{"id":5801736,"name":"JacobDomagala/StaticAnalysis","ecosystem":"actions","description":"Static analysis with cppcheck \u0026 clang-tidy for C++, pylint for Python. Posts results to PRs or console.","homepage":"","licenses":"mit","normalized_licenses":["MIT"],"repository_url":"https://github.com/JacobDomagala/StaticAnalysis","keywords_array":["clang-tidy","cmake","cpp","cppcheck","githubaction-workflow","pylint","python","static-analysis"],"namespace":"JacobDomagala","versions_count":8,"first_release_published_at":"2021-03-14T19:14:01.000Z","latest_release_published_at":"2025-02-26T09:58:04.000Z","latest_release_number":"v0.0.8","last_synced_at":"2026-04-16T02:46:35.341Z","created_at":"2023-01-04T13:22:54.259Z","updated_at":"2026-04-16T02:46:35.341Z","registry_url":"https://github.com/JacobDomagala/StaticAnalysis","install_command":null,"documentation_url":null,"metadata":{"name":"Static analysis for C++/Python project","description":"Static analysis with cppcheck \u0026 clang-tidy for C++, pylint for Python. Posts results to PRs or console.","inputs":{"github_token":{"description":"Github token used for Github API requests","default":"${{ github.token }}"},"pr_num":{"description":"Pull request number for which the comment will be created","default":"${{ github.event.pull_request.number }}"},"repo":{"description":"Repository name","default":"${{ github.repository }}"},"pr_repo":{"description":"Head repository (This is useful when using Action with [pull_request_target])","default":"${{ github.event.pull_request.head.repo.full_name }}"},"pr_head":{"description":"Head (branch) for PR (same as `pr_repo` input, useful with [pull_request_target]","default":"${{ github.event.pull_request.head.ref }}"},"comment_title":{"description":"Title for comment with the raport. This should be an unique name","default":"Static analysis result"},"exclude_dir":{"description":"Directories (space separated) which should be excluded from the raport"},"apt_pckgs":{"description":"Additional (space separated) packages that need to be installed in order for project to compile"},"init_script":{"description":"'Optional shell script that will be run before configuring project (i.e. running CMake command).'\n'This should be used, when the project requires some environmental set-up beforehand'\n'Script will be run with 2 arguments: `root_dir`(root directory of user's code) and `build_dir`(build directory created for running SA)'\n'Note. `apt_pckgs` will run before this script, just in case you need some packages installed'\n'Also this script will be run in the root of the project (`root_dir`)'\n"},"cppcheck_args":{"description":"cppcheck (space separated) arguments that will be used","default":"--enable=all --suppress=missingIncludeSystem --inline-suppr --inconclusive"},"clang_tidy_args":{"description":"clang-tidy arguments that will be used (example: -checks=\"*,fuchsia-*,google-*,zircon-*\""},"report_pr_changes_only":{"description":"Only post the issues found within the changes introduced in this Pull Request","default":false},"use_cmake":{"description":"Determines wether CMake should be used to generate compile_commands.json file","default":true},"cmake_args":{"description":"Additional CMake arguments"},"force_console_print":{"description":"Output the action result to console, instead of creating the comment","default":false},"verbose":{"description":"Verbose output. Used for debugging","default":false},"language":{"description":"Programming language to check for. Supported languages are: C++/Python","default":"C++"},"pylint_args":{"description":"PyLint options"},"python_dirs":{"description":"Directories containing python files to be checked"}},"runs":{"using":"docker","image":"Dockerfile"},"branding":{"icon":"book-open","color":"white"},"default_branch":"master","path":null},"repo_metadata":{"id":39182624,"uuid":"342726135","full_name":"JacobDomagala/StaticAnalysis","owner":"JacobDomagala","description":"GitHub action performs static analysis on C++/Python code, flags issues, and posts comments directly on PRs.","archived":false,"fork":false,"pushed_at":"2025-06-13T09:43:22.000Z","size":603,"stargazers_count":33,"open_issues_count":6,"forks_count":11,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-10-20T21:31:11.220Z","etag":null,"topics":["clang-tidy","cmake","cpp","cppcheck","githubaction-workflow","pylint","python","static-analysis"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JacobDomagala.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-02-26T23:25:31.000Z","updated_at":"2025-10-08T12:52:59.000Z","dependencies_parsed_at":"2023-02-19T13:45:42.185Z","dependency_job_id":"630af212-398e-4f92-98bf-b24ced542293","html_url":"https://github.com/JacobDomagala/StaticAnalysis","commit_stats":{"total_commits":170,"total_committers":2,"mean_commits":85.0,"dds":0.02352941176470591,"last_synced_commit":"9ff39c97490510362a52ee2db0db3e11adf8ea88"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/JacobDomagala/StaticAnalysis","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JacobDomagala%2FStaticAnalysis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JacobDomagala%2FStaticAnalysis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JacobDomagala%2FStaticAnalysis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JacobDomagala%2FStaticAnalysis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JacobDomagala","download_url":"https://codeload.github.com/JacobDomagala/StaticAnalysis/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JacobDomagala%2FStaticAnalysis/sbom","scorecard":{"id":69763,"data":{"date":"2025-08-11","repo":{"name":"github.com/JacobDomagala/StaticAnalysis","commit":"2f85fa290fca38d34102e175c92cf0b3a3597452"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.8,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/7 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"11 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/linter.yml:1","Warn: no topLevel permission defined: .github/workflows/shellcheck.yml:1","Warn: no topLevel permission defined: .github/workflows/test_action.yml:1","Warn: no topLevel permission defined: .github/workflows/unit_tests.