Revamp README and workflows for my own fork, start adding fbinfer and…

.github/workflows/coverage.yml

@@ -0,0 +1,41 @@
+name: StaticAnalysis-MoreCPP Coverage and Test Results Upload
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  check:
+    name: Run Unit Tests with Coverage, with CodeCov for coverage and test results upload
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.13.0
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pytest PyGithub pytest-cov sarif-om jsonpickle
+      - name: Test with coverage
+        run: |
+          pytest --cov-report xml:coverage.xml
+      - name: Test with analysis
+        run: |
+          pytest --cov --junitxml=junit.xml -o junit_family=legacy
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@v5.3.1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          slug: eljonny/StaticAnalysis-MoreCPP
+      - name: Upload test results to Codecov
+        if: ${{ !cancelled() }}
+        uses: codecov/test-results-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/linter.yml

@@ -1,25 +1,27 @@
-name: Linter
+name: StaticAnalysis-MoreCPP Project Code Linting and Style Checks
 
 on:
   push:
     branches:
       - main
   pull_request:
+    branches:
+      - main
 
 jobs:
   check:
     name: Run Linter
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
 
       - name: CodeQuality
-        uses: JacobDomagala/StaticAnalysis@main
+        uses: JacobDomagala/StaticAnalysis@v0.0.8
         with:
           language: "Python"
           pylint_args: "--rcfile=.pylintrc --recursive=true"
           python_dirs: "src test"
-          exclude_dir: "test/utils/"
+          exclude_dir: "test/utils/dummy_project"
 
       - name: PyLint
         uses: ricardochaves/python-lint@v1.4.0

.github/workflows/shellcheck.yml

@@ -1,10 +1,12 @@
-name: "Shellcheck"
+name: "StaticAnalysis-MoreCPP Shellcheck"
 
 on:
   push:
     branches:
       - main
   pull_request:
+    branches:
+      - main
 
 jobs:
   shellcheck:
@@ -13,6 +15,6 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Run ShellCheck
-        uses: ludeeus/action-shellcheck@main
+        uses: ludeeus/action-shellcheck@master
         with:
           ignore_names: llvm.sh # External file

.github/workflows/test_action.yml

@@ -1,10 +1,12 @@
-name: Test Action
+name: StaticAnalysis-MoreCPP Test GitHub Action
 
 on:
   push:
     branches:
       - main
   pull_request:
+    branches:
+      - main
 
 jobs:
   check:
@@ -31,8 +33,8 @@ jobs:
             BRANCH_NAME=${GITHUB_HEAD_REF}
           fi
 
-          git clone "https://${{secrets.TOKEN}}@github.com/JacobDomagala/TestRepo.git"
-          cd TestRepo
+          git clone "https://${{secrets.TOKEN}}@github.com/eljonnyTest/StaticAnalysisTestRepo.git"
+          cd StaticAnalysisTestRepo
           python ./switch_sa_branch.py -br=$BRANCH_NAME
           git diff --quiet && git diff --staged --quiet || git commit -am"Update branch name: ($BRANCH_NAME)"
           git push
@@ -48,8 +50,8 @@ jobs:
           git push -f
 
           # test pull_request_target
-          git clone "https://${{secrets.TOKEN}}@github.com/JacobDTest/TestRepo.git"
-          cd TestRepo
+          git clone "https://${{secrets.TOKEN}}@github.com/eljonnyTest/StaticAnalysisTestRepoFork.git"
+          cd StaticAnalysisTestRepoFork
           git checkout test-branch-fork
           git commit -as --amend --no-edit
           git push -f
@@ -61,16 +63,16 @@ jobs:
           message: |
             ## Test Action results
             ***
-            ### [Result for push](https://github.com/JacobDomagala/TestRepo/actions/workflows/test.yml?query=branch%3Amain)
+            ### [Result for push](https://github.com/eljonny/StaticAnalysisTestRepo/actions/workflows/test.yml?query=branch%3Amain)
 
             ***
-            ### [Result for pull_request (CMake)](https://github.com/JacobDomagala/TestRepo/pull/3#issuecomment-1404081176)
+            ### [Result for pull_request (CMake)](https://github.com/eljonny/StaticAnalysisTestRepo/pull/3#issuecomment-1404081176)
 
             ***
-            ### [Result for pull_request (non CMake)](https://github.com/JacobDomagala/TestRepo/pull/3#issuecomment-1404102205)
+            ### [Result for pull_request (non CMake)](https://github.com/eljonny/StaticAnalysisTestRepo/pull/3#issuecomment-1404102205)
 
             ***
-            ### [Result for pull_request_target (CMake)](https://github.com/JacobDomagala/TestRepo/pull/7#issuecomment-1404081052)
+            ### [Result for pull_request_target (CMake)](https://github.com/eljonny/StaticAnalysisTestRepo/pull/7#issuecomment-1404081052)
 
