scan-build is a command line utility that enables a user to run the static analyzer over their codebase as part of performing a regular build (from the command line).
Alpine Linux 3.7
Patterns to include in reports.
Note: The input patterns are not applied when running scan-build since scan-build performs a regular build to analyze and the files excluded by the patterns may be required for the build. Therefore, the files excluded by the patterns are always processed and you may even see logs related to the excluded files in the job console. However, Inspecode eventually ignores any issues detected on the excluded files when generating job reports.
Patterns to exclude from reports.
Note: Just like
input:, the ignore patterns are not applied when running scan-build.
Amount of CPU. The default machine has
0.75 CPU with
2880 MiB RAM.
Below is the list of options that are supported:
OPTIONS: -analyze-headers Also analyze functions in #included files. By default, such functions are skipped unless they are called by functions within the main source file. --force-analyze-debug-code Tells analyzer to enable assertions in code even if they were disabled during compilation to enable more precise results. -k --keep-going Add a "keep on going" option to the specified build command. This option currently supports make and xcodebuild. This is a convenience option; one can specify this behavior directly using build options. ADVANCED OPTIONS: -maxloop <loop count> Specify the number of times a block can be visited before giving up. Default is 4. Increase for more comprehensive coverage at a cost of speed. CONTROLLING CHECKERS: A default group of checkers are always run unless explicitly disabled. Checkers may be enabled/disabled using the following options: -enable-checker [checker name] -disable-checker [checker name]
-- option is also supported to specify your build commands.
No tool specific severity levels are available.
Note: The incremental analysis cannot be supported for scan-build. This is because scan-build performs a regular build with requiring all build dependencies and the results on unchanged files can be affected by changed files.
With default options:
inspecode: scan-build: default
With custom machine:
inspecode: scan-build: machine: cpu: 1.5 # 1.5 CPU, 5760 MiB RAM
With custom options:
inspecode: scan-build: options: - -k - --: ./configure - --: [make, mytarget]
With the above configuration, Inspecode runs scan-build twice as shown below:
scan-build -k ./configure scan-build -k make mytarget
If no build commands are explicitly specified via
-- option such as when using
default built-in configuration, Inspecode recursively scans your repository to detect project directories enabling one of the following build systems, and then run build commands at each directory accordingly.
cmake . && make)
./configure && make)
If the automatic detection does not suit your project, explicitly specify build commands via
scan-build requires all build dependencies to run, so Inspecode tries to download dependencies before running scan-build:
.gitmodulesis placed at the root of your repository, runs
git submodule update --init --recursive
As of now, Inspecode can download:
Note: If resolving dependencies fails due to some reasons, you can see the error log, however, Inspecode continues the process unless running scan-build itself fails.