS (OS X) development environment.
**:bulb: Check out our [DEMO](https://codechecker-demo.eastus.cloudapp.azure.com) showing some analysis results of open-source projects!**
# Main features
## Command line C/C++ Analysis
* Executes [_Clang-Tidy_](http://clang.llvm.org/extra/clang-tidy/), [_Clang Static Analyzer_](http://clang-analyzer.llvm.org/) with Cross-Translation Unit analysis, Statistical Analysis (when checkers are available), [_Cppcheck_](https://cppcheck.sourceforge.io/), and the [_GCC Static Analyzer_](https://gcc.gnu.org/wiki/StaticAnalyzer).
* Creates the JSON compilation database by wiretapping any build process (e.g., `CodeChecker log -b "make"`).
* Automatically analyzes GCC cross-compiled projects: detecting GCC or Clang compiler configuration and forming the corresponding clang analyzer invocations.
* Incremental analysis: Only the changed files and its dependencies need to be reanalyzed.
* False positive suppression with a possibility to add review comments.
* Result visualization in command line or in static HTML.
## Web-based report storage
* **You can store & visualize thousands of analysis reports** of many analyzers like
Clang Static Analyzer (C/C++), Clang Tidy (C/C++), Facebook Infer (C/C++, Java), Clang Sanitizers (C/C++), Spotbugs (Java), Pylint (Python), Eslint (Javascript) ...
For a complete list see [Supported Analyzers](supported_code_analyzers.md)
* **Web application** for viewing discovered code defects with a streamlined,
easy experience (with PostgreSQL, or SQLite backend).
* **Gerrit and GitLab integration** Shows analysis results as [GitLab](gitlab_integration.md) or [Gerrit](jenkins_gerrit_integration.md) reviews.
* **Filterable** (defect checker name, severity, source paths, ...) and
**comparable** (calculates difference between two analyses of the project,
showing which bugs have been fixed and which are newly introduced) result
viewing.
* **Diff mode:** This shows the list of bugs that have been introduced since your last analyzer
execution.
* Results can be shared with fellow developers, the **comments** and
**review** system helps communication of code defects.
* Easily implementable [Thrift](http://thrift.apache.org)-based
server-client communication used for storing and querying of discovered
defects.
* Support for multiple bug visualization frontends, such as the web
application, a [command-line tool](usage.md) and an
[Eclipse plugin](http://github.com/Ericsson/CodeCheckerEclipsePlugin).
## Command line features
`CodeChecker` command has many subcommands which can be used for example to
log and analyze your projects, print the results or start a web server. For
full list see the following table or check the help message of this command
(`CodeChecker --help`):
| `CodeChecker` subcommand | Description |
|--------------------------|-----------------------------------------------------------------------------------------------|
| `analyze` | Execute the supported code analyzers for the files recorded in a JSON Compilation Database. |
| `analyzer-version` | Print the version of CodeChecker analyzer package that is being used. |
| `analyzers` | List supported and available analyzers. |
| `check` | Perform analysis on a project and print results to standard output. |
| `checkers` | List the checkers available for code analysis. |
| `cmd` | View analysis results on a running server from the command line. |
| `fixit` | Apply automatic fixes based on the suggestions of the analyzers. |
| `log` | Run a build command, collect the executed compilation commands and store them in a JSON file. |
| `parse` | Print analysis summary and results in a human-readable format. |
| `server` | Start and manage the CodeChecker Web server. |
| `store` | Save analysis results to a database. |
| `version` | Print the version of CodeChecker package that is being used. |
| `web-version` | Print the version of CodeChecker server package that is being used. |
`CodeChecker cmd` subcommand also has many other subcommands which can be used
to get data (products, runs, results, statistics) from a running CodeChecker
server. For full list see the following table or check the help message of this
subcommand (`CodeChecker cmd --help`):
| `CodeChecker cmd` subcommand | Description |
|------------------------------|---------------------------------------------------------------------------------------------------|
| `runs` | List the available analysis runs. |
| `history` | Show run history of multiple runs. |
| `results` | List analysis result (finding) summary for a given run. |
| `diff` | Compare two analysis runs and show the difference. |
| `sum` | Show statistics of checkers. |
| `token` | Access subcommands related to configuring personal access tokens managed by a CodeChecker server. |
| `del` | Delete analysis runs. |
| `update` | Update an analysis run. |
| `suppress` | Manage and import suppressions of reports on a CodeChecker server. |
| `products` | Access subcommands related to configuring the products managed by a CodeChecker server. |
| `components` | Access subcommands related to configuring the source components managed by a CodeChecker server. |
| `login` | Authenticate into CodeChecker servers that require privileges. |
| `export` | Export comments and review statuses from CodeChecker. |
| `import` | Import comments and review statuses into CodeChecker. |
# Usage flow
- *Step 1*: `CodeChecker log` runs the given build command and records the
executed compilation steps. These steps are written to an output file
(Compilation Database) in a JSON format.
