Planning to use SonarQube for Static Code Analysis (MISRA C compliance) of code we are going to develop.
Compiler : gcc and g++
Architecture : ARM7
OS : Open Linux
Compilation : Cross-Compilation toolchain.
Programming Language : C and C++
Can we use SonarQube to perform static code analysis for the above mentioned build details?
Welcome to the community!
Based on the docs, your compiler is supported but not your architecture. That said, you may still be able to do this if you provide a compilation database.
Hi @kangaes and welcome to the community!
To elaborate a bit on @ganncamp’s response, I will try to summarize the environment requirements for C and C++ analysis in a few points:
- Building and analyzing always needs to happen in the same environment. This has to be the case whether you are using build-wrapper or compilation database.
- This environment should match one of our supported runtime environments (that is, the environment where the analyzer runs).
- When it comes to the architecture you are targeting, the analyzer tries to mimic your compiler’s behavior (as long as it is one of the supported compilers). This can affect, for example, the analysis of macro-guarded architecture-specific code, and rules that depend on the exact sizes of types, …etc.
In your case, as per SonarQube 10.3, GCC is one of the supported compilers and Linux is supported as a runtime environment only on x86-64. Therefore, you should be able to use SonarQube as long as your analysis (and by extension, build) environment uses Linux on x86-64 (even if you are cross-compiling for ARM7). This applies whether you decide to use build-wrapper or a compilation database.
I hope this clarifies, and let us know if you have any further questions!