What is TrustInSoft CI?

TrustInSoft CI is an online source code analyzer that continuously detects undefined behaviors in C and C++ programs (crash, arbitrary code execution, ...).

It is available in beta for open-source and public projects hosted on GitHub and it is all free!

Who can use TrustInSoft CI?

TrustInSoft CI is targeted at GitHub C or C++ developers and project maintainers, who develop or maintain security-sensitive code.

Why use TrustInSoft CI?

It can find more undefined behaviors

TrustInSoft CI works at the source code level and relies on the latest formal methods to understand the code statement by statement. It can therefore detect the most subtle violations of the C and C++ standards, even when applied to regression tests that have never revealed any problem.

It makes it easy to find their root cause

TrustInSoft CI ships with a powerful debugging interface, that lets developers explore all the values of all the variables and troubleshoot their own code or understand third-party code behavior.

It natively integrates with GitHub and is CI ready

Hence, there is only an initial setup for the entire project lifecycle, and all the project's contributors and maintainers get the value.

What is an undefined behavior?

Undefined behaviors are defined by the C and C++ standards. They usually correspond to illegal operations and may lead to crashes and security vulnerabilities. Their effects are also highly dependent on the interactions with the compilers and their optimizations.

TrustInSoft CI detects all major families of undefined behaviors including but not restricted to buffer overflow, dangling pointer, invalid pointer operation, division by zero, uninitialized memory read and arithmetic overflow. Click here to learn more about CWE coverage of TrustInSoft CI.

How to configure a project?

Several steps are involved. Amongst them, you should write a short configuration file, that lists the analysis entry points (usually the project tests), the source files to analyze and the compilation options for parsing them. You should also give TrustInSoft CI access to your GitHub repository.

To learn more the exact steps, you can either follow our introduction tutorial or directly sign in and read the welcome page.

When do analyses get triggered?

TrustInSoft CI triggers an analysis each time a new commit is pushed to GitHub on a branch with the configuration file.

Pull request triggers are not supported yet. Contact us to get the latest information.

Is there a limit on the number of analyses?

There is a limit of 2 concurrent analyses per GitHub account (over all projects).

What are the technical requirements?

TrustInSoft CI can analyze projects or branches that are:

  • Public on GitHub and written in C or C++

  • Equipped with at least one test case or entry point

  • Self-contained: all the relevant source files ( .c ,.cpp , .h , ...) including dependencies must be available in the GitHub repository

TrustInSoft CI will stop the analysis and emits an error, as soon as it encounters a function, whose body is located outside of the GitHub repository (the project is not self-contained), or a piece of code that is not written in C or C++.

Do I need specific GitHub permissions?

GitHub owner (admin) rights over the project are required for setting up the continuous analysis of such project. The same permissions are required for canceling or restarting an analysis, or removing a project. Read about organization projects

Are organization projects supported?

Yes, TrustInSoft CI can analyze organization projects. GitHub organizations are shared GitHub accounts where businesses and open-source teams can collaborate on the same projects.

The steps for setting up the continuous analysis of such project are the same as for an individual project, except you must be an owner of the GitHub organization and TrustInSoft CI must have access to this organization. Read the article

How to add an organization?

Adding an organization to TrustInSoft CI is required for analyzing projects that belong to a GitHub organization account. For this, you must be an owner of the organization and grant TrustInSoft CI access to this organization. Read the article

Are private projects supported?

Not yet. Contact us to get the latest information.