Open godofredoc opened 2 years ago
laurentsimon
commented
2 years ago Thanks for the report. You run clang tidy as a a command or use an action that wraps it? I suppose the former, but would like to confirm.
Do you use a linter as well? clang-format or another tool?
godofredoc
commented
2 years ago We currently run it as a command inside our Android and iOS builders, but we are planning to separate them to their own builders. One thing I noticed is that the SAST tool check is validating the exact github check name which may not work for dart and flutter if we have iOS clang-tidy, Android clang-tidy, etc.
Here are examples of our current clang-tidy executions:
laurentsimon
commented
2 years ago once we have https://github.com/ossf/scorecard/pull/1487 landed, I'll add support for this issue.
godofredoc
commented
1 year ago \cc @zanderso
github-actions[bot]
commented
8 months ago This issue is stale because it has been open for 60 days with no activity.
github-actions[bot]
commented
4 months ago This issue has been marked stale because it has been open for 60 days with no activity.
Is your feature request related to a problem? Please describe. Dart and Flutter already use clang tidy to run several checks and perform static analysis and we would like to integrate their results with score cards.
Describe the solution you'd like Dart and Flutter LUCI builders run clang tidy on every commit blocking the PR on failures. We would like to add clang-tidy to the list of supported SAST tools to pass the SAST checks.
Describe alternatives you've considered We ran codeql manually but given the complexity of flutter/engine build system. A single iteration took +4 hours making it impossible to run on every commit.
Additional context N/A