- *Step 2*: `CodeChecker analyze` uses the previously created JSON Compilation
Database to perform an analysis on the project, outputting analysis results in
a machine-readable (plist) format.
- *Step 3*: In this step, you can do multiple things:
- Parse and pretty-print the summary and results from analysis result files
(`CodeChecker parse`).
- Store the results to a running CodeChecker server (`CodeChecker store`).
- Compare two analysis results/runs to show the results that differ between
the two (`CodeChecker cmd diff`).
- etc.
For more information how to use CodeChecker see our [user guide](usage.md).
# User documentation
* [Getting started (How-To with examples)](usage.md)
## C/C++ Analysis
* [Analyzer User guide](analyzer/user_guide.md)
* [Avoiding or suppressing false positives](analyzer/false_positives.md)
* [Checker and Static Analyzer configuration](analyzer/checker_and_analyzer_configuration.md)
* [GCC incompatibilities](analyzer/gcc_incompatibilities.md)
* [Suppressing false positives](analyzer/user_guide.md#source-code-comments)
## Web based report management
* [Webserver User Guide](web/user_guide.md)
* [WEB GUI User Guide](/web/server/vue-cli/src/assets/userguide/userguide.md)
* [Command line and WEB UI Feature overview](feature_comparison.md)
* Security configuration
* [Configuring Authentication](web/authentication.md)
* [Configuring Authorization](web/permissions.md)
* Deployment
* [Deploy server using docker](web/docker.md#deployment)
* Server Configuration
* [Configuring Server Logging](logging.md)
* [Setting up multiple CodeChecker repositories in one server](web/products.md)
* Continuous Integration (CI)
* [CodeChecker as a GitHub Action](http://github.com/marketplace/actions/codechecker-static-analysis)
* [Setting up CI gating with Gerrit and Jenkins](jenkins_gerrit_integration.md)
* Database Configuration
* [PostgreSQL database backend setup guide](web/postgresql_setup.md)
* [CodeChecker server and database schema upgrade guide](web/db_schema_guide.md)
### Storage of reports from analyzer tools
CodeChecker can be used as a generic tool for visualizing analyzer results.
The following tools are supported:
| Language | Analyzer |
|----------------|------------------------------------------------------------------------------|
| **C/C++** | [Clang Static Analyzer](https://clang-analyzer.llvm.org/) |
| | [Clang Tidy](https://clang.llvm.org/extra/clang-tidy/) |
| | [Clang Sanitizers](supported_code_analyzers.md#clang-sanitizers) |
| | [Cppcheck](/docs/tools/report-converter.md#cppcheck) |
| | [Facebook Infer](/docs/tools/report-converter.md#facebook-infer) |
| | [Coccinelle](/docs/tools/report-converter.md#coccinelle) |
| | [Smatch](/docs/tools/report-converter.md#smatch) |
| | [Kernel-Doc](/docs/tools/report-converter.md#kernel-doc) |
| | [Sparse](/docs/tools/report-converter.md#sparse) |
| | [cpplint](/docs/tools/report-converter.md#cpplint) |
| **C#** | [Roslynator.DotNet.Cli](/docs/tools/report-converter.md#roslynatordotnetcli) |
| **Java** | [SpotBugs](/docs/tools/report-converter.md#spotbugs) |
| | [Facebook Infer](/docs/tools/report-converter.md#facebook-infer) |
| **Python** | [Pylint](/docs/tools/report-converter.md#pylint) |
| | [Pyflakes](/docs/tools/report-converter.md#pyflakes) |
| **JavaScript** | [ESLint](/docs/tools/report-converter.md#eslint) |
| **TypeScript** | [TSLint](/docs/tools/report-converter.md#tslint) |
| **Go** | [Golint](/docs/tools/report-converter.md#golint) |
| **Markdown** | [Markdownlint](/docs/tools/report-converter.md#markdownlint) |
| | [Sphinx](/docs/tools/report-converter.md#sphinx) |
For details see
[supported code analyzers](supported_code_analyzers.md) documentation and the
[Report Converter Tool](/docs/tools/report-converter.md).
## Common Tools
Useful tools that can also be used outside CodeChecker.
* [Build Logger (to generate JSON Compilation Database from your builds)](/analyzer/tools/build-logger/README.md)
* [Plist/Sarif to HTML converter (to generate HTML files from the given plist or sarif files)](/docs/tools/report-converter.md#plist-to-html-tool)
* [Report Converter Tool (to convert analysis results from other analyzers to the codechecker report directory format))](/docs/tools/report-converter.md)
* [Translation Unit Collector (to collect source files of a translation unit or to get source files which depend on the given header files)](/docs/tools/tu_collector.md)
* [Report Hash generator (to generate unique hash identifiers for reports)](/docs/tools/report-converter.md#report-hash-generation-module)
## Helper Scripts
* [Helper Scripts for daily analysis](script_daily.md)
# Install guide
## Install CodeChecker via `pip`
CodeChecker is available on the [pypi](https://pypi.org/project/codechecker/)
and can be installed with the following command:
```sh
pip3 install codechecker
```
**Note:** this package can be installed on `Linux`, `OSX` and `Windows`
systems where `pip3` command is available. On `OSX`, `intercept-build` must be
installed for logging (`CodeChecker log`). On `Windows`, logging is not
available.