             ***
-            ### [Result for pull_request_target (non CMake)](https://github.com/JacobDomagala/TestRepo/pull/7#issuecomment-1404101648)
+            ### [Result for pull_request_target (non CMake)](https://github.com/eljonny/StaticAnalysisTestRepo/pull/7#issuecomment-1404101648)

.github/workflows/unit_tests.yml

@@ -1,10 +1,12 @@
-name: Unit Tests
+name: StaticAnalysis-MoreCPP Unit Tests
 
 on:
   push:
     branches:
       - main
   pull_request:
+    branches:
+      - main
 
 jobs:
   check:
@@ -19,7 +21,8 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install pytest PyGithub
+          pip install pytest PyGithub sarif-om jsonpickle
       - name: Test with pytest
         run: |
           pytest
+

Dockerfile

@@ -1,4 +1,4 @@
-FROM jdomagala/static_analysis:latest
+FROM jhyry9docks/static_analysis:morecpp
 
 WORKDIR /src
 
@@ -7,5 +7,4 @@ COPY src/*.py ./
 COPY *.sh ./
 RUN chmod +x *.sh
 
-
 ENTRYPOINT ["/src/entrypoint.sh"]

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2021 GitHub, Inc. and contributors
+Copyright (c) 2025 Jonathan Hyry et al
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -1,16 +1,24 @@
-[![Linter](https://github.com/JacobDomagala/StaticAnalysis/actions/workflows/linter.yml/badge.svg?branch=main)](https://github.com/JacobDomagala/StaticAnalysis/actions/workflows/linter.yml?query=branch%3Amain)
-[![Test Action](https://github.com/JacobDomagala/StaticAnalysis/actions/workflows/test_action.yml/badge.svg?branch=main)](https://github.com/JacobDomagala/StaticAnalysis/actions/workflows/test_action.yml?query=branch%3Amain)
-[![Unit Tests](https://github.com/JacobDomagala/StaticAnalysis/actions/workflows/unit_tests.yml/badge.svg?branch=main)](https://github.com/JacobDomagala/StaticAnalysis/actions/workflows/unit_tests.yml?query=branch%3Amain)
+[![Linter](https://github.com/eljonny/StaticAnalysis-MoreCPP/actions/workflows/linter.yml/badge.svg)](https://github.com/eljonny/StaticAnalysis-MoreCPP/actions/workflows/linter.yml)
+[![Test Action](https://github.com/eljonny/StaticAnalysis-MoreCPP/actions/workflows/test_action.yml/badge.svg)](https://github.com/eljonny/StaticAnalysis-MoreCPP/actions/workflows/test_action.yml)
+[![Unit Tests](https://github.com/eljonny/StaticAnalysis-MoreCPP/actions/workflows/unit_tests.yml/badge.svg)](https://github.com/eljonny/StaticAnalysis-MoreCPP/actions/workflows/unit_tests.yml)
+[![Shell Script Check](https://github.com/eljonny/StaticAnalysis-MoreCPP/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/eljonny/StaticAnalysis-MoreCPP/actions/workflows/shellcheck.yml)
+[![Code Coverage](https://github.com/eljonny/StaticAnalysis-MoreCPP/actions/workflows/coverage.yml/badge.svg)](https://github.com/eljonny/StaticAnalysis-MoreCPP/actions/workflows/coverage.yml)
+[![codecov](https://codecov.io/gh/eljonny/StaticAnalysis-MoreCPP/graph/badge.svg?token=QJZvQ3D9aK)](https://codecov.io/gh/eljonny/StaticAnalysis-MoreCPP)
 
 # Static Analysis
 
 This GitHub action is designed for C++/Python projects and performs static analysis using:
-- [cppcheck](http://cppcheck.sourceforge.net/) and [clang-tidy](https://clang.llvm.org/extra/clang-tidy/) for C++
-- [pylint](https://pylint.readthedocs.io/en/latest/index.html) for Python
+- For C++:
+  - [cppcheck](https://github.com/danmar/cppcheck) Main page [here](http://cppcheck.sourceforge.net/)
+  - [clang-tidy](https://github.com/llvm/llvm-project/tree/main/clang-tools-extra/clang-tidy) Main page [here](https://clang.llvm.org/extra/clang-tidy/)
+  - [fbinfer](https://github.com/facebook/infer) Main page [here](https://fbinfer.com/)
+  - [flawfinder](http://sourceforge.net/projects/flawfinder/) Main page [here](https://dwheeler.com/flawfinder/)
+- For Python
+  - [pylint](https://github.com/pylint-dev/pylint) Main page [here](https://pylint.readthedocs.io/en/latest/index.html)
 
 It can be triggered by push and pull requests.
 
