Merge pull request #1 from CodeSecure-SE/feature/codesonar_intro

Add CodeSonar

Author: markhermeling

.devcontainer/devcontainer.json

@@ -0,0 +1,37 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/cpp
+{
+	"name": "NASA-cFS - CodeSonar ",
+	"image": "ghcr.io/codesecure-se/cfs-cso-builder:8.1p0",
+	"mounts" : [
+	"source=${localEnv:HOME}/.csurf,target=/home/user/.csurf,type=bind",
+	"source=${localEnv:HOME}/.ssh,target=/home/user/.ssh,type=bind",
+	],
+	"customizations": {
+		"vscode": {
+			"extensions": [
+				"CodeSecure.vscode-codesonar",
+				"MS-SarifVSCode.sarif-viewer",
+				"ms-vscode.cpptools",
+				"ms-vscode.cpptools-extension-pack",
+				"GitHub.vscode-pull-request-github",
+				"GitHub.remotehub"
+			]
+		}
+	}
+		// Features to add to the dev container. More info: https://containers.dev/features.
+	// "features": {},
+	
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	// "forwardPorts": [],
+	
+	// Use 'postCreateCommand' to run commands after the container is created.
+	// "postCreateCommand": "uname -a",
+	
+	// Configure tool-specific properties.
+	// "customizations": {},
+	
+	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+	// "remoteUser": "root"
+}
+	

.github/workflows/codesonar.yml

@@ -0,0 +1,61 @@
+name: CodeSonar
+on:
+  push:                  # Only run onces the Pull request is created
+    branches:
+      - 'release/**'               # Feature Branches
+  pull_request:
+    branches:
+      - 'release/**'       
+  
+jobs:
+  CodeSonar_Analyze:
+    permissions: write-all
+    runs-on: codesecure-runner-set
+    container:
+      image: ghcr.io/codesecure-se/cfs-cso-builder:8.1p0
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ secrets.github_token }}
+    env:
+      TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+      ROOT_TREE: "OSS-Projects/NASA-cFS-GitHub" 
+      PROJECT_NAME: "cFS"
+      CSONAR_HUB_URL: "https://partnerdemo.codesonar.com" 
+      CSONAR_HUB_USER: "${{ secrets.CSONAR_HUB_USER }}"
+      CSONAR_HUB_PASSWORD: "${{ secrets.CSONAR_HUB_PASS }}"
+      REPO_URL: "https://github.com/CodeSecure-SE/cFS"    # the github.repositoryUrl is not an http-link.
+
+    steps:
+      - name: Set parallelism
+        run:  echo "PARALLEL=`nproc`" >> $GITHUB_ENV
+      - name: Checkout 
+        uses: actions/checkout@v4
+      - name: Safe directory
+        run: git config --global --add safe.directory `pwd`
+      - name : init submodules
+        run: git submodule init; git submodule update
+      - name: create makefiles
+        run: cp cfe/cmake/Makefile.sample Makefile; cp -r cfe/cmake/sample_defs sample_defs
+      - name: Checkout CodeSonar CI-Script
+        uses: actions/checkout@v4
+        with:
+          repository: CodeSecure-SE/codesonar_ci
+          path: cso-scripts
+      - name: Build and Analyze
+        run: python3 cso-scripts/build_and_analyze.py codesonar.conf make -j $PARALLEL
+      - name: Upload SARIF to GitHub #Use this if you do not have GitHub Enterprise
+        if: ${{ github.event.pull_request }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: SARIF file
+          path: warnings.sarif
+      - name: Push Summary Report
+        if: ${{ github.event.pull_request }}
+        uses: thollander/actions-comment-pull-request@v2
+        with: 
+          filePath: warnings.md
+      - name: Upload SARIF results
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: warnings.sarif
+          category: "CodeSecure CodeSonar"            

.gitignore

@@ -2,3 +2,8 @@ Makefile
 build
 /sample_defs
 .DS_Store
+cFS.prj_files/*
+cFS*.conf
+cFS.prj
+*.sarif
+apps/*

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "codesonar.project": "/OSS-Projects/NASA-cFS-GitHub/developers/mhermeling"
+}

.vscode/tasks.json

@@ -0,0 +1,26 @@
+{
+    "version": "2.0.0",
+    "inputs": [
+    {
+    "id": "codesonarAnalysisName",
+    "type": "promptString",
+    "description": "CodeSonar analysis name",
+    "default": "Analysis-1234"
+    }
+    ],
+    "tasks": [
+    {
+    "type": "shell",
+    "label": "C/C++: CodeSonar analyze",
+    "command": [
+        "${config:codesonar.installDir}/codesonar/bin/codesonar analyze -foreground cFS -hubuser ${config:codesonar.hubUser} -auth certificate -name ${input:codesonarAnalysisName} -conf-file codesonar.conf -project OSS-Projects/NASA-cFS-GitHub/developers/${config:codesonar.hubUser}  ${config:codesonar.hubAddress} make -j $(nproc)"
+    ],
+    "group": "build",
+    "detail": "builder: make",
+    "presentation": {
+        "showReuseMessage": false,
+        "panel": "new"
+    }
+    }
+    ]
+}