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linter.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/JacobDomagala/StaticAnalysis/linter.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/linter.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/JacobDomagala/StaticAnalysis/linter.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/linter.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/JacobDomagala/StaticAnalysis/linter.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shellcheck.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/JacobDomagala/StaticAnalysis/shellcheck.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/shellcheck.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/JacobDomagala/StaticAnalysis/shellcheck.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_action.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/JacobDomagala/StaticAnalysis/test_action.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_action.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/JacobDomagala/StaticAnalysis/test_action.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_action.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/JacobDomagala/StaticAnalysis/test_action.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit_tests.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/JacobDomagala/StaticAnalysis/unit_tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit_tests.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/JacobDomagala/StaticAnalysis/unit_tests.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating jdomagala/static_analysis:latest to jdomagala/static_analysis:latest@sha256:7a3feb56e5c0cf497dc8cdcac4a280b737caa78d7dba32b243be126291c1b24e","Warn: containerImage not pinned by hash: docker/static_analysis.dockerfile:1","Warn: pipCommand not pinned by hash: docker/static_analysis.dockerfile:14-26","Warn: pipCommand not pinned by hash: .github/workflows/unit_tests.yml:21","Warn: pipCommand not pinned by hash: .github/workflows/unit_tests.yml:22","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   4 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of   3 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-15T03:35:17.410Z","repository_id":39182624,"created_at":"2025-08-15T03:35:17.410Z","updated_at":"2025-08-15T03:35:17.410Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280548095,"owners_count":26349069,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-23T02:00:06.710Z","response_time":142,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"tags":[]},"repo_metadata_updated_at":"2025-10-23T02:28:21.084Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":6,"rankings":{"downloads":null,"dependent_repos_count":14.428775154492158,"dependent_packages_count":0.0,"stargazers_count":7.440976073522421,"forks_count":6.753287909998415,"docker_downloads_count":null,"average":7.155759784503248},"purl":"pkg:githubactions/JacobDomagala/StaticAnalysis","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/actions/JacobDomagala/StaticAnalysis","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/actions/JacobDomagala/StaticAnalysis","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/actions/JacobDomagala/StaticAnalysis/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-08-31T18:06:28.663Z","issues_count":71,"pull_requests_count":71,"avg_time_to_close_issue":1779129.9032258065,"avg_time_to_close_pull_request":450141.6865671642,"issues_closed_count":62,"pull_requests_closed_count":67,"pull_request_authors_count":3,"issue_authors_count":9,"avg_comments_per_issue":0.6056338028169014,"avg_comments_per_pull_request":0.9014084507042254,"merged_pull_requests_count":63,"bot_issues_count":0,"bot_pull_requests_count":0,"past_year_issues_count":6,"past_year_pull_requests_count":13,"past_year_avg_time_to_close_issue":118758.0,"past_year_avg_time_to_close_pull_request":31212.11111111111,"past_year_issues_closed_count":3,"past_year_pull_requests_closed_count":9,"past_year_pull_request_authors_count":2,"past_year_issue_authors_count":3,"past_year_avg_comments_per_issue":1.6666666666666667,"past_year_avg_comments_per_pull_request":1.8461538461538463,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":7,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/JacobDomagala%2FStaticAnalysis/issues","maintainers":[{"login":"JacobDomagala","count":117,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/JacobDomagala"}],"active_maintainers":[{"login":"JacobDomagala","count":15,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/JacobDomagala"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/JacobDomagala%2FStaticAnalysis/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/JacobDomagala%2FStaticAnalysis/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/JacobDomagala%2FStaticAnalysis/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/JacobDomagala%2FStaticAnalysis/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/JacobDomagala%2FStaticAnalysis/codemeta","maintainers":[]}