-For further information and guidance about setup and various inputs, please see sections dedicated to each language ([**C++**](https://github.com/JacobDomagala/StaticAnalysis?tab=readme-ov-file#c) and [**Python**](https://github.com/JacobDomagala/StaticAnalysis?tab=readme-ov-file#python))
+For further information and guidance about setup and various inputs, please see sections dedicated to each language ([**C++**](https://github.com/eljonny/StaticAnalysis-MoreCPP?tab=readme-ov-file#c) and [**Python**](https://github.com/eljonny/StaticAnalysis-MoreCPP?tab=readme-ov-file#python))
 
 ## Pull Request comment
 
@@ -32,7 +40,7 @@ For non Pull Requests, the output will be printed to GitHub's output console. Th
 <br><br>
 
 # C++
-While it's recommended that your project is CMake-based, it's not required (see the [**Inputs**](https://github.com/JacobDomagala/StaticAnalysis#inputs) section below). We also recommend using a ```.clang-tidy``` file in your root directory. If your project requires additional packages to be installed, you can use the `apt_pckgs` and/or `init_script` input variables to install them (see the [**Workflow example**](https://github.com/JacobDomagala/StaticAnalysis#workflow-example) or [**Inputs**](https://github.com/JacobDomagala/StaticAnalysis#inputs) sections below). If your repository allows contributions from forks, you must use this Action with the `pull_request_target` trigger event, as the GitHub API won't allow PR comments otherwise.
+While it's recommended that your project is CMake-based, it's not required (see the [**Inputs**](https://github.com/eljonny/StaticAnalysis-MoreCPP#inputs) section below). We also recommend using a ```.clang-tidy``` file in your root directory. If your project requires additional packages to be installed, you can use the `apt_pckgs` and/or `init_script` input variables to install them (see the [**Workflow example**](https://github.com/eljonny/StaticAnalysis-MoreCPP#workflow-example) or [**Inputs**](https://github.com/eljonny/StaticAnalysis-MoreCPP#inputs) sections below). If your repository allows contributions from forks, you must use this Action with the `pull_request_target` trigger event, as the GitHub API won't allow PR comments otherwise.
 
 By default, **cppcheck** runs with the following flags:
 ```--enable=all --suppress=missingIncludeSystem --inline-suppr --inconclusive```
@@ -52,7 +60,6 @@ on:
     branches:
       - develop
       - main
-      - main
 
   # 'pull_request_target' allows this Action to also run on forked repositories
   # The output will be shown in PR comments (unless the 'force_console_print' flag is used)
@@ -72,7 +79,7 @@ jobs:
       run: |
         echo "#!/bin/bash
 
-        # Input args provided by StaticAnalysis action
+        # Input args provided by StaticAnalysis-MoreCPP action
         root_dir=\${1}
         build_dir=\${2}
         echo \"Hello from the init script! First arg=\${root_dir} second arg=\${build_dir}\"
@@ -82,7 +89,7 @@ jobs:
         apt install -y libvulkan1 mesa-vulkan-drivers vulkan-utils" > init_script.sh
 
     - name: Run static analysis
-      uses: JacobDomagala/StaticAnalysis@main
+      uses: eljonny/StaticAnalysis-MoreCPP@morecpp-latest
       with:
         language: c++
 
@@ -102,24 +109,36 @@ jobs:
 
         # (Optional) cppcheck args
         cppcheck_args: --enable=all --suppress=missingIncludeSystem
+
+        # (Optional) infer args, required if not using CMake
+        fbinfer_args: -- make -j 4
+
+        # (Optional) flawfinder args
+        flawfinder_args: --minlevel=1 --context --dataonly --quiet --columns --error-level=2
+
+        # (Optional) flawfinder targets, if you use something other than src and include for implementations and headers, respectively, or if there are additional directories with implementation code and/or headers
+        flawfinder_targets: src include otherSrc otherInclude
 ```
 
