• State Not Answered
  • Replies 3 replies
  • Subscribers 74 subscribers
  • Views 803 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 289964
Options

Looking to run Fortify static analysis tool.

EDLT

Hello, two related questions:

1) We're hiring a third party, Fortify to statically analyze our code base. I'm having trouble figuring out where I can modify the build tool calls and plugin an external analyzer. Can I modify this via CMake, or a flag when calling West?

This is what Fortify sent us, which I think is intended for a standard makefile.

2) I realize I can run the analyze command from within Segger to analyze the code via Clang's static tool. How can I do this via command line for automated builds? I'm imagining this is part of an build automation system.

Parents
  • 0

    Hi,

    We don't think it's possible throiugh west directly.

    The toolchain prefix is resolved in cmake files in zephyr/cmake/toolchain and some things are done in zephyr SDK files. Maybe something can be done in those cmake files, although it may require extensions to the files or adding it as a new toolchain.

    Zephyr does add a lot of its own regarding compiler prefixes, so simply changing the compiler by adding a prefix is not expected to work (since your added prefix is prefixed by yet other prefixes.)

    We have not tested this, and not made any attempts at using sourceanalyzer or other simlar tools, so there may exist other workarounds or issues that we haven't thought about.

    Regards,
    Terje

  • 0 in reply to tesc

    Hi Tesc,

    It didn't seem straight forward to us either within the West environment.

    Segger IDE provides a method to export the build script. Within this build script we can manually modify the compiler command and insert the source analyzer. We were able to utilize Fortify's tool in this manner.

  • 0 in reply to EDLT

    Hi,

    If you want to look deeper into the possibility of doing this with west then you can have a look at rules.ninja and modify it to use the analysis tool instead of directly calling the compiler. However I highly suspect this could be jumping down a rabbit hole, so if you have found a working solution I would not spend too much time on it.

    Regards,
    Terje

Reply
  • 0 in reply to EDLT

    Hi,

    If you want to look deeper into the possibility of doing this with west then you can have a look at rules.ninja and modify it to use the analysis tool instead of directly calling the compiler. However I highly suspect this could be jumping down a rabbit hole, so if you have found a working solution I would not spend too much time on it.

    Regards,
    Terje

Children
No Data
Related
Terms of service