generates a report in SARIF format, compatible with Github Code Scanning Alerts.
Clang-tidy is currently run with a minimal set of checks, which produces around 9 warnings in this repository. If we enable all the bugprone-* checks, that will be several hundred more, so some cleanup is necessary if we want to enable those. The config is located in .clang-tidy file.
The alerts for the existing code will appear at https://github.com/argtable/argtable3/security/code-scanning. That page is visible only to repository collaborators with Write and higher levels of access. (Not sure why Github has such a limit; anyone can fork a repository and then see the alerts reported in their fork!)
If a pull request introduces a new alert, it will be shown in the PR as a note.
Related to https://github.com/argtable/argtable3/issues/70
This PR adds a Github Actions job which:
Clang-tidy is currently run with a minimal set of checks, which produces around 9 warnings in this repository. If we enable all the
bugprone-*
checks, that will be several hundred more, so some cleanup is necessary if we want to enable those. The config is located in.clang-tidy
file.The alerts for the existing code will appear at https://github.com/argtable/argtable3/security/code-scanning. That page is visible only to repository collaborators with
Write
and higher levels of access. (Not sure why Github has such a limit; anyone can fork a repository and then see the alerts reported in their fork!)If a pull request introduces a new alert, it will be shown in the PR as a note.
Example run of this workflow in my fork: https://github.com/igrr/argtable3/actions/runs/3371072231.
Example screenshots:
## Summary of alerts: ## Details of one alert: