ADR: Static code analysis for C++ projects

Context

Introduction of static code analysis tool in the pipeline of a C++ project is a must now a days since it helps us to spot potential problems in our code in the very early stage. We may overlook the compiler warnings, thinking its just a warning but it can be a big problem in the bigger scope of things.

A static code analysis tool helps with that and also helps us enforce better coding styles and practices.

Proposal

CPP Check

I have analyzed and used cpp-check in one of my OpenETPServer branches, and the report can be seen in this artifact.

Future Scope

We can decide to fail the pipeline if we are getting errors detected in CPPCheck or any other tool as suggested by the Open Source Community. We can introduce further styles/coding rules which we can enforce from the tool, eg: Restrict the number of lines in a function/lambda function etc.

Analysis Done

I have looked for open source tools available for use online and are easy to set up as well as customize with less efforts.

This report has been generated with only one additional style and few errors are ignored which can be seen here.

Conclusion

It will be an advantage for us to have a static analysis tool run from pipeline and will help us maintain a better quality of work.

Please feel free to suggest any other open source static analysis tool which we can use, or we can customize cpp check further to get a better customized output.