Glossary

Account

An account (or also user) is either a GitHub user or a GitHub organization. You can only log-in in TrustInSoft CI as a GitHub user, then your organization will automatically be shown in menus if the correct permissions have been granted.

Analysis

An analysis is a verification of a program with TrustInSoft CI Analyzer. This verification is quite similar to a symbolic execution of the program, starting from a given entry point, to ensures to detect all undefined behaviors by using formal methods.

In TrustInSoft CI, an analysis is a part of a build. It is recommended to add as many analyses as possible to cover all possible behaviors of the analyzed program.

Analyses configuration

The Analyses configuration is a piece of JSON information describing how to perform analyses. Each build require to have an Analysis configuration. The Analyses configuration is a part of the Configuration files to configure a project inside TrustInSoft CI.

See also how to write an Analysis configuration.

Build

A build is a set of analyses associated to a particular commit of a project.

To run analyses, a build uses the Committed configuration associated to the build's commit if it exist, or the Global configuration otherwise. If no configuration is available for the build, analyses will not be run.

Build preparation

The Build preparation is an optional stage executed for each build before running the analyses. The Build preparation is a part of the Configuration files to configure a project inside TrustInSoft CI.

Learn more about the Build preparation stage.

Committed configuration

A Committed configuration is one of the two kinds of configuration. This Committed configuration allows to write the configuration of the project inside a .trustinsoft directory in the GitHub repository.

Unlike the Global configuration, the Committed configuration allows to have a different configuration for each reference and build of the project.

Entry point

The entry point of an analysis is the function where the analysis begins. Usually, the entry point of programs is the mainfunction. With TrustInSoft CI Analyzer, any function can be used as the entry point of the analysis as soon as its inputs can be specified.

Global configuration

A Global configuration is one of the two kinds of configuration. The Global configuration allows to write the configuration directly in TrustInSoft CI in the project's settings page without modifying the associated GitHub repository.

Unlike the Committed configuration, the Global configuration is common to all references and builds of the project (except if a Committed configuration is detected for the reference or build).

Project

A project is a GitHub repository registered in TrustInSoft CI. A project can only be registered by an owner of the associated GitHub repository.

Once a project registered, one or several references should be added in order to run analyses for the respective reference.

Reference

A reference is either a branch, a tag or a pull request associated to a project or GitHub repository.

TrustInSoft CI Analyzer

TrustInSoft CI Analyzer is a version of TrustInSoft Analyzer dedicated to the TrustInsoft CI online service to analyze GitHub repositories.

TrustInSoft CI Analyzer is run during builds for each analysis. Then, its Graphical User Interface can be used to inspect in details the result of a single analysis.

Undefined behavior

Undefined behaviors are defined by the C and C++ standards. They usually correspond to illegal operations and may lead to crashes and security vulnerabilities. Their effects are also highly dependent on the interactions with the compilers and their optimizations.

TrustInSoft CI Analyzer detects all major families of undefined behaviors including but not restricted to buffer overflow, dangling pointer, invalid pointer operation, division by zero, uninitialized memory read and arithmetic overflow.

Last updated