Skip to content

Add Clang Static Analyzer integration to CI/CD pipeline#5

Open
devin-ai-integration[bot] wants to merge 1 commit intomasterfrom
devin/1765478021-clang-static-analyzer
Open

Add Clang Static Analyzer integration to CI/CD pipeline#5
devin-ai-integration[bot] wants to merge 1 commit intomasterfrom
devin/1765478021-clang-static-analyzer

Conversation

@devin-ai-integration
Copy link

@devin-ai-integration devin-ai-integration bot commented Dec 11, 2025

Why I did it

Add static analysis capabilities to the SONiC build system using Clang Static Analyzer (ClangSA) to help identify potential bugs, security issues, and code quality problems in C/C++ code.

Work item tracking
  • Microsoft ADO (number only):

How I did it

  1. Created a new GitHub Actions workflow (.github/workflows/clang-static-analysis.yml) that:

    • Triggers on pushes and PRs to master and release branches
    • Installs clang and clang-analyzer
    • Runs the ClangSA make target
    • Uploads analysis reports as artifacts
    • Comments on PRs with findings summary

  2. Added rules/clang-sa.mk with make targets for running scan-build on sonic-swss and sonic-utilities

  3. Added configuration options to rules/config:

    • ENABLE_CLANG_SA - Enable/disable the analyzer (default: n)
    • CLANG_SA_CHECKERS - Configurable checker list
    • CLANG_SA_OUTPUT_DIR - Output directory for reports

How to verify it

  1. Enable ClangSA by setting ENABLE_CLANG_SA=y
  2. Run make clang-sa to execute the static analyzer
  3. Check target/clang-sa-reports/ for HTML reports

Human Review Checklist

  • Verify src/sonic-swss and src/sonic-utilities paths are correct for scan-build targets
  • Consider if sonic-utilities (primarily Python) should be included in C/C++ static analysis
  • Review if || true error suppression is appropriate or if failures should be surfaced
  • Verify workflow has necessary permissions for PR commenting

Which release branch to backport (provide reason below if selected)

  • 202205
  • 202211
  • 202305
  • 202311
  • 202405
  • 202411
  • 202505

Tested branch (Please provide the tested image version)

Description for the changelog

Add Clang Static Analyzer (ClangSA) integration to CI/CD pipeline for automated static analysis of C/C++ code.

Link to config_db schema for YANG module changes

N/A - No YANG model changes

A picture of a cute animal (not mandatory but encouraged)

🦔

Link to Devin run: https://cisco-demo.devinenterprise.com/sessions/71aaeff310a84d788d782489c0df5b1a
Requested by: Arthur Poon (arthur.poon@cognition.ai) (@arthurkkp-cog)

@devin-ai-integration @arthur-cog-sonic
Add Clang Static Analyzer integration to CI/CD pipeline
e6df4da 
- Create GitHub Actions workflow for Clang Static Analysis
- Add rules/clang-sa.mk with ClangSA targets
- Add ClangSA configuration options to rules/config
- Workflow runs on pushes and PRs to master and year-based branches
- Analysis reports uploaded as artifacts and commented on PRs

Co-Authored-By: Arthur Poon <arthur.poon@windsurf.com>
@devin-ai-integration
Copy link
Author

devin-ai-integration bot commented Dec 11, 2025

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants