Open igrr opened 2 years ago
Another related issue, warnings.txt currently contains absolute file paths. When generating SARIF, we need to convert them to file paths relative to the repository root, otherwise Github won't associate the reported warnings with source files.
A script in https://github.com/espressif/idf-extra-components/pull/28 currently handles this after running clang-tidy-sarif (and also excludes warnings reported for ESP-IDF itself, https://github.com/espressif/clang-tidy-runner/issues/7)
Another issue with clang-tidy-sarif tool is that it only processes the first line (warning: or error:) and ignores subsequent note: lines, which provide additional context about the issue. These note lines are useful in order to understand the conditions when the issue occurs.
Example:
Libraries which may help:
Now it's possible to get diagnostics in YAML format from clang-tidy via -export-fixes
argument (which seems to work even for issues that don't have fix suggestions). This should make this task simpler, since we don't need to parse stderr anymore.
There are also discussions upstream about adding SARIF support to clang-tidy itself.
When we run clang-tidy, we get a warnings.txt file as output. It would be nice to add functionality to parse the warnings.txt file and output SARIF or SAST JSON files which can then be fed into Github or Gitlab.
For reference, there is a clang-tidy-sarif tool which performs this kind of conversion, written in Rust: https://github.com/psastras/sarif-rs/tree/main/clang-tidy-sarif.