TrustInSoft CI is an online source code analyzer that continuously detects undefined behaviors in C and C++ programs (crash, arbitrary code execution, ...).
It is available in beta for open-source and public projects hosted on GitHub and it is all free!
Who can use TrustInSoft CI?
TrustInSoft CI is targeted at GitHub C or C++ developers and project maintainers, who develop or maintain security-sensitive code.
Why use TrustInSoft CI?
It can find more undefined behaviors
TrustInSoft CI works at the source code level and relies on the latest formal methods to understand the code statement by statement. It can therefore detect the most subtle violations of the C and C++ standards, even when applied to regression tests that have never revealed any problem.
It makes it easy to find their root cause
TrustInSoft CI ships with a powerful debugging interface, that lets developers explore all the values of all the variables and troubleshoot their own code or understand third-party code behavior.
It natively integrates with GitHub and is CI ready
Hence, there is only an initial setup for the entire project lifecycle, and all the project's contributors and maintainers get the value.
What is an undefined behavior?
Undefined behaviors are defined by the C and C++ standards. They usually correspond to illegal operations and may lead to crashes and security vulnerabilities. Their effects are also highly dependent on the interactions with the compilers and their optimizations.
TrustInSoft CI detects all major families of undefined behaviors including but not restricted to buffer overflow, dangling pointer, invalid pointer operation, division by zero, uninitialized memory read and arithmetic overflow.
How to configure a project?
Several steps are involved. Among them, you should write a short configuration file, that lists the analysis entry points (usually the project tests), the source files to analyze and the compilation options for parsing them. You should also give TrustInSoft CI access to your GitHub repository.
TrustInSoft CI automatically triggers a build after adding a reference (branch, tag or pull-request) for a project and then each time a new group of commits is pushed to GitHub for this added reference.
Then, a new build can also be trigger by clicking on the Run new build button on the reference page.
The automatic trigger can be disabled in the Project settings, in this case, builds can only be triggered manually with the Run new build button.
Is there a limit on the number of analyses?
There is a limit of 2 concurrent analyses per GitHub account (over all projects).
What are the technical requirements?
TrustInSoft CI can analyze projects that are:
Public on GitHub and written in C or C++
Equipped with at least one test case or entry point
TrustInSoft CI will stop the analysis and emits an error as soon as it encounters an undefined function (whose body is not provided by source files of the GitHub repository).
Note: it is not necessary to provide the source code of undefined functions that are not reached by any analyses.
Do I need specific GitHub permissions?
GitHub owner (admin) rights over the project are required for setting up the continuous analysis of such project. The same permissions are required for canceling or restarting an analysis, or removing a project. Read about organization projects
Are organization projects supported?
Yes, TrustInSoft CI can analyze organization projects. GitHub organizations are shared GitHub accounts where businesses and open-source teams can collaborate on the same projects.
The steps for setting up the continuous analysis of such project are the same as for an individual project, except you must be an owner of the GitHub organization and TrustInSoft CI must have access to this organization. Read the article
How to add an organization?
Adding an organization to TrustInSoft CI is required for analyzing projects that belong to a GitHub organization account. For this, you must be an owner of the organization and grant TrustInSoft CI access to this organization. Read the article
Are private projects supported?
Not yet. Contact us to get the latest information.