## Installing CodeChecker via the `snap` package manager
CodeChecker is available on the [Snap Store](https://snapcraft.io/codechecker)
and can be installed with the following command:
```sh
sudo snap install codechecker --classic
```
**Note:** Unfortunately, the snap package supports only lower-case command names.
For this reason, you need to use `codechecker` command instead of `CodeChecker`
everywhere. For a full list of available commands in the _codechecker_ snap
package, run `snap info codechecker`.
## Linux
For a detailed dependency list, and for instructions on how to install newer
Clang and Clang-Tidy versions, please see [Requirements](deps.md).
The following commands are used to bootstrap CodeChecker on Ubuntu 20.04 LTS:
```sh
# Install mandatory dependencies for a development and analysis environment.
# NOTE: clang or clang-tidy can be any sufficiently fresh version, and need not
# come from package manager!
# In case of Cppcheck, the minimal supported version is 1.80.
# In case of gcc, the minimal supported version is 13.0.0.
sudo apt-get install clang clang-tidy cppcheck g++ build-essential curl
gcc-multilib git python3-dev python3-venv python3-setuptools
# Install nodejs dependency for web. In case of Debian/Ubuntu you can use the
# following commands. For more information see the official docs:
# https://nodejs.org/en/download/package-manager/
curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash -
sudo apt-get install -y nodejs
# Check out CodeChecker source code.
git clone https://github.com/Ericsson/CodeChecker.git --depth 1 ~/codechecker
cd ~/codechecker
# Create a Python virtualenv and set it as your environment.
# NOTE: if you want to develop CodeChecker, use the `venv_dev` target instead
# of `venv`.
make venv
source $PWD/venv/bin/activate
# [Optional] If you want to use external authentication methods (LDAP / PAM)
# follow the instructions in
# docs/web/authentication.md#external-authentication-methods
# Build and install a CodeChecker package.
make package
# For ease of access, add the build directory to PATH.
export PATH="$PWD/build/CodeChecker/bin:$PATH"
cd ..
```
**Notes**:
- By default, `make package` will build ldlogger shared objects for
`32bit` and `64bit` too. If you would like to build and package `64 bit only`
shared objects and ldlogger binary you can set `BUILD_LOGGER_64_BIT_ONLY`
environment variable to `YES` before the package build:
`BUILD_LOGGER_64_BIT_ONLY=YES make package`.
- By default, the `make package` will build the UI code if it's not built yet
or the UI code is changed. If you wouldn't like to build the UI code you can
set the `BUILD_UI_DIST` environment variable to `NO` before the package build:
`BUILD_UI_DIST=NO make package`.
- Use `make standalone_package` instead of `make package` to avoid
having to manually activate the environment before running CodeChecker.
### Upgrading environment after system or Python upgrade
If you have upgraded your system's Python to a newer version (e.g., from
`3.8` to `3.11` – this is the case when upgrading Ubuntu from
20.04 LTS to 22.04 LTS), the installed environment will not work
out-of-the-box. To fix this issue, run the following command to upgrade your
`checker_env` too:
```sh
cd ~/codechecker/venv
python3 -m venv .
```
## Mac OS X
For installation instructions for Mac OS X see [Mac OS X Installation Guide](install_macosx.md) documentation.
## Docker
To run the CodeChecker server in Docker see the [Docker](web/docker.md) documentation.
You can find the CodeChecker web-server container at the [Docker Hub](https://hub.docker.com/r/codechecker/codechecker-web).
<img src="https://raw.githubusercontent.com/Ericsson/codechecker/master/docs/images/docker.jpg" width="100">
## Visual Studio Code plugin
<img src="https://raw.githubusercontent.com/Ericsson/codechecker/master/docs/images/vscode.png" width="100">
You can install and use CodeChecker VSCode extension from the
[Visual Studio Marketplace](http://marketplace.visualstudio.com/items?itemName=codechecker.vscode-codechecker)
or from [Open VSX](http://open-vsx.org/extension/codechecker/codechecker).
Main features:
- Run CodeChecker analysis from the editor and see the results automatically.
- Re-analyze the current file when saved.
- Commands and build tasks for running CodeChecker as part of a build system.
- Browse through the found reports and show the reproduction steps directly in the code.
- Navigate between the reproduction steps.
For more information how to install and use this plugin see the
[repository](https://github.com/Ericsson/codecheckervsCodePlugin/) of this
extension.
## GitHub Actions CI
CodeChecker can be executed via a reusable GitHub action for your project!
You need only specify the build command, as if you would run the analysis
locally.
For more information, check out the
[CodeChecker Static Analysis](http://github.com/marketplace/actions/codechecker-static-analysis)
action on the GitHub Actions Marketplace.
# Analyze your first project
## Setting up the environment in your Terminal
These steps must always be taken in a new command prompt you wish to execute
analysis in.