 ## Inputs
 
 | Name                    | Description                        | Default value |
 |-------------------------|------------------------------------|---------------|
-| `github_token`          | Github token used for Github API requests |`${{github.token}}`|
-| `pr_num`                | Pull request number for which the comment will be created |`${{github.event.pull_request.number}}`|
+| `github_token`          | Github token used for Github API requests | `${{github.token}}` |
+| `pr_num`                | Pull request number for which the comment will be created | `${{github.event.pull_request.number}}` |
 | `comment_title`         | Title for comment with the raport. This should be an unique name | `Static analysis result` |
 | `exclude_dir`           | Directory which should be excluded from the raport | `<empty>` |
 | `apt_pckgs`             | Additional (space separated) packages that need to be installed in order for project to compile | `<empty>` |
 | `init_script`           | Optional shell script that will be run before configuring project (i.e. running CMake command). This should be used, when the project requires some environmental set-up beforehand. Script will be run with 2 arguments: `root_dir`(root directory of user's code) and `build_dir`(build directory created for running SA). Note. `apt_pckgs` will run before this script, just in case you need some packages installed. Also this script will be run in the root of the project (`root_dir`) | `<empty>` |
-| `cppcheck_args`         | Cppcheck (space separated) arguments that will be used |`--enable=all --suppress=missingIncludeSystem --inline-suppr --inconclusive`|
-| `clang_tidy_args`       | clang-tidy arguments that will be used (example: `-checks='*,fuchsia-*,google-*,zircon-*'` |`<empty>`|
-| `report_pr_changes_only`| Only post the issues found within the changes introduced in this Pull Request. This means that only the issues found within the changed lines will po posted. Any other issues caused by these changes in the repository, won't be reported, so in general you should run static analysis on entire code base  |`false`|
+| `cppcheck_args`         | Cppcheck (space separated) arguments that will be used | `--enable=all --suppress=missingIncludeSystem --inline-suppr --inconclusive` |
+| `clang_tidy_args`       | clang-tidy arguments that will be used (example: `-checks='*,fuchsia-*,google-*,zircon-*'`) | `<empty>` |
+| `fbinfer_args`          | FB Infer arguments that will be used, if you don't use CMake, use this to specify the build system (example: `-- make -j 4`) | `<empty>` |
+| `flawfinder_args`       | flawfinder arguments that will be used (example: `--minlevel=0 --html --html-title="ProjectX Flawfinder Report" --columns`) | `--minlevel=0 --context --dataonly --quiet --columns --error-level=0` |
+| `flawfinder_targets`    | Directories with implementation and/or header files that will be analyzed with flawfinder | `src include` |
+| `report_pr_changes_only`| Only post the issues found within the changes introduced in this Pull Request. This means that only the issues found within the changed lines will po posted. Any other issues caused by these changes in the repository, won't be reported, so in general you should run static analysis on entire code base  | `false` |
 | `use_cmake`             | Determines wether CMake should be used to generate compile_commands.json file | `true` |
-| `cmake_args`            | Additional CMake arguments |`<empty>`|
-| `force_console_print`   | Output the action result to console, instead of creating the comment |`false`|
+| `cmake_args`            | Additional CMake arguments | `<empty>` |
+| `force_console_print`   | Output the action result to console, instead of creating the comment | `false` |
 
 **NOTE: `apt_pckgs` will run before `init_script`, just in case you need some packages installed before running the script**
 
@@ -147,7 +166,7 @@ jobs:
       - uses: actions/checkout@v3
 
       - name: CodeQuality
-        uses: JacobDomagala/StaticAnalysis@main
+        uses: eljonny/StaticAnalysis-MoreCPP@morecpp-latest
         with:
           language: "Python"
           pylint_args: "--rcfile=.pylintrc --recursive=true"

action.yml

@@ -1,5 +1,5 @@
-name: "Static analysis for C++(Clang-19)/Python project"
-description: "Static analysis with cppcheck & clang-tidy for C++, pylint for Python. Posts results to PRs or console."
+name: "Static Analysis for C++ and Python projects"
+description: "Static analysis with cppcheck, clang-tidy, fbinfer, and flawfinder for C++, pylint for Python. Posts results to PRs or console."
 
 inputs:
   github_token:
@@ -21,7 +21,7 @@ inputs:
     description: 'Title for comment with the raport. This should be an unique name'
     default: Static analysis result
   exclude_dir:
-    description: 'Directories (space separated) which should be excluded from the raport'
+    description: 'Directories (space separated) which should be excluded from the report'
   apt_pckgs:
     description: 'Additional (space separated) packages that need to be installed in order for project to compile'
   init_script:
@@ -35,7 +35,15 @@ inputs:
     description: 'cppcheck (space separated) arguments that will be used'
     default: --enable=all --suppress=missingIncludeSystem --inline-suppr --inconclusive
   clang_tidy_args:
-    description: 'clang-tidy arguments that will be used (example: -checks="*,fuchsia-*,google-*,zircon-*"'
+    description: 'clang-tidy arguments that will be used (example: -checks="*,fuchsia-*,google-*,zircon-*")'
+  fbinfer_args:
+    description: 'Arguments that will be passed to infer'
+  flawfinder_args:
+    description: 'Flawfinder arguments that will be used'
+    default: --minlevel=0 --context --dataonly --quiet --columns --error-level=0
+  flawfinder_targets:
+    description: 'Directories (space separated) containing C/C++ header and/or files to be checked'
+    default: ${{github.workspace}}/src ${{github.workspace}}/include
   report_pr_changes_only:
     description: 'Only post the issues found within the changes introduced in this Pull Request'
     default: false

codecov.yml

@@ -0,0 +1,6 @@
+ignore:
+  - "local/**"
+  - "test/test_*.py"
+  - "docker/**"
+  - ".github/**"
+  - ".pytest_cache/**"