The SEI CERT Coding Standards wiki documents which analysis tools detect violations of which rules/recs. To edit or add to this information, follow these guidelines.
Adding a Tool Page
You First, you should create an empty page for the tool of interest under the "Analyzers" section of the backmatter, in each appropriate language space, if such . It may be the case that a page does not already existalready exists for the tool, in which case you can skip this step. Below are links to the "Analyzers" sections for each space.
Space | Analyzers Page |
---|---|
C | EE. Analyzers |
C++ | CC. Analyzers |
Java | |
Perl | BB. Analyzers |
The page should be titled with the name of the analysis tool. The page will be automatically populated with the information that you provide on individual rule/rec pages. You do not need to add any content to it. The page should also have the 'analyzer' label so that it shows up on the Analyzers section.
Additionally, a "version" page should be created alongside the tool page. This paged page is title "titled ToolName_V", should be populated with the version number of the tool. For example, GCC_V documents the version of the GCC compiler. This version page is not automatically generated. You are responsible for entering the version information into this page.
...
Each rule/rec page has an "Automated Detection" (AD) section, describing which tools can detect violations of the rule/rec. This section contains a table. Each row of the table contains information for a specific version of a tool. A row in the AD table has the following format.
Tool | Version | Checker | Description |
---|---|---|---|
Hyperlinked name of the tool | The version of the tool | Checker Name 1 Checker Name 2 Checker Name 3 ... | Checker Description 1 Checker Description 2 Checker Description 3 ... |
Each tool wiki page is periodically (approximately weekly) updated updated, by request, with the aggregated data from these individual tables. This aggregation process is automatic. In order for the process to pick up your changes, you should adhere to certain guidelines when entering data into the AD tables.
- The Tool column should contain the name of the tool, hyperlinked to the corresponding tool wiki page.
- The easiest way to populate this field is with the Link macro in Confluence. Simply insert a Link macro and point it towards the appropriate tool page.
- The Version column contains the version of the tool to which this information pertains.
- The easiest way to populate this field is with the "Include Page" macro in Confluence. You should include the version page associated with the tool into this cell.
- Each checker name should be provided on a separate line in the Checker column. Or you can add multiple checkers on one line by separating them by commas.
- Each checker description should be provided on a separate line in the Description column, adjacent to the associated checker.
Requesting Tool Page Updates
Once you have finished making all of your changes, you must notify the SEI to request the corresponding Tool Page(s) to be updated. These pages are only updated by request, not on a regular basis, due to the sporadic nature of the community updates. You should submit your request to Robert Schiela and Dave Svoboda, or info@sei.cmu.edu if you do not have their contact information.