```sh
source ~/codechecker/venv/bin/activate
# Path of CodeChecker package
# NOTE: SKIP this line if you want to always specify CodeChecker's full path.
export PATH=~/codechecker/build/CodeChecker/bin:$PATH
# Path of the built LLVM/Clang
# NOTE: SKIP this line if clang is available in your PATH as an installed Linux package.
export PATH=~/<user path>/build/bin:$PATH
```
## Execute analysis
Analyze your project with the `check` command:
CodeChecker check -b "cd ~/your-project && make clean && make" -o ./results
`check` will print an overview of the issues found in your project by the
analyzers. The reports will be stored in the `./results` directory in `plist`
XML format.
## Export the reports as static HTML files
You can visualize the results as static HTML by executing
`CodeChecker parse -e html ./results -o ./reports_html`
An index page will be generated with a list of all repors in
`./reports_html/index.html`
## Optionally store the results in Web server & view the results
If you have hundreds of results, you may want to store them on the web
server with a database backend.
Start a CodeChecker web and storage server in another terminal or as a
background process. By default, it will listen on `localhost:8001`.
The SQLite database containing the reports will be placed in your workspace
directory (`~/.codechecker` by default), which can be provided via the `-w`
flag.
CodeChecker server
Store your analysis reports onto the server to be able to use the Web Viewer.
CodeChecker store ./results -n my-project
Open the [CodeChecker Web Viewer](http://localhost:8001) in your browser, and
you should be greeted with a web application showing you the analysis results.
## Developer documentations
* [Architecture](architecture.md)
* [Package layout](package_layout.md)
* [Dependencies](deps.md)
* [Thrift interface](web/api/README.md)
* [Package and integration tests](tests.md)
* [Checker documentation mapping file](web/checker_docs.md)
## Conference papers, presentations
* An overview about the CodeChecker infrastructure was given at [PLDI 2020](http://pldi20.sigplan.org).<br />
**Márton, Gábor and Krupp, Dániel**:<br />
[_Tool Talk: CodeChecker_](http://youtube.com/watch?v=bVqrhaoxHlc)
* A high-level overview about the infrastructure is available amongst the
[2015 Euro LLVM Conference](http://llvm.org/devmtg/2015-04) presentations.<br/>
**Krupp, Dániel and Orbán, György and Horváth, Gábor and Babati, Bence**:<br/>
[_Industrial Experiences with the Clang Static Analysis Toolset_](http://llvm.org/devmtg/2015-04/slides/Clang_static_analysis_toolset_final.pdf)
Raw data
{
"_id": null,
"home_page": "https://github.com/Ericsson/CodeChecker",
"name": "codechecker",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "codechecker, plist",
"author": "CodeChecker Team (Ericsson)",
"author_email": "codechecker-tool@googlegroups.com",
"download_url": "https://files.pythonhosted.org/packages/8f/5e/0a75656027718a621331130763f7d896f62af660e50bc7ebf7c279cc9b7a/codechecker-6.24.4.tar.gz",
"platform": null,
"description": "<h1 align=\"center\">\n <br>\n <img src=\"https://github.com/Ericsson/codechecker/raw/master/docs/logo/logo_blue.png\" alt=\"CodeChecker\" width=\"200\">\n <br>\n CodeChecker\n <br>\n</h1>\n\n<p align=\"center\">\n <a href=\"https://github.com/Ericsson/codechecker/actions\">\n <img src=\"https://github.com/Ericsson/codechecker/workflows/codechecker-tests/badge.svg\"\n alt=\"Github Action\">\n </a>\n <a href=\"https://gitter.im/codecheckerHQ/Lobby?utm_source=share-link&utm_medium=link&utm_campaign=share-link\">\n <img src=\"https://badges.gitter.im/codecheckerHQ/Lobby.svg\"\n alt=\"Gitter\">\n </a>\n <a href=\"https://codechecker.readthedocs.io/en/latest/?badge=latest\">\n <img src=\"https://readthedocs.org/projects/codechecker/badge/?version=latest\"\n alt=\"Documentation Status\">\n </a>\n <a href=\"https://securityscorecards.dev/viewer/?uri=github.com/Ericsson/codechecker\">\n <img src=\"https://api.securityscorecards.dev/projects/github.com/Ericsson/codechecker/badge\"\n alt=\"OpenSSF Scorecard Score\">\n </a>\n</p>\n\n**CodeChecker** is a static analysis infrastructure built on the [LLVM/Clang\nStatic Analyzer](http://clang-analyzer.llvm.org) toolchain, replacing\n[`scan-build`](http://clang-analyzer.llvm.org/scan-build.html) in a Linux or\nmacOS (OS X) development environment.\n\n\n\n**:bulb: Check out our [DEMO](https://codechecker-demo.eastus.cloudapp.azure.com) showing some analysis results of open-source projects!**\n\n# Main features\n## Command line C/C++ Analysis\n * Executes [_Clang-Tidy_](http://clang.llvm.org/extra/clang-tidy/), [_Clang Static Analyzer_](http://clang-analyzer.llvm.org/) with Cross-Translation Unit analysis, Statistical Analysis (when checkers are available), [_Cppcheck_](https://cppcheck.sourceforge.io/), and the [_GCC Static Analyzer_](https://gcc.gnu.org/wiki/StaticAnalyzer).