Skip to content
play

GitHub Action

cppcheck-sarif

v2.0 Latest version

cppcheck-sarif

play

cppcheck-sarif

Convert cppcheck xml report to sarif

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: cppcheck-sarif

              
  uses: Flast/[email protected]
Learn more about this action in Flast/cppcheck-sarif

Choose a version

cppcheck-sarif

Go Report Card

cppcheck-sarif is a converter which converts cppcheck xml report to Static Analysis Results Interchange Format (SARIF).

Build

go build .

Example usage

cppcheck --xml --output-file=report.xml .
cppcheck-sarif -output report.sarif report.xml

Use errorlist.xml instead of embedded one

cppcheck --errorlist > errorlist.xml
cppcheck --xml --output-file=report.xml .
cppcheck-sarif -errorlist errorlist.xml -output report.sarif report.xml

GitHub Action usage

name: cppcheck

on:
  push:
    branches:
      - master

jobs:
  upload-sarif:
    runs-on: ubuntu-24.04
    permissions:
      security-events: write
      actions: read
      contents: read
    steps:
      - uses: actions/checkout@v4

      - run: |
          sudo apt-get install -y cppcheck

      - run: |
          cppcheck --enable=all --xml --output-file=report.xml .

      - uses: Flast/cppcheck-sarif@v2
        with:
          input: report.xml
          output: report.sarif

      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: report.sarif
          category: cppcheck

References