Code Analysis

.deepsource.toml

This section covers .deepsource.toml configuration specific to the cxx analyzer. Please make sure to read the general configuration guide first.

name

  • Type: String
  • Presence: mandatory
  • Description: Shortcode of the analyzer.
  • Example:
name = "cxx"

enabled

  • Type: Boolean
  • Presence: optional
  • Description: Toggle whether this analyzer should be run.
  • Example:
enabled = true

meta

  • Type: Table
  • Presence: optional
  • Description: Any supported metadata to pass to the analyzer.
  • Example:
[analyzers.meta]
  misra_compliance = true

misra_compliance

  • Type: Boolean
  • Presence: optional
  • Description: Enables MISRA-C issues for linting on the given source code.
  • Default Value: false
  • Example:
misra_compliance = true

cyclomatic_complexity_threshold

  • Type: String
  • Presence: optional
  • Description: Specify the acceptable risk category for your project as the threshold. All functions with complexity beyond this threshold will raise an issue. For example, setting the threshold to low will flag all functions that have a cyclomatic complexity of more than 5, while setting the threshold to critical will not flag any function.
  • Available Values: low, medium, high, very-high and critical
Risk categoryCyclomatic complexity rangeRecommended action
low1-5No action is needed.
medium6-15Review and monitor.
high16-25Review and refactor. Recommended to add detailed comments if the function absolutely needs to be kept as it is.
very-high26-50Refactor to reduce the complexity.
critical>50Must refactor this. This can make the code untestable and very difficult to understand.
  • Default Value: very-high
  • Example:
cyclomatic_complexity_threshold = "high"

Sample config

version = 1

test_patterns = [
  "tests/**"
]

exclude_patterns = [
  "**/examples/**"
]

[[analyzers]]
name = "cxx"
enabled = true

  [analyzers.meta]
  misra_compliance = true
  cyclomatic_complexity_threshold = "high"

Code Coverage

GCC & LCOV

Here are the steps to generate and report C/C++ coverage data:

# Install lcov using package manager
# Or, use https://github.com/linux-test-project/lcov/releases

# Before running your build tool add,
# -fprofile-arcs -ftest-coverage to the command line flags

# For CMake, add to the cmake project
# SET(CMAKE_CXX_FLAGS "-g -O0 -Wall -fprofile-arcs -ftest-coverage")
# SET(CMAKE_C_FLAGS "-g -O0 -Wall -W -fprofile-arcs -ftest-coverage")
# SET(CMAKE_EXE_LINKER_FLAGS "-fprofile-arcs -ftest-coverage")

# For makefile, add it to the default compile command

# From the directory with in which files .gcno and .gcda are located.
lcov –c –d . –o coverage.info

# Install 'deepsource CLI'
curl https://deepsource.io/cli | sh

# Set DEEPSOURCE_DSN env variable from repository settings page
export DEEPSOURCE_DSN=https://sampledsn@deepsource.io

# From the root directory, run the report coverage command
./bin/deepsource report --analyzer test-coverage --key cxx --value-file ./coverage.info

Code Formatter (Transformer)

clang-format

Transform all incoming C and C++ code with clang-format. Documentation for clang-format configurations can be found at clang-format docs.

This section covers .deepsource.toml configuration specific to the clang-format transformer. Please make sure to read the general configuration guide first.

name

  • Type: String
  • Presence: mandatory
  • Description: Shortcode of this transformer.
  • Example:
name = "clang-format"

enabled

  • Type: Boolean
  • Presence: optional
  • Description: Toggle whether this transformer should be run.
  • Example:
enabled = true

Vulnerability Scanning

Vulnerability scanning is not supported for C/C++ codebases at this time.