\n * Creates the JSON compilation database by wiretapping any build process (e.g., `CodeChecker log -b \"make\"`).\n * Automatically analyzes GCC cross-compiled projects: detecting GCC or Clang compiler configuration and forming the corresponding clang analyzer invocations.\n * Incremental analysis: Only the changed files and its dependencies need to be reanalyzed.\n * False positive suppression with a possibility to add review comments.\n * Result visualization in command line or in static HTML.\n\n## Web-based report storage\n * **You can store & visualize thousands of analysis reports** of many analyzers like\n Clang Static Analyzer (C/C++), Clang Tidy (C/C++), Facebook Infer (C/C++, Java), Clang Sanitizers (C/C++), Spotbugs (Java), Pylint (Python), Eslint (Javascript) ... \n For a complete list see [Supported Analyzers](supported_code_analyzers.md)\n * **Web application** for viewing discovered code defects with a streamlined,\n easy experience (with PostgreSQL, or SQLite backend).\n * **Gerrit and GitLab integration** Shows analysis results as [GitLab](gitlab_integration.md) or [Gerrit](jenkins_gerrit_integration.md) reviews.\n * **Filterable** (defect checker name, severity, source paths, ...) and\n **comparable** (calculates difference between two analyses of the project,\n showing which bugs have been fixed and which are newly introduced) result\n viewing.\n * **Diff mode:** This shows the list of bugs that have been introduced since your last analyzer\n execution.\n * Results can be shared with fellow developers, the **comments** and\n **review** system helps communication of code defects.\n * Easily implementable [Thrift](http://thrift.apache.org)-based\n server-client communication used for storing and querying of discovered\n defects.\n * Support for multiple bug visualization frontends, such as the web\n application, a [command-line tool](usage.md) and an\n [Eclipse plugin](http://github.com/Ericsson/CodeCheckerEclipsePlugin).\n\n## Command line features\n`CodeChecker` command has many subcommands which can be used for example to\nlog and analyze your projects, print the results or start a web server. For\nfull list see the following table or check the help message of this command\n(`CodeChecker --help`):\n\n| `CodeChecker` subcommand | Description |\n|--------------------------|-----------------------------------------------------------------------------------------------|\n| `analyze` | Execute the supported code analyzers for the files recorded in a JSON Compilation Database. |\n| `analyzer-version` | Print the version of CodeChecker analyzer package that is being used. |\n| `analyzers` | List supported and available analyzers. |\n| `check` | Perform analysis on a project and print results to standard output. |\n| `checkers` | List the checkers available for code analysis. |\n| `cmd` | View analysis results on a running server from the command line. |\n| `fixit` | Apply automatic fixes based on the suggestions of the analyzers. |\n| `log` | Run a build command, collect the executed compilation commands and store them in a JSON file. |\n| `parse` | Print analysis summary and results in a human-readable format. |\n| `server` | Start and manage the CodeChecker Web server. |\n| `store` | Save analysis results to a database. |\n| `version` | Print the version of CodeChecker package that is being used. |\n| `web-version` | Print the version of CodeChecker server package that is being used. |\n\n\n`CodeChecker cmd` subcommand also has many other subcommands which can be used\nto get data (products, runs, results, statistics) from a running CodeChecker\nserver. For full list see the following table or check the help message of this\nsubcommand (`CodeChecker cmd --help`):\n\n| `CodeChecker cmd` subcommand | Description |\n|------------------------------|---------------------------------------------------------------------------------------------------|\n| `runs` | List the available analysis runs. |\n| `history` | Show run history of multiple runs. |\n| `results` | List analysis result (finding) summary for a given run. |\n| `diff` | Compare two analysis runs and show the difference. |\n| `sum` | Show statistics of checkers. |\n| `token` | Access subcommands related to configuring personal access tokens managed by a CodeChecker server. |\n| `del` | Delete analysis runs. |\n| `update` | Update an analysis run. |\n| `suppress` | Manage and import suppressions of reports on a CodeChecker server. |\n| `products` | Access subcommands related to configuring the products managed by a CodeChecker server. |\n| `components` | Access subcommands related to configuring the source components managed by a CodeChecker server. |\n| `login` | Authenticate into CodeChecker servers that require privileges. |\n| `export` | Export comments and review statuses from CodeChecker. |\n| `import` | Import comments and review statuses into CodeChecker. |\n\n\n# Usage flow\n\n\n- *Step 1*: `CodeChecker log` runs the given build command and records the\nexecuted compilation steps. These steps are written to an output file\n(Compilation Database) in a JSON format.