The Hard-Working Robot: Improving Code Security with Custom SAST Analysis Rules

You are a good person who thinks about the safety of the product. You already have compiler warnings enabled, the code style has rules that, for example, require checking the pointer after the 'dynamic_cast', use a static analyser, and run tests under sanitisers on weekends. It seems that everything is already cool, but is there a limit to perfection?

Have you come up with a new warning that has not yet been implemented in the compiler? Need to look for profanity in your commit history? Or maybe you want to catch the incorrect use of the API?

All this can be done with the help of custom diagnostic rules for static analysers. They helped us, and they will help you too. We will tell you how to prepare and implement them.