Building firmware written in C/C++ can be a challenge for legacy products with complex Makefiles. Nevertheless, all source code should be statically analyzed for security vulnerabilities prior to deploying production builds. This recipe will show how to configure basic C/C++ static analysis for firmware in a continuous integration environment.
For this recipe, we will use the following application and tools:
- Jenkins: This is an open source build automation server that can be customized to run quality and security code analysis. Jenkins can be downloaded via the following link https://jenkins.io/download/. There are various ways to install Jenkins depending on the operating system. For Debian and Ubuntu, the following commands can be used to install Jenkins:
wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add -
- Add the following line to