\n- *Step 2*: `CodeChecker analyze` uses the previously created JSON Compilation\nDatabase to perform an analysis on the project, outputting analysis results in\na machine-readable (plist) format.\n- *Step 3*: In this step, you can do multiple things:\n - Parse and pretty-print the summary and results from analysis result files\n (`CodeChecker parse`).\n - Store the results to a running CodeChecker server (`CodeChecker store`).\n - Compare two analysis results/runs to show the results that differ between\n the two (`CodeChecker cmd diff`).\n - etc.\n\nFor more information how to use CodeChecker see our [user guide](usage.md).\n\n# User documentation\n\n* [Getting started (How-To with examples)](usage.md)\n\n## C/C++ Analysis\n* [Analyzer User guide](analyzer/user_guide.md)\n* [Avoiding or suppressing false positives](analyzer/false_positives.md)\n* [Checker and Static Analyzer configuration](analyzer/checker_and_analyzer_configuration.md)\n* [GCC incompatibilities](analyzer/gcc_incompatibilities.md)\n* [Suppressing false positives](analyzer/user_guide.md#source-code-comments)\n\n## Web based report management\n* [Webserver User Guide](web/user_guide.md)\n* [WEB GUI User Guide](/web/server/vue-cli/src/assets/userguide/userguide.md)\n* [Command line and WEB UI Feature overview](feature_comparison.md)\n* Security configuration \n * [Configuring Authentication](web/authentication.md)\n * [Configuring Authorization](web/permissions.md)\n* Deployment\n * [Deploy server using docker](web/docker.md#deployment)\n* Server Configuration\n * [Configuring Server Logging](logging.md)\n * [Setting up multiple CodeChecker repositories in one server](web/products.md)\n* Continuous Integration (CI)\n * [CodeChecker as a GitHub Action](http://github.com/marketplace/actions/codechecker-static-analysis)\n * [Setting up CI gating with Gerrit and Jenkins](jenkins_gerrit_integration.md)\n* Database Configuration\n * [PostgreSQL database backend setup guide](web/postgresql_setup.md)\n * [CodeChecker server and database schema upgrade guide](web/db_schema_guide.md)\n\n### Storage of reports from analyzer tools\nCodeChecker can be used as a generic tool for visualizing analyzer results.\n\nThe following tools are supported:\n\n| Language | Analyzer |\n|----------------|------------------------------------------------------------------------------|\n| **C/C++** | [Clang Static Analyzer](https://clang-analyzer.llvm.org/) |\n| | [Clang Tidy](https://clang.llvm.org/extra/clang-tidy/) |\n| | [Clang Sanitizers](supported_code_analyzers.md#clang-sanitizers) |\n| | [Cppcheck](/docs/tools/report-converter.md#cppcheck) |\n| | [Facebook Infer](/docs/tools/report-converter.md#facebook-infer) |\n| | [Coccinelle](/docs/tools/report-converter.md#coccinelle) |\n| | [Smatch](/docs/tools/report-converter.md#smatch) |\n| | [Kernel-Doc](/docs/tools/report-converter.md#kernel-doc) |\n| | [Sparse](/docs/tools/report-converter.md#sparse) |\n| | [cpplint](/docs/tools/report-converter.md#cpplint) |\n| **C#** | [Roslynator.DotNet.Cli](/docs/tools/report-converter.md#roslynatordotnetcli) |\n| **Java** | [SpotBugs](/docs/tools/report-converter.md#spotbugs) |\n| | [Facebook Infer](/docs/tools/report-converter.md#facebook-infer) |\n| **Python** | [Pylint](/docs/tools/report-converter.md#pylint) |\n| | [Pyflakes](/docs/tools/report-converter.md#pyflakes) |\n| **JavaScript** | [ESLint](/docs/tools/report-converter.md#eslint) |\n| **TypeScript** | [TSLint](/docs/tools/report-converter.md#tslint) |\n| **Go** | [Golint](/docs/tools/report-converter.md#golint) |\n| **Markdown** | [Markdownlint](/docs/tools/report-converter.md#markdownlint) |\n| | [Sphinx](/docs/tools/report-converter.md#sphinx) |\n\n\nFor details see \n[supported code analyzers](supported_code_analyzers.md) documentation and the \n[Report Converter Tool](/docs/tools/report-converter.md).\n\n## Common Tools\nUseful tools that can also be used outside CodeChecker.\n\n* [Build Logger (to generate JSON Compilation Database from your builds)](/analyzer/tools/build-logger/README.md)\n* [Plist/Sarif to HTML converter (to generate HTML files from the given plist or sarif files)](/docs/tools/report-converter.md#plist-to-html-tool)\n* [Report Converter Tool (to convert analysis results from other analyzers to the codechecker report directory format))](/docs/tools/report-converter.md)\n* [Translation Unit Collector (to collect source files of a translation unit or to get source files which depend on the given header files)](/docs/tools/tu_collector.md)\n* [Report Hash generator (to generate unique hash identifiers for reports)](/docs/tools/report-converter.md#report-hash-generation-module)\n\n## Helper Scripts\n* [Helper Scripts for daily analysis](script_daily.md)\n\n# Install guide\n\n## Install CodeChecker via `pip`\nCodeChecker is available on the [pypi](https://pypi.org/project/codechecker/)\nand can be installed with the following command:\n```sh\npip3 install codechecker\n```\n\n**Note:** this package can be installed on `Linux`, `OSX` and `Windows`\nsystems where `pip3` command is available. On `OSX`, `intercept-build` must be\ninstalled for logging (`CodeChecker log`). On `Windows`, logging is not\navailable.