dbb086099d | ||
---|---|---|
.github | ||
.vscode | ||
apply-configuration | ||
apply-recategorization | ||
c | ||
change_notes | ||
cpp | ||
docs | ||
integration-tests/deviations | ||
rule_packages | ||
schemas | ||
scripts | ||
thirdparty/cert | ||
.clang-format | ||
.codeqlmanifest.json | ||
.editorconfig | ||
.gitattributes | ||
.gitignore | ||
CODE_OF_CONDUCT.md | ||
CONTRIBUTING.md | ||
LICENSE.md | ||
README.md | ||
SECURITY.md | ||
amendments.csv | ||
rules.csv | ||
supported_codeql_configs.json |
README.md
CodeQL Coding Standards
This repository contains CodeQL queries and libraries which support various Coding Standards.
Supported standards
Carnegie Mellon and CERT are registered trademarks of Carnegie Mellon University.
This repository contains CodeQL queries and libraries which support various Coding Standards for the C++14, C99 and C11 programming languages.
The following coding standards are supported:
- AUTOSAR - Guidelines for the use of C++14 language in critical and safety-related systems (Releases R22-11, R20-11, R19-11 and R19-03).
- SEI CERT C++ Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)
- SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)
- MISRA C 2012, 3rd Edition, 1st revision (incoporating Amendment 1 & Technical Corrigendum 1). In addition, we support the following additional amendments and technical corrigendums:
🚧 Standards under development 🚧
The following standards are under active development:
- MISRA C++ 2023 - under development - scheduled for release 2025 Q1
- MISRA C 2023 - under development - scheduled for release 2025 Q1
- This includes the development of MISRA C 2012 Amendment 3 and MISRA C 2012 Amendment 4, which are incorporated into MISRA C 2023.
How do I use the CodeQL Coding Standards Queries?
The use of the CodeQL Coding Standards is extensively documented in the user manual.
Use in a functional safety environment
The CodeQL Coding Standards is qualified as a "software tool" under "Part 8: Supporting processes" of ISO 26262 ("Road vehicles - Functional Safety") as described in our tool qualification documents. Use of the CodeQL Coding Standards is only compliant with the qualification if it is used as distributed by GitHub and according to the requirements described in the user manual.
Any changes to the CodeQL Coding Standards distribution and/or deviations from the requirements and steps described in the user manual runs the risk of non compliance.
Contributing
We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our contributing guidelines. You can also consult our development handbook to learn about the requirements for a contribution.
License
Unless otherwise noted below, the code in this repository is licensed under the MIT License by GitHub.
Parts of certain query help files (.md
extension) are reproduced under the following licenses:
- SEI CERT® Coding Standards (reproduced as of 15th March 2021).
These licenses are directly referenced where applicable.
All code in the thirdparty directory is licensed according to the files present in those sub directories.
All header files in c/common/test/includes/standard-library are licensed according to LICENSE
1This repository incorporates portions of the SEI CERT® Coding Standards available at https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards; however, such use does not necessarily constitute or imply an endorsement, recommendation, or favoring by Carnegie Mellon University or its Software Engineering Institute.