cancel
Showing results for 
Search instead for 
Did you mean: 

Scan my code for vulnerabilies using STMCubeIDE

tkheric75
Associate

I am tasked to scanned the C code for vulnerabilities using source analyzer.

I am wondering is there a possibilities of add external tool such as the source-analyzer to the IDE to perform the scanning?

Best Regards

 

1 REPLY 1
Pavel A.
Evangelist III

Sure. There is.

In the project options -> Tool settings -> MCU GCC Compiler -> Expert settings -> Command line pattern

There you can modify the compiler command and substitute your analyzer tool. 

Also, you can use Pre and Post build steps to add custom commands.

Newer versions of GCC have many advanced checks and warnings which you can enable. In project options see C/C++ General-> Code analysis and Tool settings -> MCU GCC Compiler ->Warnings.

For more info you can visit Eclipse CDT forums or Stack Overflow.