\n\n## Installing CodeChecker via the `snap` package manager\nCodeChecker is available on the [Snap Store](https://snapcraft.io/codechecker)\nand can be installed with the following command:\n```sh\nsudo snap install codechecker --classic\n```\n\n**Note:** Unfortunately, the snap package supports only lower-case command names.\nFor this reason, you need to use `codechecker` command instead of `CodeChecker`\neverywhere. For a full list of available commands in the _codechecker_ snap\npackage, run `snap info codechecker`.\n\n## Linux\n\nFor a detailed dependency list, and for instructions on how to install newer\nClang and Clang-Tidy versions, please see [Requirements](deps.md).\nThe following commands are used to bootstrap CodeChecker on Ubuntu 20.04 LTS:\n\n```sh\n# Install mandatory dependencies for a development and analysis environment.\n# NOTE: clang or clang-tidy can be any sufficiently fresh version, and need not\n# come from package manager!\n# In case of Cppcheck, the minimal supported version is 1.80.\n# In case of gcc, the minimal supported version is 13.0.0.\nsudo apt-get install clang clang-tidy cppcheck g++ build-essential curl\n gcc-multilib git python3-dev python3-venv python3-setuptools\n\n# Install nodejs dependency for web. In case of Debian/Ubuntu you can use the\n# following commands. For more information see the official docs:\n# https://nodejs.org/en/download/package-manager/\ncurl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash -\nsudo apt-get install -y nodejs\n\n# Check out CodeChecker source code.\ngit clone https://github.com/Ericsson/CodeChecker.git --depth 1 ~/codechecker\ncd ~/codechecker\n\n# Create a Python virtualenv and set it as your environment.\n# NOTE: if you want to develop CodeChecker, use the `venv_dev` target instead\n# of `venv`.\nmake venv\nsource $PWD/venv/bin/activate\n\n# [Optional] If you want to use external authentication methods (LDAP / PAM)\n# follow the instructions in\n# docs/web/authentication.md#external-authentication-methods\n\n# Build and install a CodeChecker package.\nmake package\n\n# For ease of access, add the build directory to PATH.\nexport PATH=\"$PWD/build/CodeChecker/bin:$PATH\"\n\ncd ..\n```\n\n**Notes**:\n- By default, `make package` will build ldlogger shared objects for\n`32bit` and `64bit` too. If you would like to build and package `64 bit only`\nshared objects and ldlogger binary you can set `BUILD_LOGGER_64_BIT_ONLY`\nenvironment variable to `YES` before the package build:\n`BUILD_LOGGER_64_BIT_ONLY=YES make package`.\n- By default, the `make package` will build the UI code if it's not built yet\nor the UI code is changed. If you wouldn't like to build the UI code you can\nset the `BUILD_UI_DIST` environment variable to `NO` before the package build:\n`BUILD_UI_DIST=NO make package`.\n- Use `make standalone_package` instead of `make package` to avoid\nhaving to manually activate the environment before running CodeChecker.\n\n### Upgrading environment after system or Python upgrade\n\nIf you have upgraded your system's Python to a newer version (e.g., from\n`3.8` to `3.11` – this is the case when upgrading Ubuntu from\n20.04 LTS to 22.04 LTS), the installed environment will not work\nout-of-the-box. To fix this issue, run the following command to upgrade your\n`checker_env` too:\n\n```sh\ncd ~/codechecker/venv\npython3 -m venv .\n```\n\n## Mac OS X\nFor installation instructions for Mac OS X see [Mac OS X Installation Guide](install_macosx.md) documentation.\n\n## Docker\nTo run the CodeChecker server in Docker see the [Docker](web/docker.md) documentation.\nYou can find the CodeChecker web-server container at the [Docker Hub](https://hub.docker.com/r/codechecker/codechecker-web).\n\n<img src=\"https://raw.githubusercontent.com/Ericsson/codechecker/master/docs/images/docker.jpg\" width=\"100\">\n\n## Visual Studio Code plugin\n<img src=\"https://raw.githubusercontent.com/Ericsson/codechecker/master/docs/images/vscode.png\" width=\"100\">\n\nYou can install and use CodeChecker VSCode extension from the\n[Visual Studio Marketplace](http://marketplace.visualstudio.com/items?itemName=codechecker.vscode-codechecker)\nor from [Open VSX](http://open-vsx.org/extension/codechecker/codechecker).\n\nMain features:\n- Run CodeChecker analysis from the editor and see the results automatically.\n- Re-analyze the current file when saved.\n- Commands and build tasks for running CodeChecker as part of a build system.