Does SonarQube supports MISRA Standard?

does SonarQube supports MISRA Standard?

Hello @hari123

Thanks for contacting us.

SonarQube support partially MISRA C 2004, MISRA C++ 2008 and MISRA C 2012.
The rules that are implemented strctly following misra for these standards can be found at:
https://rules.sonarsource.com/cpp/tag/misra-c2004/
https://rules.sonarsource.com/cpp/tag/misra-c++2008/
https://rules.sonarsource.com/cpp/tag/misra-c2012/

I hope it helps

Hi Geoffray,

Thanks for the information.
I have one more query, does SonarQube gives a MISRA complaint report?

Regards,
Harish

Hi Harish

I guess you meant MISRA compliance report?
If that’s the case, no, SonarQube does not issue such reports.

Best,

Geoffray

Hi Geoffray,

Thanks for the details. Do you have any plan to include MISRA compliance(complete) in SonarQube , If yes , what would be the probable time frame MISRA compliance be available on SonarQube?

Regards,
Harish

Hi Harish.

Adding complete MISRA compliance and compliance report is not in our current roadmap.

Best,
Geoffray

Hi @hari123,

I’m no sure exactly what you mean by “MISRA compliance report”, MISRA in itself does not define the notion of a compliance report, and to claim MISRA compliance for your product, you anyways need more that what a tool can give you. For instance, for each deviation to a rule, you need a documented reason why you deviate, and prove that you followed the deviation procedure that you put in place.

If all you need is to know how good you are related to MISRA rules, you can just:

  • Make sure your analysis profile contains all MISRA rules (some of them are disabled in SonarWay, because they would be too noisy for general purpose software)
  • Filter your analysis results based on the rule tag:
    image

If you really need a written report (in PDF for instance), you can also use a web API to fetch the analysis results.

1 Like

@JolyLoic,

On the below link it says these rules are available in SonarLint, SonarCloud and SonarQube Developer Edition.

Which means they are not available and cannot be used in SonarQube Community Edition ? Or is there a way to set these up in CE as well ?

Thanks.

We don’t provide C++ analysis at all in SonarQube Community Edition, so yes you’ll need at least Developer edition to have C++ & MISRA analysis.