Can I add custom rules to coverity?
Question
我正在使用覆盖率进行 java 静态代码分析,我需要添加一些自定义规则,以便根据自定义规则集进行扫描。
1 answers
solution1
0 2022-07-11 16:47:42
Yes, you can write custom rules with Coverity. There are two APIs you can use:
- "Extend" is the older API. Extend rules are written in C++ (regardless of what language you are scanning).
- "CodeXM" is the newer API. CodeXM is a domain-specific language designed for writing static analysis rules.
Both APIs are explained in the product documentation, although that is not publicly available. My recollection is both APIs support the same set of scanned languages, specifically, C, C++, Java, and Javascript.
There are a couple Synopsys blog posts about CodeXM that might help you get started:
- Getting started with writing checkers using CodeXM
- Let's write a CodeXM checker (it's not rocket science!)
Additionally, as noted in an answer to How can we add custom rules for coverity tool? , sometimes the customization you want to do can be accomplished simply by changing the options to existing checkers. (I do not consider this question to be a duplicate of that one because the other question seems to be more about adjusting the behavior of existing checkers, despite its title.)
Disclosure: I'm a former Coverity/Synopsys employee.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.