\n- Browse through the found reports and show the reproduction steps directly in the code.\n- Navigate between the reproduction steps.\n\n\n\nFor more information how to install and use this plugin see the\n[repository](https://github.com/Ericsson/codecheckervsCodePlugin/) of this\nextension.\n\n## GitHub Actions CI\n\n\n\nCodeChecker can be executed via a reusable GitHub action for your project!\nYou need only specify the build command, as if you would run the analysis\nlocally.\n\nFor more information, check out the\n[CodeChecker Static Analysis](http://github.com/marketplace/actions/codechecker-static-analysis)\naction on the GitHub Actions Marketplace.\n\n# Analyze your first project\n\n## Setting up the environment in your Terminal\n\nThese steps must always be taken in a new command prompt you wish to execute\nanalysis in.\n\n```sh\nsource ~/codechecker/venv/bin/activate\n\n# Path of CodeChecker package\n# NOTE: SKIP this line if you want to always specify CodeChecker's full path.\nexport PATH=~/codechecker/build/CodeChecker/bin:$PATH\n\n# Path of the built LLVM/Clang\n# NOTE: SKIP this line if clang is available in your PATH as an installed Linux package.\nexport PATH=~/<user path>/build/bin:$PATH\n```\n## Execute analysis\n\nAnalyze your project with the `check` command:\n\n CodeChecker check -b \"cd ~/your-project && make clean && make\" -o ./results\n\n`check` will print an overview of the issues found in your project by the\nanalyzers. The reports will be stored in the `./results` directory in `plist` \nXML format.\n\n## Export the reports as static HTML files\nYou can visualize the results as static HTML by executing\n\n`CodeChecker parse -e html ./results -o ./reports_html`\n\nAn index page will be generated with a list of all repors in \n`./reports_html/index.html` \n\n\n## Optionally store the results in Web server & view the results\n\nIf you have hundreds of results, you may want to store them on the web\nserver with a database backend.\n\nStart a CodeChecker web and storage server in another terminal or as a\nbackground process. By default, it will listen on `localhost:8001`.\n\nThe SQLite database containing the reports will be placed in your workspace\ndirectory (`~/.codechecker` by default), which can be provided via the `-w`\nflag.\n\n CodeChecker server\n\nStore your analysis reports onto the server to be able to use the Web Viewer.\n\n CodeChecker store ./results -n my-project\n\nOpen the [CodeChecker Web Viewer](http://localhost:8001) in your browser, and\nyou should be greeted with a web application showing you the analysis results.\n\n\n## Developer documentations\n* [Architecture](architecture.md)\n* [Package layout](package_layout.md)\n* [Dependencies](deps.md)\n* [Thrift interface](web/api/README.md)\n* [Package and integration tests](tests.md)\n* [Checker documentation mapping file](web/checker_docs.md)\n\n## Conference papers, presentations\n* An overview about the CodeChecker infrastructure was given at [PLDI 2020](http://pldi20.sigplan.org).<br />\n **M\u00e1rton, G\u00e1bor and Krupp, D\u00e1niel**:<br />\n [_Tool Talk: CodeChecker_](http://youtube.com/watch?v=bVqrhaoxHlc)\n* A high-level overview about the infrastructure is available amongst the\n [2015 Euro LLVM Conference](http://llvm.org/devmtg/2015-04) presentations.<br/>\n **Krupp, D\u00e1niel and Orb\u00e1n, Gy\u00f6rgy and Horv\u00e1th, G\u00e1bor and Babati, Bence**:<br/>\n [_Industrial Experiences with the Clang Static Analysis Toolset_](http://llvm.org/devmtg/2015-04/slides/Clang_static_analysis_toolset_final.pdf)\n",
"bugtrack_url": null,
"license": "Apache-2.0 WITH LLVM-exception",
"summary": "CodeChecker is an analyzer tooling, defect database and viewer extension",
"version": "6.24.4",
"project_urls": {
"Documentation": "http://codechecker.readthedocs.io",
"Homepage": "https://github.com/Ericsson/CodeChecker",
"Issue Tracker": "http://github.com/Ericsson/CodeChecker/issues"
},
"split_keywords": [
"codechecker",
" plist"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "8f5e0a75656027718a621331130763f7d896f62af660e50bc7ebf7c279cc9b7a",
"md5": "87370482de8d820d3088881740a08350",
"sha256": "396c4e7e982948c9c0345eeba5f76c2ad4ac6f2201874e72744e71a620291152"
},
"downloads": -1,
"filename": "codechecker-6.24.4.tar.gz",
"has_sig": false,
"md5_digest": "87370482de8d820d3088881740a08350",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 7573342,
"upload_time": "2024-10-28T14:57:01",
"upload_time_iso_8601": "2024-10-28T14:57:01.619092Z",
"url": "https://files.pythonhosted.org/packages/8f/5e/0a75656027718a621331130763f7d896f62af660e50bc7ebf7c279cc9b7a/codechecker-6.24.4.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-10-28 14:57:01",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "Ericsson",
"github_project": "CodeChecker",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "codechecker"
}
JSON
